Posted on 02-26-2018 03:19 PM
We recently planned on deploying a iMacs running High Sierra and are running into issues. We found that Configuration Profiles deployed via Jamf Pro are not mounting network volumes.
They do show up under System Preferences > Profiles, but were not actually mounting any network volumes. Other payloads appear to be working, such as mapping network printers. Other MacOS versions appear to be working, such as 10.11 or 10.12. Neither 10.13.1 nor 10.13.3 are working.
We map to a few different servers, and none connect. We are using Samba and spell out the FQDN as the item. For example: smb://server.sample.edu/folderName
In Jamf Pro, the entry is under Computers > Configuration Profiles > Login Items > Network Mounts.
It's working perfectly fine in Sierra, but as soon as High Sierra is installed we no longer get any prompts or messages. We can manually connect to the volumes via Finder under Go > Connect to Server.
jamf Pro is version 10.0.0.
Does the community have any advice for things we can try?
Posted on 02-27-2018 05:50 AM
Same issues here. I'm in the process of testing our summer updates and this is exactly the issues I run into. We don't have any issues with Sierra and El Capitan.
Posted on 02-27-2018 08:33 AM
Does running this command help with allowing your CP's to run successfully?:
https://support.apple.com/en-us/HT208317
Posted on 03-01-2018 11:49 AM
@SGill Did not fix the issue. Any other idea? I will call apple regarding this, can't move forward with issues like this. Thanks a lot.
Posted on 03-06-2018 11:09 AM
I'm trying to use the mountNetworkShare.sh script that's located here: https://www.jamf.com/jamf-nation/third-party-products/files/476/mountnetworkshare-sh-mount-a-network-share.
Has anyone had success implementing it as a Policy at Login with High Sierra? I updated line 92 to smb and 93 to the full path to the network share, but doesn't seem to be doing much at Login.
Maybe this alternative method will work for you @BigWilly ?
Posted on 03-06-2018 11:28 AM
@ofortun we decided to use this too but the issue isn't with the script, its with the Login trigger that Jamf offers which is now depreciated because it is a LoginHook. You'll need to create a launch agent to run the script. I found this website useful, http://www.launchd.info/ and https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html#//apple_ref/doc/uid/10000172i-SW7-BCIEDDBJ
Posted on 03-07-2018 05:21 PM
We're seeing the same issues (Login Item shares in Configuration Profiles being ignored) since 10.13.x.
Currently working around it with the following script setup as an ongoing policy triggered on login:
(credit to @Look !!) :)
original
#!/bin/bash
# 2017 Version Samuel Look
# All care no responsibility
# Mounts the requested share if it doesn't already exist if left blank it will attempt to mount AD SMBhome
# Accepts shares in the form smb://server/share or smb://server/student%20share
# No spaces allowed!
# Intended to be run as a Login policy from Casper on AD bound machines only and has only been tested in this context.
# 2018 Version Hamish Ward
# log file
# share paths accepted from all script parameters
Current_User=$(id -un)
logfile="/var/log/ShareMount.log"
exec >$logfile
exec 2> >(tee -a $logfile >&2)
##### Start seperate process #####
(
##### SUBROUTINES #####
Share_Path_Valid() {
if [[ -z "$Share_Path" ]]; then
Machine_Domain=$(dscl /Active Directory/ -read . SubNodes | awk '{print $2}')
Share_Path="$(dscl "/Active Directory/$Machine_Domain/All Domains" -read /Users/$Current_User SMBHome | awk '!/is not valid/' | sed -e 's/SMBHome: /smb:/g' -e 's/\///g')"
fi
if [[ "$Share_Path" ]]; then
logger "Sharemount:$Share_Name Path check PASS $Share_Path"
return 0
else
logger "Sharemount:$Share_Name Path check FAIL"
return 1
fi
}
#####
User_Ready() {
Loop_End=$((SECONDS + 60))
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
while [[ -z "$Current_User" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
done
if [[ "$Current_User" ]]; then
logger "Sharemount:$Share_Name User check PASS $Current_User"
return 0
else
logger "Sharemount:$Share_Name User check FAIL"
return 1
fi
}
#####
Finder_Ready() {
Loop_End=$((SECONDS + 60))
while [[ -z "$(ps -c -u $Current_User | awk /CoreServicesUIAgent/)" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
done
if [[ "$(ps -c -u $Current_User | awk /Finder/)" ]]; then
logger "Sharemount:$Share_Name Finder check PASS"
return 0
else
logger "Sharemount:$Share_Name Finder check FAIL"
return 1
fi
}
#####
Not_Mounted() {
if [[ -z "$(mount | awk '/'$Current_User'/ && //'$Share_Name' /')" ]]; then
logger "Sharemount:$Share_Name Mount check PASS $Share_Name"
return 0
else
logger "Sharemount:$Share_Name Mount check FAIL already mounted"
return 1
fi
}
#####
Mount_Drive() {
True_Path=$(echo $Share_Path | sed 's//////'$Current_User'@/g')
logger "Sharemount:$Share_Name Attempting to mount $True_Path"
sudo -u $Current_User osascript -e 'mount volume "'$True_Path'"'
