Help

Mount Network Share script not working on 10.8 clients

ckeenan
New Contributor

Posted on ‎02-22-2013 09:01 AM

We have been using a modified version of the mountnetworkdrive script that came with the resource kit. We run a policy that clears out any old kerberose tickets and then set the script to run at login. Anyone have this old script working in10.8?
Here's our modified script:

# HARDCODED VALUES SET HERE
shareUsername="$3" #The username of the user to be used to mount the share - leaving this to $3 will mount the share as the currently logged in user
authType="kerberos" #Valid values are "kerberos" (default) or "password"
password="" #Note this only needs to be set if authentication type is "password"
mountType="afp" #The type of file share. Valid types are "afp", "smb", or "dfs". DFS only supports the "kerberos" authentication method
share='srvrnt07.amherst.edu/Userfiles' #The address of the share you are mounting - if left blank, the script will search for the "SMBHome" attribute in the user record #Example Values: #SMB Share: smb://server.company.com/share #AFP Share: afp://server.company.com/share #DFS Path: server.company.comdfsroot arget

# CHECK TO SEE IF A VALUE WERE PASSED IN FOR PARAMETERS $3 THROUGH $9 AND, IF SO, ASSIGN THEM

if [ "$4" != "" ] && [ "$shareUsername" == "" ]; then shareUsername=$4
fi

if [ "$5" != "" ] && [ "$authType" == "" ];then authType=$5
fi

if [ "$6" != "" ] && [ "$password" == "" ]; then password=$6
fi

if [ "$7" != "" ] && [ "$mountType" == "" ]; then mountType=$7
fi

if [ "$8" != "" ] && [ "$share" == "" ];then share=$8
fi

####################################################################################################
# # SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################
loginUsername="$3"
OS=/usr/bin/defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print substr($1,1,4)}'

if [ "$loginUsername" == "" ]; then echo "Error: This script must be run at the login trigger. Please correct the trigger that is being used to run the policy." exit 1
fi

if [ "$authType" == "" ]; then echo "Error: The parameter 'authType' is blank. Please specify the auth type you would ike to use. Valid values are 'password' or 'kerberos'" exit 1
fi

if [ "$mountType" == "" ]; then echo "Error: The parameter 'mountType' is blank. Please specify the mount type you would ike to use. Valid values are 'afp', 'smb', or 'dfs'" exit 1
fi

if [ "$mountType" == "dfs" ] && [ "$authType" == "password" ]; then echo "Error: The DFS mount type only supports kerberos authentication." exit 1
fi

if [ "$mountType" == "dfs" ] && [ "$share" != "" ]; then #Convert the characters in the share over to the proper format share="\$share"
fi

if [ "$share" == "" ] && [ "$mountType" != "afp" ]; then #If the share parameter is blank, try to read the SMBHome attribute (home directory) from the LDAP server echo "Attempting to read SMBHome attribute from user record since the 'share' parameter is blank..." share=/usr/bin/dscl /Search read /Users/$loginUsername SMBHome | head -1 | awk '{print $2}' #If the share is still blank, report an error. if [ "$share" == "" ]; then echo "Error: Could not obtain a share from dscl. Please specify the path to the share you would like to mount." exit 1 else if [ "$mountType" == "dfs" ]; then #Convert the characters in the share over to the proper format share="\$share" elif [ "$mountType" == "smb" ]; then #Convert the characters in the share over to the proper format share="\$share" share=echo $share | sed 's:\:/:g' share="smb:$share" fi echo "Share determined to be: $share." fi
fi

#Determine a volume name based on the share
volumeName=echo "$share" | sed 's:\: :g' | sed 's:/: :g' | awk '{print $(NF-0)}'
echo "Volume name will be created as $volumeName..."
if [ -d "/Volumes/$volumeName" ]; then result=ls -A /Volumes/$volumeName if [ "$result" == "" ]; then echo "Removing Empty Directory: /Volumes/$volumeName..." rmdir "/Volumes/$volumeName" else echo "Error: Directory /Volumes/$volumeName is not empty." exit 1 fi
fi

if [ "$authType" == "kerberos" ]; then ##MOUNT A SHARE WITH KERBEROS AUTHENTICATION echo "Attempting to mount $mountType $share using $loginUsername's kerberos ticket..."

#CREATE A LAUNCH AGENT TO MOUNT THE DRIVES /usr/bin/su -l "$loginUsername" -c "/usr/bin/defaults write ~/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName Label -string com.jamfsoftware.mapdrive.$volumeName" if [ "$mountType" == "smb" ] || [ "$mountType" == "dfs" ]; then if [ "$mountType" == "dfs" ]; then #Lookup SMB referral for DFS Share #Convert share into format acceptable for smbclient share=echo $share | sed 's:\:/:g' #Lookup the DFS SMB referral echo " Looking up SMB referral for DFS Share: $share..." share=/usr/bin/smbclient $share -k -c showconnect | tail -1 echo " Share name referral found to be: $share." #Convert referral over to format acceptable for SMB mounting share="smb:$share" fi if [[ "$OS" < "10.6" ]]; then #Convert share over to proper format share=echo $share | sed 's#smb://##g' #Write out a launch agent /usr/bin/su -l $loginUsername -c "/usr/bin/defaults write ~/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName ProgramArguments -array /bin/sh -c "/bin/mkdir /Volumes/$volumeName; /sbin/mount_smbfs //$loginUsername@$share /Volumes/$volumeName"" else #Apple bug in 10.6 prevents us from using mount_smbfs... if that bug gets fixed, we will revert to it

#Write out a launch agent echo "Writing out launch agent to /Users/$loginUsername/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName.plist" /usr/bin/su -l "$loginUsername" -c "/usr/bin/defaults write ~/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName ProgramArguments -array /bin/sh -c replaceMe"

