Configuration Profile not mounting network volumes in High Sierra

ofortun
New Contributor

We recently planned on deploying a iMacs running High Sierra and are running into issues. We found that Configuration Profiles deployed via Jamf Pro are not mounting network volumes.

They do show up under System Preferences > Profiles, but were not actually mounting any network volumes. Other payloads appear to be working, such as mapping network printers. Other MacOS versions appear to be working, such as 10.11 or 10.12. Neither 10.13.1 nor 10.13.3 are working.

We map to a few different servers, and none connect. We are using Samba and spell out the FQDN as the item. For example: smb://server.sample.edu/folderName

In Jamf Pro, the entry is under Computers > Configuration Profiles > Login Items > Network Mounts.
It's working perfectly fine in Sierra, but as soon as High Sierra is installed we no longer get any prompts or messages. We can manually connect to the volumes via Finder under Go > Connect to Server.

jamf Pro is version 10.0.0.

Does the community have any advice for things we can try?

16 REPLIES 16

BigWilly
New Contributor

Same issues here. I'm in the process of testing our summer updates and this is exactly the issues I run into. We don't have any issues with Sierra and El Capitan.

SGill
Contributor III

Does running this command help with allowing your CP's to run successfully?:

https://support.apple.com/en-us/HT208317

BigWilly
New Contributor

@SGill Did not fix the issue. Any other idea? I will call apple regarding this, can't move forward with issues like this. Thanks a lot.

ofortun
New Contributor

I'm trying to use the mountNetworkShare.sh script that's located here: https://www.jamf.com/jamf-nation/third-party-products/files/476/mountnetworkshare-sh-mount-a-network-share.

Has anyone had success implementing it as a Policy at Login with High Sierra? I updated line 92 to smb and 93 to the full path to the network share, but doesn't seem to be doing much at Login.

Maybe this alternative method will work for you @BigWilly ?

schmib00
New Contributor

@ofortun we decided to use this too but the issue isn't with the script, its with the Login trigger that Jamf offers which is now depreciated because it is a LoginHook. You'll need to create a launch agent to run the script. I found this website useful, http://www.launchd.info/ and https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html#//apple_ref/doc/uid/10000172i-SW7-BCIEDDBJ

Adminham
New Contributor III

We're seeing the same issues (Login Item shares in Configuration Profiles being ignored) since 10.13.x.
Currently working around it with the following script setup as an ongoing policy triggered on login:
(credit to @Look !!) :)
original

#!/bin/bash
# 2017 Version Samuel Look
# All care no responsibility
# Mounts the requested share if it doesn't already exist if left blank it will attempt to mount AD SMBhome
# Accepts shares in the form smb://server/share or smb://server/student%20share
#                                                       No spaces allowed!
# Intended to be run as a Login policy from Casper on AD bound machines only and has only been tested in this context.
# 2018 Version Hamish Ward
#       log file
#       share paths accepted from all script parameters

Current_User=$(id -un)

logfile="/var/log/ShareMount.log"
exec >$logfile
exec 2> >(tee -a $logfile >&2)

##### Start seperate process #####
(

##### SUBROUTINES #####

Share_Path_Valid() {
if [[ -z "$Share_Path" ]]; then
Machine_Domain=$(dscl /Active Directory/ -read . SubNodes | awk '{print $2}')
Share_Path="$(dscl "/Active Directory/$Machine_Domain/All Domains" -read /Users/$Current_User SMBHome | awk '!/is not valid/' | sed -e 's/SMBHome: /smb:/g' -e 's/\///g')"
fi
if [[ "$Share_Path" ]]; then
logger "Sharemount:$Share_Name Path check PASS $Share_Path"
return 0
else
logger "Sharemount:$Share_Name Path check FAIL"
return 1
fi
}

#####

User_Ready() {
Loop_End=$((SECONDS + 60))
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
while [[ -z "$Current_User" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
done
if [[ "$Current_User" ]]; then
logger "Sharemount:$Share_Name User check PASS $Current_User"
return 0
else
logger "Sharemount:$Share_Name User check FAIL"
return 1
fi
}

#####

Finder_Ready() {
Loop_End=$((SECONDS + 60))
while [[ -z "$(ps -c -u $Current_User | awk /CoreServicesUIAgent/)" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
done
if [[ "$(ps -c -u $Current_User | awk /Finder/)" ]]; then
logger "Sharemount:$Share_Name Finder check PASS"
return 0
else
logger "Sharemount:$Share_Name Finder check FAIL"
return 1
fi
}

#####

Not_Mounted() {
if [[ -z "$(mount | awk '/'$Current_User'/ && //'$Share_Name' /')" ]]; then
logger "Sharemount:$Share_Name Mount check PASS $Share_Name"
return 0
else
logger "Sharemount:$Share_Name Mount check FAIL already mounted"
return 1
fi
}

#####

Mount_Drive() {
True_Path=$(echo $Share_Path | sed 's//////'$Current_User'@/g')
logger "Sharemount:$Share_Name Attempting to mount $True_Path"
sudo -u $Current_User osascript -e 'mount volume "'$True_Path'"'
}

