Yosemite profile manager login hook

Hi.  We have recently purchased a Mini running Yosemite server.  The server is running profile manager and an open directory server, it is bound to active directory.  This is all working, however I would like to roll out a login script for users.  I have created this script and it works when run manually, however is there a way to specify this to run via Profile Manager?  If the script is located on a server, how can I have a client run this script remotely?  I want to push this out automatically so I don't need to go to all the laptops throughout the company.  Thanks

If the Login Hook works on your machine, maybe the best way to share the script is using Apple Remote Desktop. But your machines have to be prepared for the remote maintenance.

Similar Messages

  • Yosemite profile manager shortening computer names and serials

    If I prepare a placeholder in Yosemite profile manager, it shortens computer names and serials.
    I've added and removed the placeholder and the names and serials are getting smaller, to a point they are only one letter long now.
    Somehow, it suspect may be linked to the form fill feature but even if I try to type all, the placeholder names and serials shorten every time.
    Ever seen or solved that?
    François.

    I cleared Safari Form Filling in Safari > Preferences > Auto Fill > Other Forms, selected example.com, clear button and closed preferences.
    I went back to profile Manager, create the place holder again and all is good now.
    François

  • Keep 443 open for profile updates, but limit profile manager login

    I notice that port 443 is used by clients to communicate with the server when profiles are pushed (I assume as an encrypted connection for transmitting the profile file). Therefore it seems that for profiles to be pushed to devices outside the LAN 443 needs to be available when clients come calling to the FQDN to get a new profile (when Apple's push notification service says 'hey something is waiting for you').
    However, from a security standpoint I'm not thrilled about exposing the profile manager login to the page to the whole world. Is there a way to limit access to this page to say just our LAN (e.g., using .htaccess) and still allow clients to come calling to the server from anywhere on 443 to fetch profiles? How have others handled this scenario?
    Thanks!

    ...minor updates (see below) after some additional testing. Added /auth as this is another mechanism for authenticating against the admin panel. Also Added an additional allow for loopback traffic since logs showed some items being blocked on : : 1
    <Location /profilemanager>
        AllowOverride None
        Options MultiViews FollowSymlinks
        Order deny,allow
        Deny from all
        Allow from 10.0.0.0/8                   #OUR LAN
        Allow from XXX.XXX.XXX.XXX              #SERVER'S PUBLIC IP
        Allow from 127.0.0.0/255.0.0.0 ::1/128    #FOR INTERNAL LOOPBACK TRAFFIC
        Header Set Cache-Control no-cache
    </Location>
    <Location /mydevices>
        AllowOverride None
        Options MultiViews FollowSymlinks
        Order deny,allow
        Deny from all
        Allow from 10.0.0.0/8                   #OUR LAN
        Allow from XXX.XXX.XXX.XXX              #SERVER'S PUBLIC IP
        Allow from 127.0.0.0/255.0.0.0 ::1/128    #FOR INTERNAL LOOPBACK TRAFFIC
        Header Set Cache-Control no-cache
    </Location>
    <Location /auth>
        AllowOverride None
        Options MultiViews FollowSymlinks
        Order deny,allow
        Deny from all
        Allow from 10.0.0.0/8                   #OUR LAN
        Allow from XXX.XXX.XXX.XXX              #SERVER'S PUBLIC IP
        Allow from 127.0.0.0/255.0.0.0 ::1/128    #FOR INTERNAL LOOPBACK TRAFFIC
        Header Set Cache-Control no-cache
    </Location>

  • Profile Manager login issues

    When I login to Profile manger by clicking on the link from Server.app and using an administrator account I get the following
    Any one have any ideas on how to fix this.
    TIA
    P.S. This install was an upgrade from 10.6.8. Other than the stats/alerts indicators not working this is the only issue I have ATM.

    The image isn't loading for me. Could you please repost it or type what it says? I'm having issues with Profile Manager as well.

  • Profile Manager Login Item Apps

    Where does Profile Manager get the list of apps that you can select from for the applications to load at login in the "Login Items" payload?
    I have several apps that I've added on the server, but they do not show up in the list of applications?!?  Weird.