}
##### START #####
# escape parameter values in curly braces, else double digit parameters (10-11) be ignored!
if [ "${4}" != "" ]; then
Share_Path="${4}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${5}" != "" ]; then
Share_Path="${5}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${6}" != "" ]; then
Share_Path="${6}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${7}" != "" ]; then
Share_Path="${7}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${8}" != "" ]; then
Share_Path="${8}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${9}" != "" ]; then
Share_Path="${9}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${10}" != "" ]; then
Share_Path="${10}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${11}" != "" ]; then
Share_Path="${11}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
##### End seperate process #####
) &
##### FIN #####
Posted on 06-20-2018 06:52 AM
Same issue here, are there any new informations to this problem? We are using many network mounts in our company, and a workaround by skript ist no option to us.
Posted on 06-29-2018 06:19 AM
@Adminham It looks like your modifications broke the feature in the comments where if it was blank it would mount the AD home. Going off the assumption that you would always fill the paths in order, starting at $4, I modified the code for only the $4 parameter so that if you intentionally left $4 blank it would mount the SMB home.
So my modified code of your modifications looks like
#!/bin/bash
# 2017 Version Samuel Look
# All care no responsibility
# Mounts the requested share if it doesn't already exist if parameter 4 is left blank it will attempt to mount AD SMBhome
# Accepts shares in the form smb://server/share or smb://server/student%20share
# No spaces allowed!
# Intended to be run as a Login policy from Casper on AD bound machines only and has only been tested in this context.
# 2018 Version Hamish Ward
# log file
# share paths accepted from all script parameters
Current_User=$(id -un)
logfile="/var/log/ShareMount.log"
exec >$logfile
exec 2> >(tee -a $logfile >&2)
##### Start seperate process #####
(
##### SUBROUTINES #####
Share_Path_Valid() {
if [[ -z "$Share_Path" ]]; then
Machine_Domain=$(dscl /Active Directory/ -read . SubNodes | awk '{print $2}')
Share_Path="$(dscl "/Active Directory/$Machine_Domain/All Domains" -read /Users/$Current_User SMBHome | awk '!/is not valid/' | sed -e 's/SMBHome: /smb:/g' -e 's/\///g')"
fi
if [[ "$Share_Path" ]]; then
logger "Sharemount:$Share_Name Path check PASS $Share_Path"
return 0
else
logger "Sharemount:$Share_Name Path check FAIL"
return 1
fi
}
#####
User_Ready() {
Loop_End=$((SECONDS + 60))
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
while [[ -z "$Current_User" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
done
if [[ "$Current_User" ]]; then
logger "Sharemount:$Share_Name User check PASS $Current_User"
return 0
else
logger "Sharemount:$Share_Name User check FAIL"
return 1
fi
}
#####
Finder_Ready() {
Loop_End=$((SECONDS + 60))
while [[ -z "$(ps -c -u $Current_User | awk /CoreServicesUIAgent/)" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
done
if [[ "$(ps -c -u $Current_User | awk /Finder/)" ]]; then
logger "Sharemount:$Share_Name Finder check PASS"
return 0
else
logger "Sharemount:$Share_Name Finder check FAIL"
return 1
fi
}
#####
Not_Mounted() {
if [[ -z "$(mount | awk '/'$Current_User'/ && //'$Share_Name' /')" ]]; then
logger "Sharemount:$Share_Name Mount check PASS $Share_Name"
return 0
else
logger "Sharemount:$Share_Name Mount check FAIL already mounted"
return 1
fi
}
#####
Mount_Drive() {
True_Path=$(echo $Share_Path | sed 's//////'$Current_User'@/g')
logger "Sharemount:$Share_Name Attempting to mount $True_Path"
sudo -u $Current_User osascript -e 'mount volume "'$True_Path'"'
}
##### START #####
# escape parameter values in curly braces, else double digit parameters (10-11) be ignored!
if [ "${4}" != "" ]; then
Share_Path="${4}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
else
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 2
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${5}" != "" ]; then
Share_Path="${5}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${6}" != "" ]; then
Share_Path="${6}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${7}" != "" ]; then
Share_Path="${7}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${8}" != "" ]; then
Share_Path="${8}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${9}" != "" ]; then
Share_Path="${9}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${10}" != "" ]; then
Share_Path="${10}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
if [ "${11}" != "" ]; then
Share_Path="${11}"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
fi
##### End seperate process #####
) &
##### FIN #####
Posted on 06-30-2018 12:21 AM
We could never get a Configuration Profile for this working reliably in Sierra, so in the end we went with something very similar to macmule’s suggested workflow:
https://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/
Posted on 11-06-2018 07:21 AM
Has anyone been able to get this to work in MacOS 10.13 or 10.14 without the additional script?
Posted on 11-06-2018 07:28 AM
The network shares feature of NoMAD is also well worth a look.
