SMB Network Shares and AD Home Directories

Hi,

If you are using mount volume "smb://${adHome}" the OS should do the mounting for you. You don't need to specify where it gets mounted.

Is the drive not mounting with that method?

@davidacland It is but then prompts the user for a username / password.

Use python and the NetFS API

https://gist.github.com/hunty1/94284f2535a964a2ed8f2297974e98ca

run it like this by providing two arguments, the server address and the share name
./mount_share.py <your.file.server.com/homes/student> <student>

@Chuey It still sounds kerberos related to me. If you log in and try to mount the drive using Go > Connect to server... does that also ask for a username & password?

@calumhunter I hadn't tried mounting a drive with Python before. Thanks for sharing :)

Sounds like this is a new macOS feature, & the Apple have a KB here on how to make a change to use kerb & not prompt.

The AppleScript mount volume uses NetFS & some other logic @hunty. My AppleScript methods piqued the curiosity of @frogor & @kcrawshaw so they reversed engineered it to time the NetFS API.

I was looking to do a Swift NetFS App next year, but seems that the AppleScript's additions still win in some cases.

@davidacland My admin account will never ask for the password. Only standard accounts are getting asked to input their password. . .

EDIT If the standard user has never logged into the computer it will allow me to navigate to their network home directory without a password. If I log out and log back in on the same computer it will prompt me for the password. Sorry wanted to clarify that Kerberos is working properly.

@Chuey Was looking at your 11/20 post and we have a portion of our dock setup script - which utilizes dockutil - that adds an additional link (the globe you refer to) to connect to the user's network folder.

Our dock setup script incorporates the same code as the SMB/AD home script to get the full network folder path and then uses this to add the connection to the "Connect to Server" server favorites list as well as an icon to connect to it in the Dock. We prefer to have multiple places for our users to be able access their network folder.

I've copied and pasted the applicable portions of that script into a new script below.

#!/bin/bash

USER=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
LOG="/path/to/logfile.log"
DOCKUTIL="/path/to/dockutil"
SFLTOOL="/usr/bin/sfltool"
PLIST="com.apple.LSSharedFileList.FavoriteServers"
ADHOME=$(/usr/bin/dscl . -read /Users/$USER 
        | grep -e "SERVERNAME" | head -n 1 
        | sed 's|SMBHome:||g' 
        | sed 's|dsAttrTypeNative:original_smb_home:||g' 
        | sed 's/^[\\]*//' 
        | sed 's:\\:/:g' 
        | sed 's/ ////g' 
        | tr -d '
' 
        | sed 's/ /%20/g')

# For writing info to log file
writelog () {
    /bin/echo "${1}"
    /bin/echo $(date) "${1}" >> $LOG
}

# Add user's AD home folder to Dock for easier access
if [ "${ADHOME}" == "" ]; then
    writelog "ADHOME Shortcut: User ${USER} does not have an SMBHome attribute. Skipping network folder Dock shortcut creation ..."
else
    writelog "FOUND: SMBHome identified for ${USER}."
    writelog "Creating network folder Dock shortcut for ${USER}."
    $DOCKUTIL --add "smb://${ADHOME}" --label "My Network Folder" --before Applications --no-restart 
    writelog "CREATED: Network folder Dock shortcut for ${USER}."
fi

# Add user's AD home folder to Favorite Server list w/ name "My Network Folder"
$SFLTOOL add-item -n "My Network Folder" $PLIST "smb://${ADHOME}"

if [ $? = 0 ]; then
    writelog "Successfully added ${USER}'s network folder to Favorite Servers."
else
    writelog "Failed to add ${USER}'s network folder to Favorite Servers."
fi

exit

@aporlebeke Thanks for that.

I'm still confused as to why when I log in to a machine with a user who has never logged in before, the globe automatically appears and is mapped to their network home folder using SMB, and when clicked it opens the share.

BUT if you log out and back in on the same machine with that user and click the globe it prompts for the password again.

Anyone have an idea as to why this happens?

@Chuey As posted in another thread, I think you might need this