0

My company has automated AD integration via puppet. Long story short, servers were joining the wrong domain. I wrote a bash script to remove them from the current domain but my remote sudo commands are not working. Additionally, I am trying to remove the AD_joined file in /etc. The script shows that the file is still present, but when I ssh to the boxes, the file is actually removed and the 'sudo adleave' command also works fine. What am I doing wrong? FYI, root logins are disabled, so I am stuck with sudo.

Script:

#!/bin/bash

IP=`cat prod_ips.txt`
check=`ls /etc | grep ^AD`
for i in $IP;
do
echo '------------------------------------------------------------';
echo "Connecting to $i";
echo ""
ssh -t -o StrictHostKeyChecking=no -o ConnectTimeout=3 -o            PasswordAuthentication=no $i "sudo rm -f /etc/AD_joined; sudo adleave --force;"

echo $check
if [ -z $check ]; then
  echo "AD_joined file removed. Server should join correct domain after next   puppet run!";
else
  echo "File still present, something went wrong";
fi

echo '------------------------------------------------------------';
echo "";
done;

Sample output:

------------------------------------------------------------
Connecting to <IP>

Authorized uses only. All activity may be  monitored and reported.
sudo: adleave: command not found
Connection to <IP> closed.
AD_joined
File still present, something went wrong
------------------------------------------------------------
AndG
  • 193
  • 1
    can you post the difference between ssh -t -o StrictHostKeyChecking=no -o ConnectTimeout=3 -o PasswordAuthentication=no $example_remote_host "echo $PATH" as well as ssh $example_remote_host followed by which adleave as well as echo $PATH? Seems like adleave is in a component of PATH that's only loaded by login shells. – jayhendren Dec 09 '16 at 16:38
  • 3
    Call the full path to adleave – Jeff Schaller Dec 09 '16 at 16:48
  • @jayhendren First Output: /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/bin:/usr/‌​local/bin:/usr/bin:/‌​bin:/u01/app/oracle/‌​product/12.1.0/bin:/‌​home/user/.local/bin‌​:/home/user/bin Second Output: which: no adleave in (/usr/local/bin:/usr/bin) /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/bin:/usr/‌​local/bin:/usr/bin:/‌​bin:/u01/app/oracle/‌​product/12.1.0/bin:/‌​home/user/.local/bin‌​:/home/user/bin adleave path: /usr/sbin/adleave It also looks like adleave is symlinked to another path: /usr/sbin/adleave -> /usr/share/centrifydc/bin/cdcexec – AndG Dec 09 '16 at 18:04
  • @Christopher the path for adleave is /usr/sbin/adleave. I also did sudo env and /usr/sbin is included in $PATH for sudo. At this point, I'm thinking there is some other environment setting, profile script or maybe something in PAM that is overriding this. – AndG Dec 09 '16 at 19:52

1 Answers1

0

Reading comments to your initial post: have you tried using /usr/sbin/adleave in your script, instead of adleave.

SYN
  • 2,863