Help

Mounting SMB via desktop alias, ideally with a password prompt and timeout.

jakeobie
New Contributor II

Posted on ‎07-13-2017 09:00 AM

I'm hoping to find the best way to accomplish a specific need for our computer labs on campus.

For our iMac labs we have multiple network shares (all on the same server, but different folders) used by different departments (art, communications, etc.). In the past, we've made our images with ~6 AD users (representing each department) with a password and once the user logged in the share would be mounted by passing the credentials to the server.

I'd like narrow this down to only 1 main user, with the ability to mount the shares using some sort of alias or script that is easy to find for the user. Ideally, they would launch it, it would prompt for the password for the share, and after a certain amount of time it would disconnect (maybe a popup like "This connection will close in 60 seconds, click here to keep your connection").

Any ideas? I've had the idea to just create aliases which should prompt for credentials, but the only timeout I see us being able to use would be a logout timeout, which we could then enable "Restart on logout" to reset all connections.

Thanks!

Labels:
0 Kudos
Reply
5 REPLIES 5

Look
Valued Contributor III

Posted on ‎07-13-2017 02:29 PM

If you have sign in required in Self Service then do it as a script in self service scoped based on the AD groups used to give access in the first place (i.e. If you have access to the share you can see it in Self Service).
Not sure how ot best do the disconnect, but you could probably just have a launchagent or launchdaemon running that checked for specific events every few minutes and disconnected the shares if they appeared to be not in use anymore.

0 Kudos
Reply

davidacland
Honored Contributor II

Posted on ‎07-13-2017 03:11 PM

The most standard setup we've seen in computer labs is directory logins (usually AD), with shared drives mapped based on group membership. This has the added benefit of kerberos authentication so network drives are completely automatic for the users.

Is that a setup you could use?

0 Kudos
Reply

jakeobie
New Contributor II

Posted on ‎07-14-2017 08:01 AM

That is what we use currently, which creates the added work of supporting 6 user accounts on each station. This becomes a hassle when we are creating our images and need to configure each user the same way. Instead of doing the work once, we do it 6 times (e.g. setting homepages, changing history-saving settings, configuring applications).

In addition, we often get mid-semester software requests which have to be configured with each user as well.

0 Kudos
Reply

joshbuddy
New Contributor III

Posted on ‎07-17-2017 01:13 PM

You could create an inetloc file to call the shared folder. You could script it by outputting the contents into a document and then dropping it on the desktop or wherever you want it to reside -

populate inetloc file

out='<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>URL</key> <string>'smb://path/to/file'</string> </dict> </plist>'

echo $out > /Users/Username/Desktop/ShareName.inetloc

Something like that. You could wild card other variables like the username or even the shared folder if you get the path through dscl.

0 Kudos
Reply

jakeobie
New Contributor II

Posted on ‎07-25-2017 03:21 PM

@joshbuddy That was what I had used in the past and couldn't remember; thanks! Anyway I could do a timeout for something like this? Say, once they run the inetloc file and it connects, it will disconnect after half an hour of inactivity or something of the sort?

0 Kudos
Reply