    I would reccomend the use of a Login banner if you have that much content.
    http://support.apple.com/kb/HT4788

  • Profile Manager & Login Items & Variables

    Hello doomed!
    I tried to use variables such as %short_name% in Login Items (OS X) section in Profile Manager.
    Bad luck again...
    Authenticated Networks Mounts:
    smb://nas-01/Public – works like a charm!
    smb://nas-01/Private/%short_name% – doesn't work
    If someone in Apple walk here once a year, please note this terrible "feature"
    One thousand thx to you.

    Hello!
    Thanks for advices.
    I know how variables in PM works. I use it alot.
    And I have tons of shares which names equal to %short_name% (user login)
    I need mount user-private-space-share (lets call it so) and I can do it in Finder just press Cmd+K and type: smb://nas-01/Private/cook
    where cook equal to AD login cook and of course it equal to %short_name% in my case.
    So, what I do wrong? Thx.
    Sorry for worse language.

  • Profile Manager Login Screen message limit?

    I'm trying to use profile manager to set a login screen message.  Our message has 360 characters including spaces. The profile manager web page crashed every time I try to save it.  If I halve the length of the message it will save and apply.  The online documentation I have looked at,http://help.apple.com/profilemanager/mac/2.2/#apd2A822B29-31B2-4DA7-9E3A-6E68DE5 4F5DE doesn't state a maximum character length for the message; is there one? and what is it?
    Thanks,
    Rebecca

    I would reccomend the use of a Login banner if you have that much content.
    http://support.apple.com/kb/HT4788

  • Access Mac Mini Server (profile management) through reverse proxy

    Hi,
    Newbie in Mac's world and yet trying to make it more complicated as it is.
    As we recently (last month) decided to equip our sales force with iPads, they were configured through Apple Configurator tool running on a dedicated Mac Mini Mountain Lion.
    Now, I'd be keen in moving this configuration to the Profile Manager, part of the OSx Server plugin. So far so good.
    Problem is the following : another web server is already on the LAN using both 80 and 443 ports. So all incoming traffic on those ports was routed to this other server. As Mac Mini Server default http/s ports may not be altered, I installed a reverse proxy server (Oracle VM - Ubuntu 12.04LTS - pound), configured to deal differently traffic on those ports according to the domain name (host) of the web request (header). Each 'local' server has been allocated a domain name. Just to be clear, traffic is now routed by the WAN/LAN router, for those ports, towards the reverse proxy, configured to reroute the traffic to the correct destination.
    So far so good, it works like a charm, except... as soon as we enter https protocol on Mac Mini Server Profile Manager.
    Access from an iDevice to the Mac Mini Server Profile Manager login page is fine, but as soon as password is confirmed, safari is pending and finally a message 'An internal serer error occured. Please try later again' appears.
    Looking to both reverse proxy system log and Mac Mini profilemanager.log files to trace the problem, the following lines are produced at this particular moment :
    reverse proxy system.log
    Jan 15 14:44:03 reverseproxy pound: 91.... GET /devicemanagement/console/apple_theme_v2/en/da56af0a69e733b259dac3991419fa928b4 94a56/resources/images/sprites/me_controls.png HTTP/1.1 - HTTP/1.1 200 OK
    Jan 15 14:44:03 reverseproxy pound: 91.... GET /auth?redirect=http://osxsrv.fiks.net/devicemanagement/api/authentication/callback HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
    Jan 15 14:44:04 reverseproxy pound: 91.... GET /devicemanagement/api/authentication/callback?auth_token=336952DE-BDDE-4390-82F 7-8475B79FB2D3 HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
    Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 can't read header
    Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 response error read from 192.168....:443/GET /profilemanager/ HTTP/1.1: Success (0.007 secs)
    Jan 15 14:44:08 reverseproxy pound: 91.... POST /devicemanagement/api/magic/get_updated HTTP/1.1 - HTTP/1.1 200 OK
    OSx Server profilemanager.log
    Jan 15 14:44:05 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]Jan 15 14:44:05 osxsrv ProfileManager[1749] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]
    Jan 15 14:44:06 osxsrv ProfileManager[1748] <Info>: Completed in 492ms (View: 0, DB: 6) | 200 OK [http://osxsrv.../magic/do_magic]
    Jan 15 14:44:06 osxsrv ProfileManager[1749] <Info>: Completed in 687ms (View: 0, DB: 5) | 200 OK [http://osxsrv..../magic/do_magic]
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
    Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
    Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: auth_token doesn't exist
    Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
    Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Completed in 4ms (View: 1, DB: 14) | 403 Forbidden [http://osxsrv..../magic/do_magic]
    Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
    Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: auth_token doesn't exist
    Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
    Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Completed in 45ms (View: 1, DB: 43) | 403 Forbidden [http://osxsrv..../magic/do_magic]
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
    Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Completed in 55ms (View: 0, DB: 1) | 403 Forbidden [http://osxsrv..../magic/do_magic]
    Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Processing AuthenticationController#callback (for 91.... at 2013-01-15 14:44:08) [GET]
    Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Redirected to https://osxsrv..../profilemanager/
    Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Completed in 149ms (DB: 5) | 302 Found [http://osxsrv..../authentication/callback?auth_token=[FILTERED]]
    I guess the '302 Found' is causing or explaining the problem.
    I agree this might not be a Mac issue, so I still knock your doors hoping some of you could at least give a hint for what to search for !
    If the pound configuration file is of interest, just ask, but this is pretty trivial, saying basically listen these protocols (http/https) on these ports (80/443) and according to Header content (check destination host) and reroute packet to LAN device (with given LAN IP address).
    As the default port(s) of the Mac Mini Web Services may not be altered (so far I know), I guess I am stuck using 80 and 443 anyway.
    Maybe should I invest time in changing my other apache server ports to some more exotic 8080 or 88 or whatever so Mac Mini Server Profile Manager default ports 80 and 443 are maintained and can be easily and directly rerouted to my Mac server without any reverse proxy along the way.
    Thanks in advance for your help
    Alx

