Mac script to mount AD SMB Path as home folder

lavenderk
New Contributor

Hi,

Does anyone use a Mac script to mount AD SMB Path as home folder. I am trying to get it working but struggling to get it to mount the SMB path.

The current script looks at the current user in AD and gets the SMB Path. But doesn't mount it. Does anyone use a script to do the same?

 

Script:

#!/bin/bash

# Log writing function
writelog() {
echo "$(date): $1" | tee -a /var/log/smb_mount.log
}

writelog "STARTING: User drive mount"

# Check if the user's personal network drive is already mounted
isMounted=$(mount | grep -c "/Volumes/$USER")

if [ $isMounted -ne 0 ]; then
writelog "Network share already mounted for $USER"
exit 0
fi

# Retrieve SMBHome attribute for the current user
writelog "Retrieving SMBHome attribute for $USER"
ShortDomainName=$(dscl /Active\ Directory/ -read . | grep SubNodes | sed 's|SubNodes: ||g')

adHome=$(dscl /Active\ Directory/"$ShortDomainName"/All\ Domains -read /Users/$USER SMBHome)
if [ $? -ne 0 ]; then
writelog "ERROR: Cannot read ${USER}'s SMBHome attribute from '/Active Directory/$ShortDomainName/All Domains'. Exiting script."
exit 1
else
adHome=$(echo "${adHome}" | sed 's|SMBHome:||g' | sed 's/^[\\]*//' | sed 's:\\:/:g' | sed 's/ \/\///g' | tr -d '\n' | sed 's/ /%20/g')
fi

# Check if the SMBHome attribute is populated
if [ -z "$adHome" ]; then
writelog "ERROR: ${USER}'s SMBHome attribute does not have a value set. Exiting script."
exit 1
else
writelog "Active Directory user's SMBHome attribute identified as $adHome"
fi

# Mount the network home
osascript <<EOT
try
mount volume "smb://${adHome}" as user name "$USER" with password "$PASSWORD"
on error errMsg number errNum
tell application "System Events" to display dialog "Failed to mount SMB share: " & errMsg buttons {"OK"} default button 1
end try
EOT

# Check if mount was successful
if mount | grep "/Volumes/$USER"; then
writelog "SMB share mounted successfully."
else
writelog "Failed to mount SMB share."
exit 1
fi

# Set the SMB share as the home directory
writelog "Setting SMB share as home directory"
dscl . -create /Users/$USER NFSHomeDirectory "/Volumes/$USER"

writelog "Script completed"
exit 0

9 REPLIES 9

jamf-42
Valued Contributor II

its been a very long time, but im not sure this is supported in the OS now. Even when it was, it was very much 'a bad idea' . 

password variables in scripts is also a no no..

lavenderk
New Contributor

The issue we have is that we cannot have local folders as the students will save to the local mac. I guess the way would be to have a shortcut on the dock and mount the SMB Path as a network drive instead?

jamf-42
Valued Contributor II

shortcuts in dock for networks shares are also a bad idea. If you still using on prem AD then NoMAD might work

https://nomad.menu/products/

 

obi-k
Valued Contributor III

We create AppleScripts Apps and place them in the Dock. It runs like any .app bundle. 

Might work for you?

https://community.jamf.com/t5/jamf-pro/smb-desktop-dock-items/td-p/35603 

AJPinto
Esteemed Contributor

Word of warning, NoMad is totally end of life, it was EOLed in December of 2023. I would advise against adopting any workflows that use NoMad. All of NoMads functions have been baked into Jamf Connect.

jamf-42
Valued Contributor II

RIP NoMAD.. outside the loop on this.. just trying to help 😎

AJPinto
Esteemed Contributor

There is not a way to do what you are wanting that I am aware of. Generally speaking, Apple considers SMB shares to be old news, and as macOS is pretty much full speed ahead to modern authentication. There is really no automation behind mapping SMB shares. Either the user does it manually (at least the credential's part), or it does not get mapped. However, Jamf Connect has some functionality to automatically map SMB shares.

 

I strongly suggest looking into tools like OneDrive, Google Drive and Box; unfortunately, iCloud Drive is usually best avoided. These tools support modern authentication, and you can force sync the macOS home drive path to the storage providers. Apple is not very friendly with tech debt.

I will look at Google Drive and force syncing hold drive path.

Now AD Binding is not recommended. What are the current alternatives? I am aware of JamF Cloud.

AJPinto
Esteemed Contributor

AD Binding has been against recommendations for over a decade now. Apple is local account driven, and their accommodation of on demand account creation aside of using setup assistant has been very lacking.

 

There are two main offerings that supplement domain binding for account creation and management.

  • Platform SSO - Native to macOS, supports on demand account creation as of macOS 14. Unfortunately IDP support is a bit lacking with only Entra and Okta supporting it.
  • Jamf Connect - Product created by Jamf, has supported on demand account creation since long before Platform SSO was a concept and is fairly mature. Has pretty decent IPD support with most of the major players having integrations. 

 

Other functions of domain binding like ADCS certificates also have counter solutions, but they are a bit more involved and would be very specific to your use case.