#Convert share over to proper format share=echo $share | sed 's#smb://##g'

#Write in the proper mount command to the plist. Using sed because defaults write doesn't like quotes or double quotes. /usr/bin/su -l "$loginUsername" -c "/usr/bin/plutil -convert xml1 ~/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName.plist" /usr/bin/sed "s:replaceMe:/usr/bin/osascript -e 'mount volume ("smb://$share")':g" "/Users/$loginUsername/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName.plist" > "/private/tmp/com.jamfsoftware.mapdrive.$volumeName.plist.tmp" /bin/mv "/private/tmp/com.jamfsoftware.mapdrive.$volumeName.plist.tmp" "/Users/$loginUsername/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName.plist" /usr/sbin/chown "$loginUsername":staff "/Users/$loginUsername/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName.plist" /bin/chmod 644 "/Users/$loginUsername/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName.plist" fi else #Mount Over AFP Using Kerberos

#Convert share over to proper format share=echo $share | sed 's#afp://##g'

#WRITE OUT LAUNCH AGENT TO MOUNT THE DRIVES /usr/bin/su -l "$loginUsername" -c "/usr/bin/defaults write ~/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName ProgramArguments -array /bin/sh -c "/bin/mkdir /Volumes/$volumeName ; /sbin/mount_afp -N 'afp://;AUTH=Client%20Krb%20v2@"$share"' /Volumes/$volumeName"" fi /usr/bin/su -l "$loginUsername" -c "/usr/bin/defaults write ~/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName RunAtLoad -bool true"

#LOAD THE LAUNCH AGENT if /usr/bin/su -l "$loginUsername" -c "/bin/launchctl list | grep com.jamfsoftware.mapdrive.$volumeName" then echo "Unloading com.jamfsoftware.mapdrive.$volumeName..." /usr/bin/su -l "$loginUsername" -c "/bin/launchctl unload ~/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName.plist" fi echo "Loading com.jamfsoftware.mapdrive.$volumeName..." /usr/bin/su -l "$loginUsername" -c "/bin/launchctl load ~/Library/LaunchAgents/com.jamfsoftware.mapdrive.$volumeName.plist"
else ##MOUNT A SHARE WITH PASSWORD AUTHENTICATION if [ "$password" == "" ]; then echo "It appears that you are attempting to mount a sharepoint using password authentication, but the password parameter is blank. Please enter a password for the 'password' parameter of this script." exit 1 fi echo "Attempting to mount $mountType://$serverAddress/$share using a password..." serverAddress=echo "$share" | sed 's:/: :g' | awk '{print $2}' share=echo "$share" | sed 's:/: :g' | awk '{print $3}' /usr/bin/su "$loginUsername" -c "/usr/sbin/jamf mount -server "$serverAddress" -share "$share" -type "$mountType" -username "$shareUsername" -password "$password""
fi

exit 0

0 Kudos
12 REPLIES 12

jarednichols
Honored Contributor

Posted on ‎02-22-2013 09:35 AM

You're likely hitting a sandboxing issue where certain things are not allowed to cross user contexts. The dead giveaway will be sandboxd throwing deny messages in the console.

Have you tried doing this as a LaunchAgent instead?

0 Kudos

frozenarse
Contributor II

Posted on ‎02-25-2013 07:26 AM

I think that script does make use of LaunchAgents but I could be mistaken.

I don't have our MtnLion stuff fully tested or anything but we are looking at just using the JAMF binary to mount shares at logon and then tear them down at logoff with diskutil. Again... we need to do more testing but it seems to be working. We were using the Resource Kit script for our Lion workstations.

Logon uses this: sudo -u $3 /usr/sbin/jamf mount -server SERVERNAMEHERE -share SHARNAMEHERE -type smb
Logoff uses this: diskutil unmount /Volumes/SHARENAMEHERE

0 Kudos

ckeenan
New Contributor

Posted on ‎02-25-2013 10:45 AM

Are users prompted for authentication?

0 Kudos

frozenarse
Contributor II

Posted on ‎02-25-2013 11:57 AM

No prompts in our testing. Our users are logging in with their domain credentials so it is using kerberos.

0 Kudos

BenDenham
New Contributor

Posted on ‎04-11-2013 06:12 PM

Did you manage to get this to work on 10.8?
I have the amended script running at login on my testing machine running 10.8.3. It says it has run fine in the log but no drive is mapped when logged on.

Any ideas?

0 Kudos

tkimpton
Valued Contributor II

Posted on ‎04-11-2013 09:29 PM

Or you could write an applescript, save it as an app and set it to open at login

0 Kudos

BenDenham
New Contributor

Posted on ‎04-11-2013 10:00 PM

Would you have an example apple script?

0 Kudos

tkimpton
Valued Contributor II

Posted on ‎04-11-2013 10:05 PM

Not at hand it's 6am here. Mine is very long because it goes through and check group membership and mount drives depending on it.

I first started years ago with this

http://hints.macworld.com/comment.php?mode=display&title=Solution%253A+No+Finder+Window&pid=31946

0 Kudos

tkimpton
Valued Contributor II

Posted on ‎04-11-2013 10:08 PM

This is a good example

http://www.theothertomelliott.com/node/232

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎04-11-2013 10:13 PM

This is what I use; http://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/

0 Kudos

tkimpton
Valued Contributor II

Posted on ‎04-11-2013 10:15 PM

Morning Ben

Yep go with Bens if you can :)

0 Kudos

BenDenham
New Contributor

Posted on ‎04-14-2013 11:39 PM

Thanks guys, will try this out!

0 Kudos