Posted on 10-09-2014 07:27 AM
As I'm sure you are aware, the Force UNC Path function of the AD bind makes it so client computers try to mount home folders upon logging in. Well, the problem is that when the user is not on the network, it will hang until this process ultimately fails. I wanted a way around this, so I wrote a script that first checks to see if the server can be reached, and then mounts the user's home folder. There is a problem with it, though...
The script works fine, locally and in my research here, I have found that Casper will run everything as root and found how to run as the user. Even though I am specifically telling it to run as the current user, it is still running as root. Could anyone look at the script below and please tell me what I'm doing wrong? Thank you.
#Wait for full login
delay 10
#Check to see if DFS is available
set IP_address to "10.10.78.12"
set IP_Valid to true
try
do shell script ("ping -c 2 " & IP_address)
on error
set IP_Valid to false
end try
#Get current user name
set userName to short user name of (system info)
#If DFS is available, mount home folder of current user
if IP_Valid then
do shell script ("sudo -u " & userName & " mkdir ~/Desktop/" & userName & "
&& mount -t smbfs //sjdfs01.ehi.ehealth.com/" & userName & "$ ~/Desktop/" & userName & "")
end if
Also, by virtue of how this script works, there is a folder left on the desktop of the machine. So I have another unmount script I was going to program for logout, but it wiped out my test share contents. That script is below. What am I doing wrong here?
#Get current user name
set userName to short user name of (system info)
#Unmount Share, Delete Folder, Empty Trash
do shell script ("umount -f ~/Desktop/" & userName & " && rm -r ~/Desktop/" & userName & " && rm -rf ~/.Trash/*")
Posted on 10-09-2014 09:11 AM
I'd do a LaunchAgent (which runs as the user logging in) that calls the script (stored locally on the client).
Have a look at http://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/ for example.
Also, i prefer using netcat instead of ping for checking the server connection,
nc -z 10.10.78.12 445
or something like that
Posted on 10-09-2014 09:13 AM
You can try to define getting the logged in user with an attribute:
currentUser=$(ls -l /dev/console | awk '{ print $3 }')
and use that to have it not run as root, or at least apply to the current logged in user.
Posted on 10-09-2014 09:30 AM
Echoing @Chris' statement about using a local LaunchAgent for this. As that will run as the user you won't need to worry about getting the logged in user and forcing root to run the command as that user.
Also, its just my personal opinion, but anytime we need something to run at every login, we look in the direction of a LaunchAgent and script, or calling an app rather than having an ongoing policy run at login. Although you lose out on logging (unless your laucnhd also creates logs which is possible), its generally a better.
This is actually what we do. We created an Applescript based app that checks for the network and then attempts to mount the user's share, or exit if the network isn't available. It gets called by a local LaunchAgent.
Posted on 10-09-2014 10:28 AM
Awesome. Thanks, guys. I am aware of the launch agent and looks like I'll be going that direction. Huge help. The second part, though...
If you notice, the script creates a directory and maps the share to it. My logout script disconnects the share and deletes the folder. This doesn't seem like the cleanest way to do this. It appears I've also wiped out the contents of a share with it, even though the rm is programmed to run after the umount.
Posted on 10-09-2014 10:49 AM
You might want to look at doing a pure Applescript mount command in the script, rather than doing mount -t smbfs. I'm not sure if this is the exact syntax but I believe it would be something like:
mount volume "smb://sjdfs01.ehi.ehealth.com/" & userName & "$"
The advantage with that is there's no need to create the directory for the mount point up front and then try to clean it up after it unmounts. Its akin to using Connect to Server and mounting it that way.
Posted on 10-09-2014 10:58 AM
Posted on 10-09-2014 11:00 AM
To follow up once more, I would modify your script to look like this (I can't test it of course, but give it a try)
#Wait for full login
delay 10
#Check to see if DFS is available
set IP_address to "10.10.78.12"
set IP_Valid to true
try
do shell script ("ping -c 2 -o " & IP_address)
on error
set IP_Valid to false
end try
#Get current user name
set userName to (do shell script "ls -l /dev/console | awk '{print $3}'")
#Mount users share point
mount volume "smb://sjdfs01.ehi.ehealth.com/" & userName & "$"
Note also that I threw the -o flag into the ping line. -o tells ping to exit after the first successful response. So even though its instructed to send 2 pings, if the first replies back successfully, it stops and moves on to the rest of the script.
Posted on 10-09-2014 11:49 AM
@mm2270 I originally had a pure AppleScript solution exactly as you have suggested, but it wouldn't run as the user. However, if LaunchAgent will always run as the user, this isn't an issue and I would LOVE the simplicity of it. I will definitely go that route as it "gets two birds stoned at once" so to speak. Thank you all for your help!
Posted on 10-09-2014 12:45 PM
@brandonpturner, I have an example that does similar to what you're trying.
http://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/
By using the mount volume command via an AppleScript app, launched via a launchagent , & setting finder to show connected servers on the desktop (pretty much what @mm2270 said in his last post).
Been working well for us.
Posted on 10-09-2014 01:09 PM
@bentoms I looked through there. Nice work!