Logout Script - Fails to mount with AD account

farverk
New Contributor III

Currently have a policy set to run on logout that runs a keychain cleanup script. Script works like a charm. The issue I'm having is getting the script to run when an AD user logs out. The script works fine when I use a local admin account:

Executing Policy Keychain Remove Test...
Mounting XXXXXX.edu to /Volumes/CasperShare...
Running script keychain_remove.sh...
Script exit code: 0
Script result: Deleted
Disabled Auto Connect

But when an AD user account logs out the system fails to mount the CasperShare:

Executing Policy Keychain Remove Test...
Mounting XXXXXX.edu to /Volumes/CasperShare...
Error: Could not mount distribution point "itscasper01.uncw.edu".

Currently using AFP and I've seen suggestions to move to HTTP downloads but really haven't seen a good explanation as to why or why not to move to HTTP downloads. Anyone have any ideas?

1 ACCEPTED SOLUTION

pblake
Contributor III

You would have the policy run a command. The command would tell the machine to launch the script.
In Policies, look under Files and Processes: Execute Command. Make your command there.

View solution in original post

4 REPLIES 4

pblake
Contributor III

One idea, since it seems to be a failure to mount the JSS share, would be have the script local on machine, and just have the policy call the local script. Added bonus, it would work when offline as well.

farverk
New Contributor III

@pblake , I like the way you are thinking. I attempted to do this by copying the script and using a "local" logout hook but that failed miserably.

How would have have a Casper policy run a script that is stored locally without Mounting the server? Sorry for the simple questions my head hurts from trying to get this to work for one of my building consultants.

pblake
Contributor III

You would have the policy run a command. The command would tell the machine to launch the script.
In Policies, look under Files and Processes: Execute Command. Make your command there.

farverk
New Contributor III

Thanks to @pblake my script now works and I don't have to worry about the mounting issue.

I create two policies. First to copy the keychain remove script down to the local machine. The second command runs the script from command line. Working like a charm!! Thanks again @pblake !!