Help

Mount SMB share and place under Finder Locations or Desktop?

robert1051
New Contributor II

Posted on ‎03-23-2023 10:24 AM

Hello all,

    I've tried difference scripts (bash and AppleScript) but none seem to work for me.  Basically, (and I see this has been asked a lot but varies), I would like for any user that logs into the Macbook, connect to their smb share AND place that drive as a shortcut in either the Locations (in Finder) OR Desktop.  Users should not be prompted for their username and password.  Here's what the smb path looks like:

smb://servername/Userdata/UserName/My%20Documents

Where UserName can be any user that logs in to that Mac device.  But do not prompt for username and password if possible.  If password is a must, then I'll take whatever I can work with.

0 Kudos
Reply
7 REPLIES 7

AJPinto
Honored Contributor III

Posted on ‎03-23-2023 10:57 AM

You can adjust a finder setting (configuration profile) to show network drives on the desktop, or you can make an alias and put it on their desktop.

 

How do you plan on authenticating the network share for the user? The network share needs to get a ticket from somewhere or something to identify and authenticate the user. You either need some 3rd party SSO Plug-In or to configure Apples SSO Extension. The user would still need to log in to the plug-in or Extension to generate a ticket that can be passed to the network share. Apples Platform SSO may change this once that gets off the ground. Once you have a ticket, its a matter of making sure your server supports that ticket and make it use the ticket.

Kerberos Single Sign-on extension with Apple devices - Apple Support

Microsoft Enterprise SSO plug-in for Apple devices - Microsoft Entra | Microsoft Learn

HCS Technology Group - A Guide for Configuring the macOS Catalina Kerberos Single Sign-On Extension ...

0 Kudos
Reply

robert1051
New Contributor II
In response to AJPinto

Posted on ‎03-23-2023 11:24 AM

The Macs are binded to Active Directory.  So I can get it to the point where if a user logs in they get prompted to enter their password to connect to smb server.  This might be fine.  But I can only get it to work if I put the actual username in the UserName field I described in the path.  But users vary.  

0 Kudos
Reply

AJPinto
Honored Contributor III
In response to robert1051

‎03-23-2023 12:07 PM - edited ‎03-23-2023 12:08 PM

Something like this would prompt the user for their password, map the network drive. 

 

#!/bin/bash

loggedInUser=$(/usr/bin/who | awk '/console/{ print $1 }')

echo "Prompting for userToAdd credentials."

## Prompt for Password
userPass=$(/usr/bin/osascript<<END
  tell application "System Events"
  activate
  set the answer to text returned of (display dialog "Enter your Password:" default answer "" with hidden answer buttons {"Continue"} default button 1)
  end tell
END
)

Share="//$UserID:$UserPass@path/to/share"

mount_smbfs -d 777 -f 777 smb:$Share /Users/$loggedInUser

 

 

If Kerberos tickets are happy, something like this should work.

 

#!/bin/bash

loggedInUser=$(/usr/bin/who | awk '/console/{ print $1 }')
Share="SMB://path/to/share"

sudo -u $loggedInUser osascript -e 'mount volume "'$True_Path'"'

 

 

This post has a good script for domain bound devices. It uses Apple Script to mount the share as the currently logged in user. We are not domain bound anymore so I can test to see if it still works.

MacOS - Map Network Drives - Jamf Nation Community - 169764

 

 

Reply

robert1051
New Contributor II
In response to AJPinto

Posted on ‎03-23-2023 01:45 PM

Regarding the latter, I had something like this but the logged in user is right smack in the middle of the smb path.

smb://servername/Userdata/USERNAME/My%20Documents.

How do I replace the username with the current logged in user?

0 Kudos
Reply

Bol
Valued Contributor

Posted on ‎03-25-2023 05:15 AM

Store all the share details in a variable to use later. Or even add the script to a jamf policy and use options to parse the info to your script if you will be using this more than once.

protocol="smb"
serverName="ServerName"
shareName="ShareName"
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
mountPath="${protocol}://${serverName}/${shareName}/${currentUser}/My%20Documents"

For a desktop alias, similar to AJ's answer use Applescript but call as the logged in user;

aliasName="${shareName} drive"
uid=$(id -u "${currentUser}")

runAsUser() {  
launchctl asuser "${uid}" sudo -u "${currentUser}" "$@"
}

runAsUser osascript <<EOT
on listMountedDisks()
    list disks
end listMountedDisks

if (listMountedDisks() does not contain "${shareName}") then
    mount volume "${mountPath}"
end if

set shareMount to POSIX file "/Volumes/$shareName" as alias

tell application "Finder"
    make new alias to shareMount at desktop
    set name of result to "${aliasName}"
    open disk "${shareName}"
end tell

EOT
Also remove another prompt by;

defaults write /Library/Preferences/com.apple.NetworkAuthorization AllowUnknownServers -bool YES
Reply

kbreed27
Contributor
In response to Bol

Posted on ‎10-05-2023 02:05 PM

@Bol I'm always finding your scripts on jamf nation and they are so freakin' helpful. Thank you for taking the time to help us floundering JAMF admins out.

I've taken your scripts here and replaced them with my variables and it works flawlessly. 

I do have a question though, is there someway in the Apple Script to make an if statement to either remove the previous Alias or not create a desktop alias if it already exists?

Basically, I have your script setup to run once per user per computer for the LDAP group that needs to mount a particular share, but then I wanted to make an on-going self-service policy to remount the share in case it needs to be mounted again. When I do this, the self-service policy keeps creating new Aliases whenever it is re-run.  

Reply

Bol
Valued Contributor

Posted on ‎10-05-2023 06:19 PM

@kbreed27 Yes!! We always seem to be thinking along the same line because I do exactly that.

- I use one script across seperate policies that action the share mount / alias creation (set to ongoing + custom event).
- Then seperate polices that target the user / group on login and only once (which then call the first policy using custom event).
- Self Service item is always available from the original policy.

Bol_1-1696554832551.png

I'll paste my complete script which avoids the duplication of alias on the user desktop below.

#!/bin/bash

protocol="$4"
serverName="$5"
shareName="$6"
mountPath="${protocol}://${serverName}/${shareName}"
aliasName="${shareName} drive"
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
uid=$(id -u "${currentUser}")

runAsUser() {  
	launchctl asuser "${uid}" sudo -u "${currentUser}" "$@"
}

defaults write /Library/Preferences/com.apple.NetworkAuthorization AllowUnknownServers -bool YES

runAsUser osascript <<EOT
on listMountedDisks()
	list disks
end listMountedDisks

if (listMountedDisks() does not contain "${shareName}") then
	mount volume "${mountPath}"
end if

set shareMount to POSIX file "/Volumes/$shareName" as alias

tell application "Finder"
	tell Finder preferences
		set desktop shows hard disks to true
		set desktop shows connected servers to false
		set desktop shows external hard disks to true
	end tell
    
	if exists "/Users/${currentUser}/Desktop/${aliasName}" as POSIX file then
		delete folder "/Users/${currentUser}/Desktop/${aliasName}" as POSIX file
	end if
	make new alias to shareMount at desktop
	set name of result to "${aliasName}"
    open disk "${shareName}"
end tell
EOT

exit 0

@Bol I'm always finding your scripts on jamf nation and they are so freakin' helpful. Thank you for taking the time to help us floundering JAMF admins out.

That's awesome that it worked for you and I really have to thank you for taking the time, coming back, and letting me know it helped. I really appreciate it!
I guess that's the difference between a forum and a community right. Very cool, cheers




Reply