MacOS - Map Network Drives

rsgammato
New Contributor

We are looking to map 2 network drives based off of the AD user that is currently logged in. We used to manage these iMacs using Profile Manager and in the Login Items payload there was a section called Authenticated Network Mounts but Jamf Pro does not have this. It seems simple but I'm not familiar with custom scripts/how to implement them using Jamf Pro. Any help would be greatly appreciated!

12 REPLIES 12

mark_mahabir
Valued Contributor

This method works really well for us.

We just package up the launchagent and application in a PKG, and scope to our Macs (which use NoMAD) at enrollment time.

kyleblanc
New Contributor III

The above Macmule post is essentially what I used when I had AD managed Macs with user specific drives to mount. Had a version in Self Service that users could run as well as packaging the .app/launchagent for deployment. This has been replaced with Enterprise Connect (highly recommended) currently.

Mudalige
New Contributor III

Hi All, I'm very new to MAC and we bought a jamf pro cloud license for our school. Currently not using LDAP as this is on cloud based and in near future I will be implementing Jamf Infrastructure Manager on DMZ to sync our on premise AD through JIM. Devices are already enrolled in JAMF and Bound to AD as well. I would like to mount our network AD student home drives to the devices when student log in. I have tried to map these using configuration policies. However, it seems to be nothing is mapping at the moment. would anyone be able guide me with how to set this up ? Thanks in advance.

ega
Contributor III

We use a policy with a login event trigger that has a Files and Processes option with the Execute Command field set to /usr/bin/open smb://server/path/path
If kerberos tickets exist (they should if the device is bound) the end user will just see the volume as usual, if not they will be prompted to authN. Of course if the device is off site then vpn might be needed before this would work.

obi-k
Valued Contributor II

howie_isaacks
Valued Contributor II

Why not use the Login Items payload in a configuration profile? I have done this on AD bound Macs and it worked really well. The logged in user is irrelevant. All that matters is that they have permissions to access the shares that we define in the profile.
f2fb423083c74961a1e0390518fe9a07

Mudalige
New Contributor III

First of all thanks for the reply of you all. @howie_isaacks I have tried to map a network mount using macOS config profie. However, it mapping the whole domain to students. Not sure why. It doesn't map the particular folder for some reason.

Mudalige
New Contributor III

@ega Could you able to explain how to set this up. I'm sorry I'm very new to MAC world.

dmw3
Contributor III

We use a script which is made available in Self-Service to mount shares, you can add a nice icon so that users can quickly use the correct share mount.
Script below:

#!/bin/bash
#Mounts the requested share if it doesn't already exist
#Accepts shares in the standard form smb://server/share
#In the event of the share being left blank it will attempt to mount the AD home share

#Start seperate process
(
#Initialise variables  
Run_Delay=10
Run_Limit=5
Share_Path=$4
if [ -z "$Share_Path" ]; then
Share_Path="smb://AD-Domain/share"
Share_Name="R-Drive"
else
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
fi
Log_Name=$Share_Name
Current_User=$(stat -f%Su /dev/console)

#Notify start of process
mkdir -p /Library/Logs/Sharemounts
echo "$(date) Sharemount for $Share_Name share started" > /Library/Logs/Sharemounts/Sharemount_"$Log_Name".log

#Loop through attempting to mount share as current user
while [[ -z "$(mount | awk '/'$Current_User'/ && /'$Share_Name'/')" ]] && [[ $Run_Count -lt $Run_Limit ]] ; do
let Run_Count=$Run_Count+1
echo "Sharemount attempt $Run_Count to mount $Share_Name" >> /Library/Logs/Sharemounts/Sharemount_"$Log_Name".log
if [[ "$Current_User" ]] && [[ "$Current_User" != "root" ]] && [[ "$(ps -c -u $Current_User | awk /Finder/)" ]]; then
echo "Sharemount user $Current_User and Finder verified proceeding with mount attempt" >> /Library/Logs/Sharemounts/Sharemount_"$Log_Name".log
if [ "$Share_Path" == "home" ];then
Machine_Domain=$(dscl /Active Directory/ -read . SubNodes | awk '{print $2}')
Share_Path="smb:$(dscl "/Active Directory/$Machine_Domain/All Domains" -read /Users/$Current_User SMBHome | awk '{print $2}' | sed 's/\///g')"
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"
fi
echo Sharemount attempting to connect to $Share_Path >> /Library/Logs/Sharemounts/Sharemount_"$Log_Name".log
su -m $Current_User -c /usr/bin/osascript<<END
tell application "Finder"
mount volume "$Share_Path"
end tell
END
sleep 1
else
echo "Sharemount user $Current_User or Finder failure refreshing parameters before next attempt" >> /Library/Logs/Sharemounts/Sharemount_"$Log_Name".log
fi
if [[ -z "$(mount | awk '/'$Current_User'/ && /'$Share_Name' /')" ]]; then
sleep $Run_Delay
Current_User=$(stat -f%Su /dev/console)
fi
done

#Test for and output results
if [[ -z "$(mount | awk '/'$Current_User'/ && /'$Share_Name' /')" ]]; then
echo "$(date) Sharemount for $Share_Name share FAILED" >> /Library/Logs/Sharemounts/Sharemount_"$Log_Name".log
else
echo "$(date) Sharemount for $Share_Name share SUCCEEDED" >> /Library/Logs/Sharemounts/Sharemount_"$Log_Name".log
fi
) &
#End seperate process

ybai9
New Contributor II

hello if I want to authenticate to the network drive with only one account on different AD user accounts how should I modify the script?

 

howie_isaacks
Valued Contributor II

@Mudalige I didn't know you needed a full path to a folder. I guess instructing users how to find the folder they need is not doable at least until you get this figured out? My clients have mostly abandoned traditional file servers, and moved to a service called Egnyte which allows us to offer both a private folder for each user and a company wide file share based on the users' individual and group permissions.

Mudalige
New Contributor III

@howie_isaacks My path for the student share is like on AD domainnameHomeStudentsYear_Xusername
If I translate this to mac mapping version
Would this be smb://domainname/home/Students/Year_X/%username%

Please correct me if I'm wrong