Jamf Nation Community

@calumhunter Well, basically i have 10.9.2 and Casper v9.51 joined the machines to AD and it used to mount when i was on 10.8.5 the network share mount that is but for some reason it doesn't. AD admins states theres a logon script designed to do this from AD works like a charm on PC side but on mac side cant get it to mount. however, using WGM to mount other drives works surprisingly well... lost at where should i look.

How are you joining your machines to AD? script? JSS binding?
Can you mount the users home directory from the Connect to service dialog?

Is the homeDirectory attribute in AD populated correctly?

How are you attempting to mount the AD home directory? Letting the AD Plug in do it? Scripting it? Using workgroup manager? Also while we are here - start moving away from Workgroup manager, its deprecated (http://support.apple.com/kb/HT5308

@calumhunter Joing them using JSS bindning
I can mount using the dialog manually yes When you say populated in AD you mean the field that states the home directory path? Because we have a logon script that goes ahead and mounts that on the PC side but doesn't seem to be working on mac but the legacy machines (10.8.5 works???) Want to mount automatically for all users their own unique home share so i guess letting the AD plugin do it. WGM works great with just adding certain things like the ability to edit things from the AD side and it works. Does Profile manger do this ?

thanks for all the help

@Sherdwain, can you post a version of your script?

Also, how are the 10.8 macs running the script?

@bentoms The script is located on the AD server and thats whats used for the PC users it mounts it somehow. Now it used to work with AD and 10.8 but ever since the 10.9 upgrade....Nothing. But I'm not trying to use a script i'd like the AD plugin to pull this from AD and auto mount it like i do when i use WGM.

Are these network home locations? So, the location on the server houses the users home directory? If so, check that in Directory Utility you have the check box set to "use UNC path from Active Directory to derive network home location." If AD is configured correctly and you use network homes this will auto mount that location.
I can't stress this enough that if you're on local home directories this will totally ruin things.

I don't think there's enough info about your environment.

@Sherdwain, as JDP says. More information required.

But reading between the lines, I guess your using OD to map the drives? Something along the lines of what's called "the magic triangle"

If so, are your 10.9 macs pointing to the OD server as well as OD? Also, what OS is your server running OD?

@bentoms and JDP at one time i did have the golden triangle set up..but i've since moved away from this by turning off my OD server and migrating everything with 10.9 and only using Casper and AD as the way to manage all devices. the "use UNC path" is checked and the location of the home directory is working. However, the Network share mount (//Server/Users/User) isn't mounting. When looking in Active directory under a user account the TAB to add the network home path is greyed out but under script theres a logon script. After working with the AD admin this morning, he somehow got the mount to show up however, it only mounted the //server/Users therefor making my permissions invalid because i only have access to //server/Users/User which my short name in place of user. So now I'm stuck because I'm thinking this only worked because of the Golden triangle setup i had before and now it doesn't work because i moved away from it. So all other network drives work however when using WGM to go ahead and make the adjustments from AD. that works like a charm but it just doesn't mount the network home share as in //server/users/user hopefully gave enough information let me know if i need to give more.

thanks

@Sherdwain, so when you say WGM.. What is WGM pointing to? Your AD? Have you extended it?

Work Group Manger > pointing to AD and yes i've extended it.

You said that you've turned off OD. Does that mean machines are only bound to AD? If so then WGM isn't doing anything for you now. Or maybe I'm reading wrong here.
What's the aversion to a script? We run a launch agent with script to mount several shares for our users via Kerberos. There are many ways to skin that cat.

sorry guys I'm explaining this incorrectly. So turned off OD but WGM is still feeding off my OD server Info, so if for instance i want to change a mount point i'd use WGM and this works like a charm and the client machines isn't even bound to OD only AD..so maybe i did some magic but it works. Now making this work with Profile manager.. another story but i won't get into that its just mounting the network share.

I'm out. I haven't used WGM since 10.5 and even then I used scripts for mounting as I found them more reliable. I wish I could have been more helpful.

@Sherdwain, hmmm.. If OD is off, then clients should not get updated mappings.

In WGM, when adding the shares are you pointing to your AD?

Thanks for your help JDP and @bentoms its pointing to the AD yes. nothing else. And JDP how do you mount network shares for users? and their Home Directory ?

thanks

We don't use network homes our users have cached local accounts but I mount several shares for them on login.

I run a launch agent, a plist file dropped in /Library/Launch Agents, to call a script at login. There is logic to determine the user and the building they are in, which tells me which share to mount. It also looks for some AD group memberships to mount specific curriculum shares. The part of the script that mounts the shares is;

mkdir /Volumes/H mount -t smbfs //"$building"fileserver.domain.com/Users/$USER /Volumes/H

$building is a variable that pulls their 2 digit building code from AD and $USER is a built in variable that pulls the users short name. I'm hesitant to post the whole thing because, security, : ) Mounting like this uses the Kerberos ticket to mount the share and appears to the user like SSO. No credentials are asked for as long as the ticket is still valid. I've been using this script for 3 years now and have been mounting our shares with a script of some kind since 10.5.

hey @bentoms thanks for all your help! anyway i can reach out ? let me know thanks

Similar process as JDP. But instead of on the client, it's a policy on the JSS.

The only thing , some times the created folders stay in /Volumes/ . rebooting the computer seems to clean out any folders that gets stuck in /Volumes/ .

@Sherdwain, here or ##OSX-Server really.

Is this still an issue? Perhaps open a new thread describing it in detail?

@bentoms not having the issue any longer. just wanted to reach out if possible.

thanks

@Sherdwain, ok.. Maybe: https://macmule.com/contact/