Jamf Nation Community

I thought it did, but it’s not working. I can authenticate against AD just fine, but the drive mounting is not working. There is a preference group in Workgroup Manager called loginwindow (not com.apple.loginwindow) that does the mounting. I can’t find anything like it in casper. I tried exporting it and importing the xml into casper, but it doesn’t work.

Hi Mark,

We use AD only here, and it works without us doing anything special from
10.4 on up. I've attached a batch of screens for what you need to see in the
AD user's profile and in your bind you use in the JSS.

Of course the container/OU that you use to house your Macs would be
different.

As far as UNIX attributes go, the OS seems to only read the default shell
from that now. Although you may dictate what you want your AD bind to use as
the default for users in the JSS, the setting in the user's profile for
default shell will over ride...that is if you have UNIX attributes enabled
in AD. I don't believe it's required to have UNIX attributes enabled make
the network shares mount though.

And then it's important in your binding that if those systems will go off
network and not have access to the domain controller, you check the box for
Create mobile account at login, or they won't be able to login to the box.
At this point I have almost everything, but fixed labs, do that in the event
a faculty member takes their iMac home for some reason over a weekend or
over a long break. It doesn't really hurt anything and just enables the
mobile sync options which don't sync anything by default.

If your Domain Controllers have an external network DNS entry, but you're
actually blocking access to the DC from the external network, your logins
will take forever because it doesn't time out fast.

Not sure what else to tell ya.

Craig E

Mark:

I am also unable to mount network home directories via the AD plugin now that I am managing with Casper. This has always worked perfectly in our environment, but suddenly stopped functioning when we implemented Casper + Lion + Managed prefs in our labs.

Did you ever find a resolution for this issue?

Thanks,

--Andy

I use the mount network share script from the casper resource kit to mount our home directories from AD. I also added a log off script that removes the launchagent that the script creates- that way we don't get errors at login when off of the corporate network.

Nick:

The script worked fine for me (after we enabled Kerberos on our ExtremeZ-IP server). Still a bit vexed as to why this is suddenly broken via the AD plugin, but I am OK with using a scripted mount if it is the only way.

Could you share the location/filename of the launchagent that you remove at logout?

Thanks!!

--Andy

sure. the logout policy runs this as a unix command:

rm /Users/$USER/Library/Launchagents/com.jamfsoftware.mapdrive.*

Hi Ernst

Could you share the screen shot with me as well, please?

thanks

Nguyen

@Nguyen, unfortunately my original post was from 2010 to the listserv and I don't have any of those shots around. We also don't have the UNIX attributes in AD at all anymore. We run a fairly vanilla Microsoft AD environment. The OS X AD plug-in just reads the home folder path from the profile tab.

@Andy, I ran into this a while back when MCX was first introduced in Casper, and part of the reason I avoided using that all together. However, I thought it was corrected with a version of Casper down the line or OS X. What version of the JSS and OS are you running?

Fortunately I'll be able to skip MCX and go straight to Configuration Profiles for any of my needs, at least I hope. We still let the AD plug-in do the home directories, and I use the network share script from the resource kit for additional shares, and cleanup leftover folders in /Volumes at logout.

Hi Ernstsc

Could share your network share script from the resource kit with me, i would like to use the script for mapping the drive as well but i am not a script person and i am beginner to the Mac world. I would like to see the example for a working script. Also if you could share how you run the script using Casper.

Thank you in advance.

Nguyen

You can find the resource kit at the link below:

http://www.jamfsoftware.com/support/resource-kit

Under the All Tools folder in the DMG you can find mountNetworkShare.sh and simply add that script to your JSS then use it in policies.

When you add it to the JSS you'll want to label some of the parameters: 6 = Share Type, 7 = Server Name, 8 = Share Name, 9 = Authorization Type.

The script itself has a lot of information about the possible values. Just keep in mind for the shareUsername, leaving $3 requires the script be run as a login script.

thank you for the information. Is it possible the i would like to use the script as self service?

Also everytime when the user logout and log back in the script is not run and all the map drive disappear. Is there a way to overcome that?

I always had problems with this so for years i just created an Applescripted application and set that to open at login via mcx.

Possibly this may be of use to someone. I have blanked some areas out as XXX and it would need to be customized and tested to make sure it works in your environment.

