EDIT: It appears as if I am getting an error in the console com.apple.launchd: (com.xxxx.adbind[57]) Exited with code: 1
What does that even mean?
Also; if I load the launchd plist file logged in by using the launchctl command it works fine!
I'm driving myself crazy trying to figure out why my launchd is not working. I'm using this in Mountain Lion 10.8.2 When I manually start it using launchctl it says it's loaded, but the script is not running. The script when ran manually works fine as well. Perhaps it just needs a better set of eye's to look at what I'm doing.
First, I'll explain what it is I'm trying to accomplish. I'm having about 400 computers imaged off site. I need these computers bound to AD, which can't be done out of our network. I figured by having a launchd script run at startup to call a script, then have the script check to see if it's in the network before it runs I can have these computers bound at first startup in our network before an AD user logs in.
Here's my launchd, I'm putting it in /Library/launchDaemons
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.xxxx.adbind</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/adbind.bash</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>WorkingDirectory</key>
<string>/usr/local/bin</string>
</dict>
</plist>
I've tried using this with and without a WorkingDirectory key.
Here's my script, I'm putting my script in /usr/local/bin
#!/bin/bash
computerid=`/usr/sbin/scutil --get LocalHostName`
# Standard parameters
domain="xxx.xxxx.edu" # fully qualified DNS name of Active Directory Domain
udn="xxxxxx" # username of a privileged network user
password="xxxxx" # password of a privileged network user
ou="OU=xxx,DC=xxx,DC=xxxx,DC=edu" # Distinguished name of container for the computer
# Advanced options
alldomains="enable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="enable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp' or 'smb' change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="disable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="enable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-preferred xxx.xxxxx.edu" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="xxx\admins,xxx\teachers,xxx\ADManagement - Computers,xxx\employees" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\mac admins")
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
### End of configuration
## Wait until all network services are up.
ipconfig waitall
# Check to see if we're in the district
if ping -c 1 xxx.xxx.x.x
then
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
sleep 5
# Remove computer from OU
dsconfigad -f -r -u xxxxxxx -p xxxxxx
sleep 5
# Bind to AD
dsconfigad -f -a $computerid -domain $domain -u $udn -p "$password" -ou "$ou"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]; then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol \
-mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath \
-shell $user_shell $preferred
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall DirectoryService
# Add the AD node to the search path
if [ "$alldomains" = "enable" ]; then
csp="/Active Directory/All Domains"
else
csp="/Active Directory/$domain"
fi
# This works in a pinch if the above code does not
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 4
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Policy" -int 4
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
## Remove the script and launchd job. Be sure to delete the script.
launchctl unload -w /Library/LaunchDaemons/com.xxxx.adbind.plist
rm /Library/LaunchDaemons/com.xxxx.adbind.plist
rm /usr/local/bin/adbind.bash
exit 0
else
echo "District not Available. Quitting"
exit 1
fi
Thanks for any help!
Well, I finally worked through my problem and have found a solution! I'm going to post the answer here in order to hopefully help someone else someday! It seems as if the launchd file wasn't running long enough to run my entire script. So I added the KeepAlive key to the plist. It looks like this now.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.xxxx.adbind</string>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/adbind.bash</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
I also had troubles with permissions and found that the "bin" folder I created and placed the script into wasn't owned by root. So I ran chown and chmod on my files and folders. Like this.
sudo chown root:wheel bin
sudo chown root:wheel adbind.bash
sudo chmod 755 adbind.bash
sudo chown root:wheel com.xxxx.adbind.plist
sudo chmod 755 com.xxxx.adbind.plist