Posted on 07-29-2024 09:06 AM
Hi,
Does anyone use a Mac script to mount AD SMB Path as home folder. I am trying to get it working but struggling to get it to mount the SMB path.
The current script looks at the current user in AD and gets the SMB Path. But doesn't mount it. Does anyone use a script to do the same?
Script:
#!/bin/bash
# Log writing function
writelog() {
echo "$(date): $1" | tee -a /var/log/smb_mount.log
}
writelog "STARTING: User drive mount"
# Check if the user's personal network drive is already mounted
isMounted=$(mount | grep -c "/Volumes/$USER")
if [ $isMounted -ne 0 ]; then
writelog "Network share already mounted for $USER"
exit 0
fi
# Retrieve SMBHome attribute for the current user
writelog "Retrieving SMBHome attribute for $USER"
ShortDomainName=$(dscl /Active\ Directory/ -read . | grep SubNodes | sed 's|SubNodes: ||g')
adHome=$(dscl /Active\ Directory/"$ShortDomainName"/All\ Domains -read /Users/$USER SMBHome)
if [ $? -ne 0 ]; then
writelog "ERROR: Cannot read ${USER}'s SMBHome attribute from '/Active Directory/$ShortDomainName/All Domains'. Exiting script."
exit 1
else
adHome=$(echo "${adHome}" | sed 's|SMBHome:||g' | sed 's/^[\\]*//' | sed 's:\\:/:g' | sed 's/ \/\///g' | tr -d '\n' | sed 's/ /%20/g')
fi
# Check if the SMBHome attribute is populated
if [ -z "$adHome" ]; then
writelog "ERROR: ${USER}'s SMBHome attribute does not have a value set. Exiting script."
exit 1
else
writelog "Active Directory user's SMBHome attribute identified as $adHome"
fi
# Mount the network home
osascript <<EOT
try
mount volume "smb://${adHome}" as user name "$USER" with password "$PASSWORD"
on error errMsg number errNum
tell application "System Events" to display dialog "Failed to mount SMB share: " & errMsg buttons {"OK"} default button 1
end try
EOT
# Check if mount was successful
if mount | grep "/Volumes/$USER"; then
writelog "SMB share mounted successfully."
else
writelog "Failed to mount SMB share."
exit 1
fi
# Set the SMB share as the home directory
writelog "Setting SMB share as home directory"
dscl . -create /Users/$USER NFSHomeDirectory "/Volumes/$USER"
writelog "Script completed"
exit 0
07-29-2024 09:11 AM - edited 07-29-2024 09:13 AM
its been a very long time, but im not sure this is supported in the OS now. Even when it was, it was very much 'a bad idea' .
password variables in scripts is also a no no..
Posted on 07-29-2024 09:19 AM
The issue we have is that we cannot have local folders as the students will save to the local mac. I guess the way would be to have a shortcut on the dock and mount the SMB Path as a network drive instead?
Posted on 07-29-2024 10:11 AM
shortcuts in dock for networks shares are also a bad idea. If you still using on prem AD then NoMAD might work
Posted on 07-29-2024 10:23 AM
We create AppleScripts Apps and place them in the Dock. It runs like any .app bundle.
Might work for you?
https://community.jamf.com/t5/jamf-pro/smb-desktop-dock-items/td-p/35603
07-29-2024 10:45 AM - edited 07-29-2024 10:45 AM
Word of warning, NoMad is totally end of life, it was EOLed in December of 2023. I would advise against adopting any workflows that use NoMad. All of NoMads functions have been baked into Jamf Connect.
Posted on 07-29-2024 10:46 AM
RIP NoMAD.. outside the loop on this.. just trying to help 😎
Posted on 07-29-2024 10:51 AM
There is not a way to do what you are wanting that I am aware of. Generally speaking, Apple considers SMB shares to be old news, and as macOS is pretty much full speed ahead to modern authentication. There is really no automation behind mapping SMB shares. Either the user does it manually (at least the credential's part), or it does not get mapped. However, Jamf Connect has some functionality to automatically map SMB shares.
I strongly suggest looking into tools like OneDrive, Google Drive and Box; unfortunately, iCloud Drive is usually best avoided. These tools support modern authentication, and you can force sync the macOS home drive path to the storage providers. Apple is not very friendly with tech debt.
Posted on 07-29-2024 11:06 PM
I will look at Google Drive and force syncing hold drive path.
Now AD Binding is not recommended. What are the current alternatives? I am aware of JamF Cloud.
Posted on 07-30-2024 07:01 PM
AD Binding has been against recommendations for over a decade now. Apple is local account driven, and their accommodation of on demand account creation aside of using setup assistant has been very lacking.
There are two main offerings that supplement domain binding for account creation and management.
Other functions of domain binding like ADCS certificates also have counter solutions, but they are a bit more involved and would be very specific to your use case.