Tag : Centrify

Shell Script to Remove Centrify, Move Wifi/LAN, and Request 802.1 Certificate

Here is a long script of doing a lot of things,  it deletes the Centrify Binding, Centrify certificates and itself, binds the machine to AD via native plugin and requests a 802.1x certificate via native RPC

 

#!/bin/sh

# This script deletes the Centrify Binding, Centrify certificates and itself, binds the machine to AD via native plugin and requests a 802.1x certificate via native RPC
# Rui Qiu
# Nov 17, 2017
# Last update: Dec 12, 2017

# exit code 0 – success
# 1 – no wifi
# 2 – no connection do DC
# 3 – migration failed, no connection to DC

CurrentUser=`/bin/ls -l /dev/console | /usr/bin/awk ‘{ print $3 }’`
ConnectedWIFI=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk ‘/ SSID/ {print substr($0, index($0, $2))}’)
Ori_Network_Choice=$(networksetup -listallnetworkservices | grep -v ‘An asterisk ‘ | sed s/\^’*’// | sed ‘s/.*/\”&\”/’ | tr ‘\n’ ‘ ‘)
DCserver=$(ping -c1 -n $(adinfo –server) | head -n1 | sed “s/.*(\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\)).*/\1/g”)
ADUser_Check=$(adquery user $CurrentUser | grep -c “113584762”)
FilePath=”XXX”

echo
echo ————————————Project Zero————————————
echo Current user is: $CurrentUser
echo AD User Check result is: $ADUser_Check
echo Current Wifi is: $ConnectedWIFI
echo DC server IP is: $DCserver

# Remove any previous installation files
if [ -d “$FilePath” ]; then rm -Rf “$FilePath”; fi

# Check if a user is on our WIFI network
if [ “$ConnectedWIFI” = “XXX” ] && [ “$ADUser_Check” = “1” ];
then

# Shut down Ethernet
#ethernet=$(networksetup -listnetworkserviceorder |grep ‘Hardware Port.*100\|Hardware Port.*LAN’ |grep -o ‘….$’ |cut -c 1-3)
echo
echo “~~~ Step 1 of 9 ~~~ You are on the correct WIFI, now move it as the first connection choice”
echo “Original Network Sequence Order”
echo $Ori_Network_Choice
echo networksetup -ordernetworkservices “Wi-Fi” `networksetup -listallnetworkservices | grep -v ‘An asterisk ‘ | sed s/\^’*’// | grep -v Wi-Fi | sed ‘s/.*/\”&\”/’ | tr ‘\n’ ‘ ‘` | bash
echo
echo “New Network Sequence Order”
networksetup -listallnetworkservices
sleep 5

# Check if can contact our Domain Controller
echo
echo “~~~ Step 2 of 9 ~~~ Ping our DC”
ping -c1 -W1 -q $DCserver &>/dev/null
status=$( echo $? )
if [ $status -ne 0 ] ; then
echo “Not on Zalando_Air”
mv “$FilePath”/project_zero.txt “$FilePath”/X_wifiwrong.txt
exit 1 # exit code needed
fi

# Uninstall Centrify
echo
echo “~~~ Step 3 of 9 ~~~ Uninstall Centrify”
/usr/local/share/centrifydc/bin/uninstall.sh -n -e

# Delete Old Centrify Certificates
echo
echo “~~~ Step 4 of 9 ~~~ Removing old Certificates”
a=$(hostname -s)
b=”.your.ad”
security find-certificate -c $a$b -a -Z | \
awk ‘/SHA-1/{system(“security delete-certificate -Z “$NF)}’

# Bind to AD
echo
echo “~~~ Step 5 of 9 ~~~ Bind to AD”
jamf policy -event bind -verbose

# Migrate user account to AD
#echo
echo “~~~ Step 6 of 9 ~~~ Migrating account”
echo ” Skipping this part, no need ”
#dscl . delete /Users/$CurrentUser
# chown -R $CurrentUser:Your_AD_ID /Users/$CurrentUser/
# chown -R $CurrentUser /Users/$CurrentUser/

# Install Configuration Profile
echo
echo “~~~ Step 7 of 9 ~~~ Installing profile”
/usr/bin/profiles -I -F /X/X.mobileconfig

# Revert Back to Original Network Sequence Order
echo
echo “~~~ Step 8 of 9 ~~~ Revert Back to Original Network Sequence Order, and Check Internet Access”
echo networksetup -ordernetworkservices $Ori_Network_Choice | bash
echo “Now the network sequence order is ”
networksetup -listallnetworkservices

echo “Check for Internal Access”
sleep 5
ping -c1 -W1 -q $DCserver &>/dev/null
status=$( echo $? )
if [ $status -ne 0 ] ; then
echo “Migration Failed, Cannot connect to DC”
mv “$FilePath”/X.txt “$FilePath”/X_failed.txt
exit 3 # exit code needed
fi

# Remove temp file
echo
echo “~~~ Step 9 of 9 ~~~ Finished, record the result and removing temp file”
mv “$FilePath”/X.txt “$FilePath”/X_finished.txt
rm “$FilePath”/X.mobileconfig
else
# If not on our WIFI network, exit
echo “Not on the right Wifi or is not an AD user, exit”
exit 0

fi