    HI All,
    i'm also using reverse proxy technique to publish my server to the internet. The ip is used by twice domains. The problem is by using the profile manager
    after login it redirects the url to the Local Area network addresse instead to the domain.
    How to configure this on OS X Server and the Profile Manager Service?
    Kind Regards
    Oemer

  • Profile Manager Not Loading - auth_token doesn't exit

    We've have an instance of Server 3.1.2 where the Profile Manager login is no longer working, so we are effectively locked out of profile manager for the time being :-(.
    On the front-end, visiting the /profilemanager login page redirects to (FQDN in place of our actual domain):
    auth?redirect=https://FQDN/devicemanagement/api/authentication/callback
    and the page then hangs forever and never gets to the login prompt. Occasionally the login prompt will display but nothing happens after the credentials are entered.
    On the back-end, the profile manager log shows the following entries that coincide with the hanging of the login pages:
    [91384] [2014/08/20 01:43:46.401] I: Processing MagicController#do_magic (for 10.XXX.XXX.XXX at 2014-08-20 01:43:46) [POST]
    [91384] [2014/08/20 01:43:46.402] I: auth_token doesn't exist
    [91384] [2014/08/20 01:43:46.402] I: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
    Other services on the server (e.g., DNS and Open Directory) seem to be operating normally. On other threads I've seen a suggestion to replace the FQDN with the IP, but that's yields the same result for us.
    Any ideas? This one is driving us nuts!
    Thanks for any input.

    I had multiple IP's set on my server, which randomly seemed to switch. It seems like there is an incompatibility still between Server Admin and server.app. Since Apple is pressing developers to test server admin and server.app I am confident those problems will resolve eventually, but for now I have deleted all-but-1 IPv4 and 1 IPv6 address (same interface), the networking interface overview for my server within Server Admin was updated and it looks like it works solid now, this was not by design I presume, so this must be another bug plaguing Lion...
    After upgrading Postgres to 9.1.3 and upgrading webmail (upgrade: usr/share/webmail) from www.roundcube.net, making a new site webmail.example.com with the files stored in /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/ I made a symbolic link from that 'directory' to the actual built in webmail facility found in /usr/share/webmail by entering the following in terminal.
    ln -s -i /usr/share/webmail/ /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/
    By doing this it will ask to remove a directory, if you didn't put any important files in there, which I presume you didn't, confirm with the letter y and press enter.
    Webmail now works every time the way I want it The same goes for Profile Manager, at least for now...

