Jamf Nation Community

mconners · ‎09-05-2018

Hello Everyone,

I have been searching and I have seen a lot of discussion on the network home folder being pulled from the UNC path from AD.

We haven't been doing this but we have a single AD binding as part of setup within the JSS and this was setup PRIOR to attempting to enable the Use UNC path from AD to get network home folder. This is the built in directory binding from the JSS and not a scripted solution I have seen discussed here. There is a checkbox that I can check within this management setting, but I am afraid of ramifications across the entire deployment.

Is there another way of enabling this without messing with the binding I already have in place? I remember playing with this last fall and we have a simple script which would enable this for us.

Thoughts?

ryan_ball · ‎09-05-2018

If you want to use the build in Windows Network Home mapping feature, just run this on the client and restart.

dsconfigad -useuncpath enable

mconners · ‎09-05-2018

Thank you @ryan.ball this is precisely what I needed. I created a discussion last year on this topic. Do you know if in High Sierra there are still issues with the UNC path on Mac OS?

ryan_ball · ‎09-05-2018

I don't use that feature. I leave it disabled and have a LaunchAgent that looks at the user's SMBHome attribute in their user account and mounts that volume automatically. This seems to be very reliable for me. Here is a super stripped down version of the main parts of the script for testing purposes:

#!/bin/bash

loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
ADHome=$(/usr/bin/dscl . -read "/Users/$loggedInUser" | grep SMBHome: | cut -c 10- | sed 's/\///g')
ADHome="${ADHome/////smb://$loggedInUser:@}"

/usr/bin/osascript -e "mount volume "$ADHome"" 2&> /dev/null

exit 0

mconners · ‎09-05-2018

Thanks @ryan.ball this is extremely helpful. I will experiment with this version you sent me and see how it will work for us. Again, thank you for the replies.

mark_mahabir · ‎09-05-2018

FWIW, we use a slightly modified version of this.

mconners · ‎09-05-2018

Thank you @mark.mahabir I appreciate the feedback. We will begin working on a few things here.

@ryan.ball you mentioned you use a launch agent. While I have seen LaunchAgents in the past and understanding their use, can you share what you did to create yours to run this script? Just curious what you did. Thanks again!

ryan_ball · ‎09-05-2018

LaunchAgents are tasks that run as the user who is logged into the Mac at the time, not as root. So it is perfect for performing tasks as the user.

I put the script with example name "automounter.sh" in the /Library/Scripts directory.

I put a plist with example name "com.contoso.automounter.plist" in the /Library/LaunchAgents directory that looked like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.contoso.automounter</string>
    <key>LimitLoadToSessionType</key>
    <string>Aqua</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Library/Scripts/automounter.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

Permissions on the plist (and probably the script) would be like so:

root: Read and Write wheel: Read Everyone: Read

Then when the user logs in, the script will run and mount the Windows Network Home. Of course you'd want to build in logic in the script to check if you could establish connection to the file share and validate if the share is mounted or did mount when you wanted to and things like that.

Jamf Nation Community

AD Home folder on a Mac