Computer Lab Students folders

palitech
New Contributor

Hey fellow JAMFsters!
In one our ISDS labs, the teacher has six classes and has a server local to his classroom. He creates the user accounts, via Passenger app, then exports the list with passwords to hand out to students. He then imports the users to Workgroup Manager to import them into OS X server-Mavericks. He also creates bulk folders for each user and has a preset permissions script that assigns the folder to the user and himsel onlyf via the passenger app. He then places the folders into the file share and has the students store their assignments, and accesses the assignments from there to grade them. He likes to have ease of access from anywhere, and the security that only he can see all folders. When the students log into the filesvr, they only have access to their own. This method was put in place a very long time ago, and now i am exploring new options as this seems a little too complicated in todays world. The main thing he wants to have is secure envirorment, and most folders in one place for an ease of grading via a filesvr. The school now assigns standard school user accounts which the students use for wifi and logging into our Self Service app. They are Active Directory accounts. I would like to be able to have the students use these same usernames and passwords for his classroom. The only problem I see is how he can access. Right now he logs in and has all students under the according Period folder. File path navigation may be a bit more than he is used to as he is set in his old ways. Also, another teacher is thinking of using the old method but is intimidated by all the steps. Anyone have any suggestions as to how we can simplify this and allow the students to use their AD username and passwords. I was thinking of importing the AD accounts into open directory, and binding all the current classroom iMacs to his local 10.9 OS X server. With a little manipulation of home folder paths and such I'm sure we can get the folder paths easy access for the teachers. Do you guys think this is the best way? Thank you.

4 REPLIES 4

rtrouton
Release Candidate Programs Tester

An easier way may be to bind the server to Active Directory, then use /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount to create AD mobile users on the server. I have a post on how to do this available from here:

https://derflounder.wordpress.com/2011/08/12/creating-ad-or-od-mobile-users-from-the-command-line/

At a previous job, I'd set a few Mac servers up this way and it worked well. One gotcha was with home folders that were stored somewhere other than the boot drive. I have a post on the issues with that, and how to fix them, available from here:

https://derflounder.wordpress.com/2009/10/11/the-night-loginwindow-put-out-a-hit-on-my-user-accounts...

davidacland
Honored Contributor II

I'd go for using AD as the primary directory source as well. That will cut out the need to create users in OD with separate usernames and passwords etc.

If you join the Mac server to AD, you can then set up shared folders per user and mount at login. We've used a script in the past to create the folders. In this example we have a csv file (called "names") that have the list of AD user names that we want to create the folders for:

#!/bin/bash

list=`cat /path/to/names`

for name in $list; do
    mkdir /Path/To/Shares/$name > /dev/null 2>&1
    chown -R $name:admin /Path/To/Shares/$name
    chmod -R 700 /Path/To/Shares/$name
    chmod -R +a "$name allow delete,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,list,search,add_file,add_subdirectory,delete_child,read,write,append,execute" /Path/To/Shares/$name
    sharing -a /Path/To/Shares/$name
done

exit 0

You can mount the share at login via Casper with:

#!/bin/bash

# Mount the drive
    mount_script=`/usr/bin/osascript > /dev/null << EOT
    tell application "Finder" 
    activate
    mount volume "afp://servername/$3"
    end tell
EOT`

exit 0

palitech
New Contributor

@davidacland @rtrouton Thank you guys!!! I have thought about this for a while and it seems like something we will have to set up a lab and test out. @davidacland The first script would be executed on the Mac Server Correct?

davidacland
Honored Contributor II

Correct, its used to create the shares for each user in the text file.