LaunchD Plist不起作用 [英] LaunchD Plist not working
问题描述
编辑:似乎我在控制台
com.apple.launchd:(com.xxxx.adbind [57])中遇到错误,退出代码为:1
那是什么意思?
如果我加载通过使用launchctl命令登录的启动plist文件,它就可以正常工作!
我让自己发疯了,试图弄清为什么启动不起作用。我在Mountain Lion 10.8.2中使用它,当我使用launchctl手动启动它时,它表示已加载,但脚本未运行。手动运行时脚本也可以正常运行。也许只需要更好地了解我在做什么即可。
首先,我将解释我要完成的工作。我大约有400台计算机在异地成像。我需要将这些计算机绑定到AD,但无法在我们的网络范围之外完成。我想到了在启动时运行启动脚本来调用脚本,然后让脚本在运行之前检查它是否在网络中。我可以在AD用户登录之前在我们的网络中首次启动时绑定这些计算机。 / p>
这是我的发射器,我将其放入/ Library / launchDaemons
<?xml version = 1.0 encoding = UTF-8?>
<!DOCTYPE plist公用-// Apple // DTD PLIST 1.0 // EN http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
< plist version = 1.0>
< dict>
< key>标签< / key>
< string> com.xxxx.adbind< / string>
< key> ProgramArguments< / key>
< array>
< string> /usr/local/bin/adbind.bash< / string>
< / array>
< key> RunAtLoad< / key>
< true />
< key> WorkingDirectory< / key>
< string> / usr / local / bin< / string>
< / dict>
< / plist>
我试过使用带有和不带有WorkingDirectory密钥的
这是我的脚本,我将脚本放入/ usr / local / bin
#! / bin / bash
computerid =`/ usr / sbin / scutil --get LocalHostName`
#标准参数
domain = xxx.xxxx.edu #Active Directory域的标准DNS名称
udn = xxxxxx#特权网络用户的用户名
password = xxxxx#特权网络用户的密码
ou = OU = xxx,DC = xxx,DC = xxxx,DC = edu#计算机的容器的专有名称
#高级选项
alldomains = enable#'启用'或'禁用'自动多域身份验证
localhome = enable#'启用'或'禁用'强制主目录到本地驱动器
protocol = smb#'afp'或'smb'更改主目录的安装方式来自服务器
mobile = enable#'enable'或'disabl e'对脱机登录的移动帐户支持
mobileconfirm = disable#'启用'或'禁用'警告用户将创建移动帐户
useuncpath = enable#'启用'或' 禁用,使用AD SMBHome属性确定主目录
user_shell = / bin / bash#例如,/ bin / bash或 none
preferred =-preferred xxx.xxxxx.edu#将指定的服务器用于所有目录查找和身份验证
#(例如 -nopreferred或 -preferred ad.server.edu)
admingroups = xxx\admins,xxx\teachers,xxx\ADManagement-Computers,xxx\employees#这些逗号分隔的广告组可以管理计算机(例如或 APPLE\mac admins)
#登录挂钩设置-指定要运行的登录挂钩的路径,而不是此脚本
###配置结束
##等待所有网络服务启动。
ipconfig waitall
#如果ping -c 1 xxx.xxx.xx
然后
$ b检查我们是否在区域
$ b#激活AD插件
默认写入/ Library / Preferences / DirectoryService / DirectoryService Active Directory Active
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
睡眠5
#从OU
中删除计算机dsconfigad -f -r -u xxxxxxx -p xxxxxx
睡眠5
#绑定到AD
dsconfigad -f -a $ computerid -domain $ domain -u $ udn -p $ password -ou $ ou
#配置高级AD插件选项
if [ $ admingroups =];然后
dsconfigad -nogroups
else
dsconfigad -groups $ admingroups
fi
dsconfigad -alldomains $ alldomains -localhome $ localhome -protocol $ protocol \
-mobile $ mobile -mobileconfirm $ mobileconfirm -useuncpath $ useuncpath \
-shell $ user_shell $ preferred
#重新启动DirectoryService(需要重新加载AD插件激活设置)
killall DirectoryService
#如果[ $ alldomains = enable],则将AD节点添加到搜索路径
中;然后
csp = / Active Directory / All Domains
else
csp = / Active Directory / $ domain
fi
#如果上面的代码不是
的默认值,则此操作很困难$ / $ Library / Preferences / DirectoryService / SearchNodeConfig搜索节点自定义路径数组 -array / Active Directory /所有域
的默认值是write / Library / Preferences / DirectoryService / SearchNodeConfig搜索策略 -int 4
默认写入/ Library / Preferences / DirectoryService / ContactsNodeConfig搜索节点自定义路径数组 -array / Active Directory /所有域
默认写入/ Library / Preferences / DirectoryService / ContactsNodeConfig搜索策略 -int 4
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
##删除脚本和启动的工作。确保删除脚本。
launchctl unload -w /Library/LaunchDaemons/com.xxxx.adbind.plist
rm /Library/LaunchDaemons/com.xxxx.adbind.plist
rm / usr / local / bin / adbind .bash
出口0
其他
echo District not Available。Quitting
exit 1
fi
感谢您的帮助!