##### START #####

# escape parameter values in curly braces, else double digit parameters (10-11) be ignored!
if [ "${4}" != "" ]; then
    Share_Path="${4}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${5}" != "" ]; then
    Share_Path="${5}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${6}" != "" ]; then
    Share_Path="${6}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${7}" != "" ]; then
    Share_Path="${7}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${8}" != "" ]; then
    Share_Path="${8}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${9}" != "" ]; then
    Share_Path="${9}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${10}" != "" ]; then
    Share_Path="${10}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${11}" != "" ]; then
    Share_Path="${11}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi


##### End seperate process #####
) &

##### FIN #####

JSG
New Contributor

Same issue here, are there any new informations to this problem? We are using many network mounts in our company, and a workaround by skript ist no option to us.

EdenJAMFAdmin
New Contributor

@Adminham It looks like your modifications broke the feature in the comments where if it was blank it would mount the AD home. Going off the assumption that you would always fill the paths in order, starting at $4, I modified the code for only the $4 parameter so that if you intentionally left $4 blank it would mount the SMB home.
So my modified code of your modifications looks like

#!/bin/bash
# 2017 Version Samuel Look
# All care no responsibility
# Mounts the requested share if it doesn't already exist if parameter 4 is left blank it will attempt to mount AD SMBhome
# Accepts shares in the form smb://server/share or smb://server/student%20share
#                                                       No spaces allowed!
# Intended to be run as a Login policy from Casper on AD bound machines only and has only been tested in this context.
# 2018 Version Hamish Ward
#       log file
#       share paths accepted from all script parameters

Current_User=$(id -un)

logfile="/var/log/ShareMount.log"
exec >$logfile
exec 2> >(tee -a $logfile >&2)

##### Start seperate process #####
(

##### SUBROUTINES #####

Share_Path_Valid() {
if [[ -z "$Share_Path" ]]; then
Machine_Domain=$(dscl /Active Directory/ -read . SubNodes | awk '{print $2}')
Share_Path="$(dscl "/Active Directory/$Machine_Domain/All Domains" -read /Users/$Current_User SMBHome | awk '!/is not valid/' | sed -e 's/SMBHome: /smb:/g' -e 's/\///g')"
fi
if [[ "$Share_Path" ]]; then
logger "Sharemount:$Share_Name Path check PASS $Share_Path"
return 0
else
logger "Sharemount:$Share_Name Path check FAIL"
return 1
fi
}

#####

User_Ready() {
Loop_End=$((SECONDS + 60))
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
while [[ -z "$Current_User" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
done
if [[ "$Current_User" ]]; then
logger "Sharemount:$Share_Name User check PASS $Current_User"
return 0
else
logger "Sharemount:$Share_Name User check FAIL"
return 1
fi
}

#####

Finder_Ready() {
Loop_End=$((SECONDS + 60))
while [[ -z "$(ps -c -u $Current_User | awk /CoreServicesUIAgent/)" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
done
if [[ "$(ps -c -u $Current_User | awk /Finder/)" ]]; then
logger "Sharemount:$Share_Name Finder check PASS"
return 0
else
logger "Sharemount:$Share_Name Finder check FAIL"
return 1
fi
}

#####

Not_Mounted() {
if [[ -z "$(mount | awk '/'$Current_User'/ && //'$Share_Name' /')" ]]; then
logger "Sharemount:$Share_Name Mount check PASS $Share_Name"
return 0
else
logger "Sharemount:$Share_Name Mount check FAIL already mounted"
return 1
fi
}

#####

Mount_Drive() {
True_Path=$(echo $Share_Path | sed 's//////'$Current_User'@/g')
logger "Sharemount:$Share_Name Attempting to mount $True_Path"
sudo -u $Current_User osascript -e 'mount volume "'$True_Path'"'
}

##### START #####

# escape parameter values in curly braces, else double digit parameters (10-11) be ignored!
if [ "${4}" != "" ]; then
    Share_Path="${4}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
    else
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 2
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${5}" != "" ]; then
    Share_Path="${5}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${6}" != "" ]; then
    Share_Path="${6}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${7}" != "" ]; then
    Share_Path="${7}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${8}" != "" ]; then
    Share_Path="${8}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${9}" != "" ]; then
    Share_Path="${9}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${10}" != "" ]; then
    Share_Path="${10}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi

if [ "${11}" != "" ]; then
    Share_Path="${11}"
        Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
        if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
        sleep 4
        Mount_Drive
        else
        logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
        fi
fi


##### End seperate process #####
) &

##### FIN #####

mark_mahabir
Valued Contributor

We could never get a Configuration Profile for this working reliably in Sierra, so in the end we went with something very similar to macmule’s suggested workflow:

https://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/

perweilerg
New Contributor III

Has anyone been able to get this to work in MacOS 10.13 or 10.14 without the additional script?

mark_mahabir
Valued Contributor

The network shares feature of NoMAD is also well worth a look.