Posted on 11-06-2018 07:38 AM
Here is a generic version of an applescript I created and saved as a run only application, then deployed to the users that require it. We have a mac os server set up with vpn running because we only allow encrypted smb for our server connections. hope this helps anyone looking for an easy work around. it is very easy to use for the end user and mounts the drive prompting them to login with whatever credentials. The Vpn (myvpn in the script) is deployed via jamf. The applescript run only app is added to the end users dock for easy to use click and connect.
-- Set Ad Privvies
set UNAME to "admin"
set PASSW to "password"
try
do shell script "open /System/Library/CoreServices/Menu\ Extras/VPN.menu" user name UNAME password PASSW with administrator privileges
tell application "System Events"
tell current location of network preferences
set myVPN to the service "Institution VPN"
if myVPN is not null then
-- if connected, prompt user to connect or disconnect
if current configuration of myVPN is connected then
set ondialog to display dialog "You are Securely Connected to the Institution Virtual Private Network, What would you like to do?" with title ("Institution VPN Notification") buttons {"Stay Connected", "Mount Institution Drive", "Disconnect"} default button "Stay Connected" with icon alias (POSIX file "/Path/To/Icon/icon2.gif")
if button returned of ondialog is "Disconnect" then
disconnect myVPN
display dialog "You are no longer connected to the Virtual Private Network." with title ("Institution VPN Notification") buttons {"Ok"} default button "Ok" with icon alias (POSIX file "/Path/To/Icon/icon2.gif")
do shell script "Killall /Path/To/User Server Connect.app" user name UNAME password PASSW with administrator privileges
end if
if button returned of ondialog is "Mount Institution Drive" then
mount volume "smb://server.sample.edu"
do shell script "Killall /Path/To/User Server Connect.app" user name UNAME password PASSW with administrator privileges
end if
end if
-- if not connected, prompt user to connect or stay disconnected
if current configuration of myVPN is not connected then
set nodialog to display dialog "You are not Securely Connected to the Institution Network, Would you like to Connect?" with title ("Institution VPN Notification") buttons {"Yes", "No"} default button "Yes" with icon alias (POSIX file "/Path/To/Icon/icon2.gif")
if button returned of nodialog is "Yes" then
connect myVPN
set yesdialog to display dialog "Connection Secured. Institution Drive will now be Mounted." with title ("Institution VPN Notification") buttons {"Ok"} default button "Ok" with icon alias (POSIX file "/Path/To/Icon/icon1.gif")
if button returned of yesdialog is "Ok" then
mount volume "smb://server.sample.edu"
end if
end if
if button returned of nodialog is "No" then
tell application "Institution VPN"
quit
end tell
end if
end if
end if
end tell
return 60
end tell
end try
Posted on 01-11-2019 02:46 PM
Any updates here?
Still can't get network drives to mount, at login, in login items, on 10.13 and 10.14 using Configuration Profiles.
I have about 180 Mac Users, so having this Configuration Mobile break when users upgrade is a main, as we have to manually map each network drive (we have a ton, each varying depending on the users job role and division).
Our support team says the following "After testing internally we have confirmed this is an Apple Bug, we have reported this to Apple. Apple confirmed this behavior as a bug and opened a RADAR ticket for the same. You can follow-up the status of this bug with Apple with this RADAR 42659924, if you are an Enterprise customer."
Posted on 03-25-2019 07:25 AM
I am experiencing this also. I called Jamf Support today and recreated the issue with support. Plan is to upload our Config Profile to Jamf for further evaluation. I will also include this thread/post in hopes Jamf provides info after a solution is found.
Update: Here is the email I received from support.
There were changes made to both High Sierra and Mojave that has resulted unsuccessful attempts when it comes to mounting network shares correctly. We have documented the issue as PI-004507 and PI-006555.
As for an alternative workflow to mount the shares we can utilize a script that I have linked below.
https://www.jamf.com/jamf-nation/third-party-products/files/476/mountnetworkshare-sh-mount-a-network-share
mountNetworkShare.sh -- Mount a network share | Jamf Nation
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world.Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other.
www.jamf.com
Another workflow we may be able to utilize would be to use a Dock Configuration Profile to use "Dock Items" to mount a share, which also accepts parameters to autofill the user who is assigned to the machine. All they will need to do is enter their password.
Example:
smb://$USERNAME:@ServerName/ShareName
Alternatively if it's just a standard share they can use an account that has mount access
smb://mountUser:mountPass@ServerName/ShareName
Posted on 06-11-2019 04:39 PM
So I'm curious how people are addressing this. With 10.14, running the script on login requires the script be signed, and we're having trouble getting that to stick (signing the script works, but then packaging the script to deploy breaks the signing).
Thanks!
UPDATE: Figured it out. You have to include some flags when building the package so it maintains the extended attributes.
Posted on 01-23-2020 04:26 PM
Has there been any update to this issue. I notice Apple has a bug report logged and Jamf have 2 issues for it. I've tried the script as recommended by pditty however it errors trying to find "smbclient"