好,我终于解决了问题,并找到了解决方案!我将在此处发布答案,希望有一天能帮助其他人!似乎启动的文件运行时间不足以运行我的整个脚本。因此,我将KeepAlive键添加到了plist中。
<?xml version = 1.0 encoding = UTF-8?>
<!DOCTYPE plist公用-// Apple // DTD PLIST 1.0 // EN http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
< plist version = 1.0>
< dict>
< key>标签< / key>
< string> com.xxxx.adbind< / string>
< key> KeepAlive< / key>
< dict>
< key> SuccessfulExit< / key>
< false />
< / dict>
< key> ProgramArguments< / key>
< array>
< string> /usr/local/bin/adbind.bash< / string>
< / array>
< key> RunAtLoad< / key>
< true />
< / dict>
< / plist>
我也遇到权限问题,发现我创建了 bin文件夹并将脚本放入不属于根。所以我在文件和文件夹上运行了chown和chmod。像这样。
sudo chown root:wheel bin
sudo chown root:wheel adbind.bash
sudo chmod 755 adbind.bash
sudo chown root:wheel com.xxxx.adbind.plist
sudo chmod 755 com.xxxx.adbind.plist
EDIT: It appears as if I am getting an error in the console com.apple.launchd: (com.xxxx.adbind[57]) Exited with code: 1
What does that even mean?
Also; if I load the launchd plist file logged in by using the launchctl command it works fine!
I'm driving myself crazy trying to figure out why my launchd is not working. I'm using this in Mountain Lion 10.8.2 When I manually start it using launchctl it says it's loaded, but the script is not running. The script when ran manually works fine as well. Perhaps it just needs a better set of eye's to look at what I'm doing.
First, I'll explain what it is I'm trying to accomplish. I'm having about 400 computers imaged off site. I need these computers bound to AD, which can't be done out of our network. I figured by having a launchd script run at startup to call a script, then have the script check to see if it's in the network before it runs I can have these computers bound at first startup in our network before an AD user logs in.
Here's my launchd, I'm putting it in /Library/launchDaemons
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.xxxx.adbind</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/adbind.bash</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>WorkingDirectory</key>
<string>/usr/local/bin</string>
</dict>
</plist>
I've tried using this with and without a WorkingDirectory key.
Here's my script, I'm putting my script in /usr/local/bin
#!/bin/bash
computerid=`/usr/sbin/scutil --get LocalHostName`
# Standard parameters
domain="xxx.xxxx.edu" # fully qualified DNS name of Active Directory Domain
udn="xxxxxx" # username of a privileged network user
password="xxxxx" # password of a privileged network user
ou="OU=xxx,DC=xxx,DC=xxxx,DC=edu" # Distinguished name of container for the computer
# Advanced options
alldomains="enable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="enable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp' or 'smb' change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="disable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="enable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-preferred xxx.xxxxx.edu" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="xxx\admins,xxx\teachers,xxx\ADManagement - Computers,xxx\employees" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\mac admins")
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
### End of configuration
## Wait until all network services are up.
ipconfig waitall
# Check to see if we're in the district
if ping -c 1 xxx.xxx.x.x
then
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
sleep 5
# Remove computer from OU
dsconfigad -f -r -u xxxxxxx -p xxxxxx
sleep 5
# Bind to AD
dsconfigad -f -a $computerid -domain $domain -u $udn -p "$password" -ou "$ou"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]; then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol \
-mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath \
-shell $user_shell $preferred
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall DirectoryService
# Add the AD node to the search path
if [ "$alldomains" = "enable" ]; then
csp="/Active Directory/All Domains"
else
csp="/Active Directory/$domain"
fi
# This works in a pinch if the above code does not
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 4
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Policy" -int 4
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
## Remove the script and launchd job. Be sure to delete the script.
launchctl unload -w /Library/LaunchDaemons/com.xxxx.adbind.plist
rm /Library/LaunchDaemons/com.xxxx.adbind.plist
rm /usr/local/bin/adbind.bash
exit 0
else
echo "District not Available. Quitting"
exit 1
fi
Thanks for any help!
Well, I finally worked through my problem and have found a solution! I'm going to post the answer here in order to hopefully help someone else someday! It seems as if the launchd file wasn't running long enough to run my entire script. So I added the KeepAlive key to the plist. It looks like this now.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.xxxx.adbind</string>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/adbind.bash</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
I also had troubles with permissions and found that the "bin" folder I created and placed the script into wasn't owned by root. So I ran chown and chmod on my files and folders. Like this.
sudo chown root:wheel bin
sudo chown root:wheel adbind.bash
sudo chmod 755 adbind.bash
sudo chown root:wheel com.xxxx.adbind.plist
sudo chmod 755 com.xxxx.adbind.plist
这篇关于LaunchD Plist不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