  • Cant add Apps to login items with profile manager

    I can set up profile manager successfully, and set certain settings like the Dock, the login window, etc. But when I click on Login Items, and try to add an Application, the list of applications is blank. Tried it from my server, tried it logged in remotely, tried rebooting, tried it on several accounts and several groups, and its always empty.

    found it:
    /usr/bin/osascript -e 'tell application "System Events" to make new login item with properties { path: "/Applications/iChat.app", hidden:false } at end'

  • Why don't network volume mounts (login items) configured in Profile Manager show up

    Using Lion server and Lion clients.  Bound both the server and client to Active Directory and successfully got Profile Manager up and running.  All I really need from Profile Manager is the ability to mount network volumes so when the user logs in it mounts their home directory.  Please note we do not specify any home directory paths in AD.  I can login with my AD accounts on the Lion client and get other Profile Manager settings to work, however when I try and mount a network volume via login items nothing happens.  I am using SMB for this.  If I try to manually connect to the same path via Go -> Connect To Server it works fine.  For a simple test I even created a folder on one of my Windows servers D drive and shared it and within profile manager configured it as SMB://server/share and still nothing.  I tried setting it in the Dock section as well which I read in another post somewhere but all I get is a question mark.  I have tried all variations of server name, FQDN, ip address, etc.  I know it's not permissions since it works when I try it manually so am really at a loss here.  Is there any way to log what happens at login to see if it's even trying to mount the volume?  I do know the client is getting the profile since i can see it in system preferences but it never works.  Any ideas would be greatly appreciated, thank you!

    @bkma did you find any solution? i run into the same problem.

  • Can't log in to Profile Manager or My Devices with Active Directory logins

    I have an OSX Lion 10.7.4 Server set up with Profile Manager and it is joined to AD.
    I am able to see AD groups in the Profile Manager groups section.
    I can also see and add AD users and groups using the server app.
    I have enabled the "Can Enable Remote Management" check box for Domain Users through Profile Manager. I have also added Domain Admins to the Workgroup group in the Server app. I'm not sure that I want or need either of these options, but they were suggestions to try.
    I am not able to log on to the Profile Manager or My Devices pages with AD logins.
    I found these directions about nested groups in Workgroup Manager http://krypted.com/iphone/integrating-mac-os-x-lion-servers-profile-manager-with -active-directory/ but I don't have a com.apple.access_devicemanagement local group or any groups like are shown in the picture.
    Any ideas what I'm missing?
    Cheers,
    Ian

    I found the two pieces I was missing:
    1) Install the Lion Server Admin Tools
    Launch the Server Admin App
    Click on the server name in the left pane
    Click on the Access button in the upper part of the window
    Click on Profile Manager
    Either manually add specific groups to the list or if you're feeling brave choose the "Allow all users and groups" radio button
    2) Run the command line steps on this page to change the authentication to plain text to support AD authentication:
    http://support.apple.com/kb/HT4837
    Voila!

  • Yosemite Server 4 upgrade is stuck at updating Profile Manager service

    My iMac was using Mac OS 10.9 and Server v3 and I just upgraded to Yosemite and then purchased Server v4. When I launched Server it said that it was going to update my services. It got as far as "updating Profile Manager service." Is anyone else having this issue? It has been stuck at doing the updating for about 9 hours now and no change. Any ideas?

    My iMac was using Mac OS 10.9 and Server v3 and I just upgraded to Yosemite and then purchased Server v4. When I launched Server it said that it was going to update my services. It got as far as "updating Profile Manager service." Is anyone else having this issue? It has been stuck at doing the updating for about 9 hours now and no change. Any ideas?

  • How do I backup profile manager database on OS X Yosemite?

