Posted on 03-19-2017 07:42 PM
Hi All,
I'm having trouble using a script to automatically map 2 share drives.
we can manually connect them using Cmd+K without the need for credentials but for some reason the scripts we are using do not work on Sierra, however, they did work on Mavericks.
Regards.
Solved! Go to Solution.
Posted on 03-22-2017 05:57 PM
To call an Applescript command from Shell you need to wrap an osascript command around it.
You probably also want to run it as the current user hence the sudo -u, $3 defaults to the current user during a casper login policy.
Also note the single quotes around the whole osascript command.
sudo -u $3 osascript -e 'mount volume "afp://dsc-macserv/Students"'
Posted on 03-19-2017 07:59 PM
Sierra you have explicity tell it to connect to unknown servers for this to work, presumably more secure with it disabled, but somewhat less functional as well...
defaults write /Library/Preferences/com.apple.NetworkAuthorization AllowUnknownServers -bool YES
Posted on 03-20-2017 02:19 PM
@Look - you mean that for sierra to run scripts to mount share drives i have to tell it with that?
Posted on 03-20-2017 03:42 PM
Yes as I understand it by default Sierra will not pass credentials to previously unknown servers, this means that if you script connecting to a new share it will not authenticate automatically and will prompt for credentials.
Not sure why Cmd+K doesn't, perhaps it assumes trust because you manually entered the servername.
Posted on 03-20-2017 05:08 PM
well, the script is not asking for credentials, is just not doing anything .it doesn't ask for credential and do not map a drive. I don't know if maybe my script its wrong as im just using an old script that was in our Casper server from the previous technician and he left no documentation on it.
Posted on 03-20-2017 05:16 PM
I had to add a few seconds extra delay before mounting in our script for Sierra, it depends how you mount it, I like to call the system or finder with osascript to do it and it needs the UI to be properly loaded to work.
It's possible it's this.
Posted on 03-20-2017 05:19 PM
that i wouldnt know, are you able to share with me the way you mount your share drives? script? composer? other?
The policy that was set up its running a script , it works on mavericks and doesnt on sierra
Posted on 03-20-2017 06:41 PM
We are an AD bound environment.
Everyone seems to do it a little different, personally I do it with a script run directly out of a Casper policy on login with a seperate policy for each share, you pass the share path as an argument. I also make it available in Self Service.
The script itself has no security checks etc... and it is expected that you use the scoping to determine who it runs for.
#!/bin/bash
#2017 Version Samuel Look
#All care no responsibility
#Mounts the requested share if it doesn't already exist if left blank it will attempt to mount AD SMBhome
#Accepts shares in the form smb://server/share
#Intended to be run as a Login policy from Casper on AD bound machines only and has only been tested in this context.
##### Start seperate process #####
(
##### SUBROUTINES #####
Share_Path_Valid() {
if [[ -z "$Share_Path" ]]; then
Machine_Domain=$(dscl /Active Directory/ -read . SubNodes | awk '{print $2}')
Share_Path="$(dscl "/Active Directory/$Machine_Domain/All Domains" -read /Users/$Current_User SMBHome | awk '!/is not valid/' | sed -e 's/SMBHome: /smb:/g' -e 's/\///g')"
fi
if [[ "$Share_Path" ]]; then
logger "Sharemount:$Share_Name Path check PASS $Share_Path"
return 0
else
logger "Sharemount:$Share_Name Path check FAIL"
return 1
fi
}
#####
User_Ready() {
Loop_End=$((SECONDS + 60))
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
while [[ -z "$Current_User" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
done
if [[ "$Current_User" ]]; then
logger "Sharemount:$Share_Name User check PASS $Current_User"
return 0
else
logger "Sharemount:$Share_Name User check FAIL"
return 1
fi
}
#####
Finder_Ready() {
Loop_End=$((SECONDS + 60))
while [[ -z "$(ps -c -u $Current_User | awk /CoreServicesUIAgent/)" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
done
if [[ "$(ps -c -u $Current_User | awk /Finder/)" ]]; then
logger "Sharemount:$Share_Name Finder check PASS"
return 0
else
logger "Sharemount:$Share_Name Finder check FAIL"
return 1
fi
}
#####
Not_Mounted() {
if [[ -z "$(mount | awk '/'$Current_User'/ && //'$Share_Name' /')" ]]; then
logger "Sharemount:$Share_Name Mount check PASS $Share_Name"
return 0
else
logger "Sharemount:$Share_Name Mount check FAIL already mounted"
return 1
fi
}
#####
Mount_Drive() {
True_Path=$(echo $Share_Path | sed 's//////'$Current_User'@/g')
logger "Sharemount:$Share_Name Attempting to mount $True_Path"
sudo -u $Current_User osascript -e 'mount volume "'$True_Path'"'
}
##### START #####
Share_Path=$4
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 3
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi
##### End seperate process #####
) &
##### FIN #####
Posted on 03-22-2017 05:34 PM
@Look - I tried to tell the machine to connect to unknown server and told it could not write on it.
this is the script we currently have
mount volume "afp://dsc-macserv/Students"
mount volume "afp://dsc-macserv/Public"
exit 0
if I copy the command to apple script editor which supposedly that's how they were done and they work.
is there a new script i can adapt to fix this problem?
Posted on 03-22-2017 05:57 PM
To call an Applescript command from Shell you need to wrap an osascript command around it.
You probably also want to run it as the current user hence the sudo -u, $3 defaults to the current user during a casper login policy.
Also note the single quotes around the whole osascript command.
sudo -u $3 osascript -e 'mount volume "afp://dsc-macserv/Students"'
Posted on 03-22-2017 07:15 PM
@Look - Legend it worked perfectly.
Posted on 09-27-2017 08:16 AM
Our network home directories are structured smb://SERVER/homedirs/USERNAME with the homedirs folder being the share point and then each user having access on their own folder below it. We have this structure as it makes AD account creation much simpler. We previously had each users folder as individual sharepoint however this wasn't ideal.
This structure works great in the Windows world where their folder is mounted as a lettered drive. In the mac world we're using @Look 's excellent script above and it's working ok, the folder is mounted and shows on the users desktop thanks to a config profile turning on show connected servers.
Unfortunately when users go to save files in applications in the Finder sidebar they have the server mounted under Shared sharepoint being the homedirs folder they have to search through all the user folders to find their own. We have considered turning on User Based Enumeration in Windows Server to filter it to show only the folders they have access to, so basically their own, however the CPU strain this would put on the server has pretty much ruled that out.
Therefore I'm trying to see if can combine @Look 's script with the mysides tool to add their mounted AD network home directory as a Favorite in the Finder sidebar.
We have mysides located on the local machine at /usr/local/bin/ and I've got it working in a basic means by adding the following to the bottom of the mounting script:
/usr/local/bin/mysides add networkhomedir file:///volumes/$Current_User
However this is a bit of a bodge as it assumes the the name of their network home directory folder is the same as their username. Does anyone know of a clever means of doing this, basically pulling out the name of the mounted folder which has been created in /volumes/ and then passing that across to mysides?
I'm guessing that in theory it could then be used to add other, non-home directory, shares that are mounted using @Look 's script.