- Jamf Nation Community
- Products
- Jamf Pro
- Mapping Home and AD shares using Policy
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Mapping Home and AD shares using Policy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-02-2014 11:32 AM
Good afternoon,
I have adapted (to the best of my ability) the apple script from MacMule to mount SMB home and at least one AD Share. I can double click and run the script manually from the client desktop but I have yet to get it to run via policy in JSS at login. The log reports that the script ran OK (I think) but the volumes do not show up or mount. I am sure I am missing something super simple but I am too new to scripting at this level to know what it is. (I have scrubbed server and policy names).
Log report
Status Completed
"Executing Policy Map PolicyName"...
Mounting itosxserver to /Volumes/CasperShare...
Running script MyScript.scpt...
Script exit code: 0
Script result:"
Here is the meat of the script:
-- Get the logged in users username
set loggedInUser to do shell script "whoami"
set accountType to do shell script "dscl . -read /Users/" & loggedInUser & " | grep UniqueID | cut -c 11-"
-- Get the Users account UniqueID
set accountType to do shell script "dscl . -read /Users/" & loggedInUser & " | grep UniqueID | cut -c 11-"
-- Get the nodeName from the Users account
set nodeName to do shell script "dscl . -read /Users/" & loggedInUser & " | awk '/^OriginalNodeName:/,/^Password:/' | head -2 | tail -1 | cut -c 2-"
-- Get the Users group membership from AD
set ADGroups to do shell script "dscl " & quoted form of nodeName & " -read /Users/" & loggedInUser & " | awk '/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msExchHomeServerName:/'"
-- Get the Users AD Home Folder
set ADHome to do shell script "dscl " & quoted form of nodeName & " -read /Users/" & loggedInUser & "| grep SMBHome: | cut -c 10- | sed 's/\///g' "
-- Checks to see if account is an AD Account, if its not exit
if accountType is less than 1000 then
tell me to quit
end if
------------------------------
--- Drives
------------------------------
--Home Folder -- Maps the drive specified in the profile field for the AD User continue if user has no profile path set
try
mount volume "smb:" & ADHome
on error
end try
-- Checks Group Membership for ADGroups contains user & if they -- are in the correct groups, mount shares. ---------
if ADGroups contains "GroupName-SharedStorage-GG" then
mount volume "smb://server.XXX.XXX/My Share Name"
end if
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-02-2014 11:37 AM
Hi @Diddel,
JSS polices run as root.. To that will be why you're not seeing the drive map.
As per the example in that post of mine, can you try running it via a LaunchAgent? This then runs as the user.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-02-2014 04:02 PM
I have it working using the LaunchAgent. I assigned 755 to the file and manually put it in the piper folder and it tests OK on my Test Mac. Aside from a snapshot/composer/package way of doing it, is there a more elegant way to push the plist? In other words, since I have basically patched it together, what is the best way to make this happen seamlessly?
And BTW, @bentoms I value your site site! I have learned so much from it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-02-2014 04:06 PM
I normally package up the launchd plist but you can also use the defaults write command to create it via a script if you don't want to deploy a package.