    Hello guys,
    I'm struggling to find an answer on how to backup profile manager database(devices, groups etc.) on Yosemite(server 4), so far I only found a few threads for Mavericks (10.9) & Server 3 saying to type the following command via terminal: "sudo pg_dump -U _postgres -c device_management > $HOME/device_management.sql"
    Although this command applies to Mavericks(server 3) I decided to give it a shot but as expected I got this error message:
    "pg_dump: [archiver (db)] connection to database "device_management" failed: could not connect to server: No such file or directory
    Is the server running locally and accepting
    connections on Unix domain socket "/var/pgsql_socket/.s.PGSQL.5432"?"
    I also tried to backup & restore profile manager's database with TimeMachine but unfortunately it didn't worked..
    It seems that TimeMachine misses the profile manager's data folders(see thread: Profile Manager not being backed up in Time Machine?)
    and I saw that other people also complained about this problem.
    As we're a company who holds thousands of devices & integrates them on daily basis to profile manager, I would be very pleased to know how to backup our Profile manager's database.
    Please see this question as HIGH importance, I really hope to get an answer ASAP..
    Thanks in advance for all the repliers!
    Yours sincerely,
    Daniel Adler.

    Hi Strontium90,
    Thanks for your reply!!
    I tried your command, but unfortunately i got the following error msg:
    "too many command-line arguments (first is "devicemgr_v2m0")
    Try "pg_dump --help" for more information."
    Please correct me if I'm wrong: assuming command was successful, I should've seen 'profileManager.sql' file at my desktop(output path = ~/Desktop/) which is the Profile Manager's database file I guess, right? and where is the restoration path located? in case I want to restore Profile Manager's database with the created backup file('profileManager.sql').
    Also you mentioned: "Automate to perform daily", how can I automate this command?
    Thanks a lot for your support!
    Have a nice day.
    Yours sincerely,
    Daniel Adler.

  • Not apple to login to VPP via Profile Manager

    Hello all,
    I have a quick question.
    In the past I have been abel to use the links found in the app section of Profile Manager to login to the VPP and purchase more licenses when needed. However, today when I tried to buy a couple apps for some staff members, I got the following error...
    "Your request produced an error
    [newNullResponse]"
    Nothing else in the browser window.
    I was able to login on another computer and complete the purchase, but it was weird that I couldn't do it from the server. After making the purchases I was able to receive and distribute the licences.
    Anyone having similar issues, or experienced this in the past?
    Thanks,
    Leon

    Thanks Sunny for looking into it,
    You are correct but we want to check this WEBGUI from out side of the location, i.e. not only from premise but also from my public IP address. And also from IPAD or any Android Mobile Browser
    Regards,
    Prashant

Maybe you are looking for

  • Disabling "Do You Want To Use..." message

    Hey all, I've seen a post here in the support forums on this topic and can't for the life of me find it, so please forgive my asking again. I don't use Time Machine. Every time I attach an external HD, start/restart my computer with an external HD at

  • Daisy-chaining firewire devices

    Now that I bought a firewire Audio interface (the Presonus Inspire), I am wondering how to plug in my external firewire HD. Both devices have two firewire sockets, I could daisy-chain them in two ways, right? (Couldn't get it to work today, but the c

  • Most recent update to Photoshop CC and Bridge breaks use with snow leopard. need previous vsn

    The most recent version of Bridge CC installed with adobe's updater killed my systems year long use of Bridge CC so it won't load.  I need the previous version.  I can't update to 10.7 for technical and other software workflow reasons.  How can I get

  • Problem related to unicode

    for the following Source code   LOOP AT MTAB_PROGRAM_TEXTS.       MTAB_PROGRAM_FILE = MTAB_PROGRAM_TEXTS.       APPEND MTAB_PROGRAM_FILE.     ENDLOOP. an error is coming like "MTAB_PROGRAM_FILE" and "MTAB_PROGRAM_TEXTS" are not mutually convertible.

  • PNG Files on adobe forms

    Hi am trying to attach a transparent png image to my adobe form , however it appears with a white background can anyone help with this.???? Im assuming the  the file format is wrong, but what file extension is needed ??