Unfortunately this script no longer worked when we upgraded to OS X version 10.11 'El Capitan'.
We tried everything, but always ended up with keychain errors.
When logging in, the guest user obviously tried to access keychains which at that moment weren't there or not accessible.
We the tried to revert back to the system guest.
That seemed to work. Until we removed the parental controls from that user at which point the system created a new user named 'Guest1' which had some other problems….
So, after trying around quite a lot, I found a solution.
The changes are actually quite simple. There are tow things that have to be changed:
- Add a password for the guest user. The script won't work with empty passwords
- The entry in the keychain added has to be accessible to all processes. To allow that the parameter '-A' is added to this step
So this is my version of the script:
# Original script by Noel B. Alonso: https://gist.github.com/nbalonso/5696340
# Modified script by rtrouton: https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/create_custom_guest_account
# Determine OS version
OSVERS=$(sw_vers -productVersion | awk -F. '{print $2}')
# Set the account shortname
# Set the name which is displayed in System Preferences for the account
# Set the account's UID
# Set the account's GID
if [[ ${OSVERS} -lt 6 ]]; then
${LOGGER} -s -t create"${USERNAME}".sh "ERROR: The version of OS X running on this Mac is not supported by this script. User account not created."
if [[ ${OSVERS} -eq 6 ]]; then
${LOGGER} -s -t create"${USERNAME}".sh "INFO: Creating the "${USERNAME}" user account on Mac OS X 10.${OSVERS}.x"
${DSCL} . -create /Users/"${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" UserShell /bin/bash
${DSCL} . -create /Users/"${USERNAME}" RealName "${DISPLAYNAME}"
${DSCL} . -create /Users/"${USERNAME}" UniqueID "${GUESTUID}"
${DSCL} . -create /Users/"${USERNAME}" PrimaryGroupID "${GUESTGROUPID}"
${DSCL} . -create /Users/"${USERNAME}" NFSHomeDirectory /Users/"${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" RecordType dsRecTypeStandard:Users
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_defaultLanguage de
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_guest true
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_writers__defaultLanguage "${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_writers_jpegphoto "${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_writers_LinkedIdentity "${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_writers_picture "${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_writers_UserCertificate "${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" AppleMetaNodeLocation /Local/Default
#setting up an empty password and giving local Kerberos some time to process it
${DSCL} . -passwd /Users/"${USERNAME}" ''
sleep 2
if [[ ${OSVERS} -ge 7 ]]; then
${LOGGER} -s -t create"${USERNAME}".sh "INFO: Creating the "${USERNAME}" user account on Mac OS X 10.${OSVERS}.x"
${DSCL} . -create /Users/"${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_defaultLanguage de
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_guest true
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_writers__defaultLanguage "${USERNAME}"
# Adding the _writers_LinkedIdentity attribute for Macs running Mac OS X 10.7.x. This
# attribute is not needed on 10.8.x and later.
if [[ ${OSVERS} -eq 7 ]]; then
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_writers_LinkedIdentity "${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" dsAttrTypeNative:_writers_UserCertificate "${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" AuthenticationHint ''
${DSCL} . -create /Users/"${USERNAME}" NFSHomeDirectory /Users/"${USERNAME}"
#setting up an empty password and giving local Kerberos some time to process it
${DSCL} . -passwd /Users/"${USERNAME}" "${USERNAME}"
sleep 2
${DSCL} . -create /Users/"${USERNAME}" Picture "/Library/User Pictures/Nature/Leaf.tif"
${DSCL} . -create /Users/"${USERNAME}" PrimaryGroupID "${GUESTGROUPID}"
${DSCL} . -create /Users/"${USERNAME}" RealName "${DISPLAYNAME}"
${DSCL} . -create /Users/"${USERNAME}" RecordName "${USERNAME}"
${DSCL} . -create /Users/"${USERNAME}" UniqueID "${GUESTUID}"
${DSCL} . -create /Users/"${USERNAME}" UserShell /bin/bash
#Adding the keychain item that allows "${USERNAME}" to login in 10.7 and later.
${SECURITY} add-generic-password -a "${USERNAME}" -s com.apple.loginwindow.guest-account -A -w "${USERNAME}" -D "application password" /Library/Keychains/System.keychain
# Restart loginwindow
/usr/bin/killall loginwindow
${LOGGER} -s -t create"${USERNAME}".sh "INFO: Exiting"
exit 0
No comments:
Post a Comment