Hugonaut
Valued Contributor

@perweilerg

Here is a generic version of an applescript I created and saved as a run only application, then deployed to the users that require it. We have a mac os server set up with vpn running because we only allow encrypted smb for our server connections. hope this helps anyone looking for an easy work around. it is very easy to use for the end user and mounts the drive prompting them to login with whatever credentials. The Vpn (myvpn in the script) is deployed via jamf. The applescript run only app is added to the end users dock for easy to use click and connect.

-- Set Ad Privvies
set UNAME to "admin"
set PASSW to "password"
try
    do shell script "open /System/Library/CoreServices/Menu\ Extras/VPN.menu" user name UNAME password PASSW with administrator privileges
    tell application "System Events"
        tell current location of network preferences
            set myVPN to the service "Institution VPN"

            if myVPN is not null then

                -- if connected, prompt user to connect or disconnect
                if current configuration of myVPN is connected then
                    set ondialog to display dialog "You are Securely Connected to the Institution Virtual Private Network, What would you like to do?" with title ("Institution VPN Notification") buttons {"Stay Connected", "Mount Institution Drive", "Disconnect"} default button "Stay Connected" with icon alias (POSIX file "/Path/To/Icon/icon2.gif")
                    if button returned of ondialog is "Disconnect" then
                        disconnect myVPN
                        display dialog "You are no longer connected to the Virtual Private Network." with title ("Institution VPN Notification") buttons {"Ok"} default button "Ok" with icon alias (POSIX file "/Path/To/Icon/icon2.gif")
                        do shell script "Killall /Path/To/User Server Connect.app" user name UNAME password PASSW with administrator privileges
                    end if

                    if button returned of ondialog is "Mount Institution Drive" then
                        mount volume "smb://server.sample.edu"
                        do shell script "Killall /Path/To/User Server Connect.app" user name UNAME password PASSW with administrator privileges
                    end if

                end if


                -- if not connected, prompt user to connect or stay disconnected
                if current configuration of myVPN is not connected then
                    set nodialog to display dialog "You are not Securely Connected to the Institution Network, Would you like to Connect?" with title ("Institution VPN Notification") buttons {"Yes", "No"} default button "Yes" with icon alias (POSIX file "/Path/To/Icon/icon2.gif")

                    if button returned of nodialog is "Yes" then
                        connect myVPN
                        set yesdialog to display dialog "Connection Secured. Institution Drive will now be Mounted." with title ("Institution VPN Notification") buttons {"Ok"} default button "Ok" with icon alias (POSIX file "/Path/To/Icon/icon1.gif")
                        if button returned of yesdialog is "Ok" then
                            mount volume "smb://server.sample.edu"
                        end if
                    end if

                    if button returned of nodialog is "No" then
                        tell application "Institution VPN"
                            quit
                        end tell
                    end if

                end if
            end if
        end tell
        return 60
    end tell
end try
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman

ace12840
New Contributor

Any updates here?
Still can't get network drives to mount, at login, in login items, on 10.13 and 10.14 using Configuration Profiles.

I have about 180 Mac Users, so having this Configuration Mobile break when users upgrade is a main, as we have to manually map each network drive (we have a ton, each varying depending on the users job role and division).

Our support team says the following "After testing internally we have confirmed this is an Apple Bug, we have reported this to Apple. Apple confirmed this behavior as a bug and opened a RADAR ticket for the same. You can follow-up the status of this bug with Apple with this RADAR 42659924, if you are an Enterprise customer."

pditty
New Contributor

I am experiencing this also. I called Jamf Support today and recreated the issue with support. Plan is to upload our Config Profile to Jamf for further evaluation. I will also include this thread/post in hopes Jamf provides info after a solution is found.

Update: Here is the email I received from support.

There were changes made to both High Sierra and Mojave that has resulted unsuccessful attempts when it comes to mounting network shares correctly. We have documented the issue as PI-004507 and PI-006555.

As for an alternative workflow to mount the shares we can utilize a script that I have linked below. https://www.jamf.com/jamf-nation/third-party-products/files/476/mountnetworkshare-sh-mount-a-network-share
mountNetworkShare.sh -- Mount a network share | Jamf Nation
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world.Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other.
www.jamf.com

Another workflow we may be able to utilize would be to use a Dock Configuration Profile to use "Dock Items" to mount a share, which also accepts parameters to autofill the user who is assigned to the machine. All they will need to do is enter their password.

Example:

smb://$USERNAME:@ServerName/ShareName

Alternatively if it's just a standard share they can use an account that has mount access

smb://mountUser:mountPass@ServerName/ShareName

rstasel
Contributor III

So I'm curious how people are addressing this. With 10.14, running the script on login requires the script be signed, and we're having trouble getting that to stick (signing the script works, but then packaging the script to deploy breaks the signing).

Thanks!

UPDATE: Figured it out. You have to include some flags when building the package so it maintains the extended attributes.

aburrow
Contributor

Has there been any update to this issue. I notice Apple has a bug report logged and Jamf have 2 issues for it. I've tried the script as recommended by pditty however it errors trying to find "smbclient"