------------------------------------------- Setting the Environment-------------------------------------------------------------------------------
property DevComputer : "XXX"
property ServerComputer : "XXX"
property WorkstationNetworkIP : XXX
property ServerNetworkIP : XX
property APIPA : XXX

--Putting a try statement in otherwise if there isn't a Airport recognised it will fail

try
    set AirportOn to (do shell script "ifconfig en1 | awk '/status/ {print $NF}'") is "active"
end try

set loggedInUser to do shell script "whoami"
set accountType to do shell script "dscl . -read /Users/" & loggedInUser & " | grep UniqueID | cut -c 11-"
set DomainUser to do shell script "dscl . -read /Users/" & loggedInUser & " | grep PrimaryGroupID | cut -c 16-"
set SMBHome to do shell script "dscl . -read /Users/" & loggedInUser & " | grep SMBHome: | cut -c 36-"

--Putting a try statement in otherwise if Information System is not recognised in a standard users account it will fail

try
    set ISDepartment to do shell script "dscl . -read /Users/" & loggedInUser & " | grep Information"
end try

--Putting a try statement in otherwise if Development is not recognised in a standard users account it will fail

try
    set DevDepartment to do shell script "dscl . -read /Users/" & loggedInUser & " | grep Development"
end try

------------------------------------------- Setting the Environment-------------------------------------------------------------------------------
try
    if AirportOn then
        delay 30
    end if

    -- If account is not a domain account such as a local account then this will quit and no drives will try and map!

    if accountType is less than 1000 then
        tell me to quit
    else

        --If the User is on the Workstation network, is a domain user and is in Development then mount external off site share!


        try
            if IPv4 address of (system info) starts with WorkstationNetworkIP and DevDepartment contains "Development" then

                mount volume "cifs://ipaddress;username:password@ipaddress/share"


            end if
        end try

        --For workstations on LAN starting with ip XXX and is a domain user then try and map the network shares! Domain Users in our env are shown as 513

        if IPv4 address of (system info) starts with WorkstationNetworkIP and DomainUser contains "513" then

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share"
            end try

            -- Mount the users Personal drive
            try
                mount volume "cifs://Server/Share/" & SMBHome
            end try

        end if
    end if

    -- If account is not a domain account such as a local account then this will quit and no drives will try and map!

    if accountType is less than 1000 then
        tell me to quit
    else

        --For workstations on LAN starting with XXX, is a domain user and is in Information Systems then try and map the Admin share

        if IPv4 address of (system info) starts with WorkstationNetworkIP and DomainUser contains "513" and ISDepartment contains " Information Systems" then

            try
                mount volume "cifs://Server/Share"
            end try
        else
            tell me to quit
        end if


        --For servers on the LAN starting with XX and is a domain user then dry and mount the network shares including Deploy!

        if IPv4 address of (system info) starts with ServerNetworkIP then

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share"
            end try

            try
                mount volume "cifs://Server/Share" & SMBHome
            end try
        end if


        -- If account is not a domain account such as a local account then this will quit and no drives will try and map!

        if accountType is less than 1000 then
            tell me to quit
        else

            --Added APIPA to identify if a machine is not getting ip address from DHCP which will throw up errors not connected to the network and will the user an error, which we want!

            if IPv4 address of (system info) starts with APIPA and DomainUser contains "513" then
                mount volume "cifs://Server/Share"
                mount volume "cifs://Server/Share"
                mount volume "cifs://Server/Share"
                mount volume "cifs://Server/Share"
                mount volume "cifs://Server/Share"
            end if
        end if

        --For VPN home users check if Network Connect is running and if so mount the network shares, domain users are identified as 513 for us

        if accountType is less than 1000 then
            tell me to quit
        else

            tell application "System Events"
                if (exists application process "Network Connect") and DomainUser contains "513" then

                    try
                        mount volume "cifs://Server/Share"
                    end try

                    try
                        mount volume "cifs://Server/Share"
                    end try

                    try
                        mount volume "cifs://Server/Share"
                    end try

                    try
                        mount volume "cifs://Server/Share"
                    end try

                    try
                        mount volume "cifs://Server/Share"
                    end try

                    try
                        mount volume "cifs://Server/Share" & SMBHome
                    end try
                end if
            end tell
        end if

        -- If account is not a domain account such as a local account then this will quit and no drives will try and map!

        if accountType is less than 1000 then
            tell me to quit
        else

            -- For IS VPN home users check if Network Connect is running, is a domain user and is in Information Systems, then mount the Admin Share

            tell application "System Events"
                if (exists application process "Network Connect") and DomainUser contains "513" and ISDepartment contains "Information Systems" then
                    try
                        mount volume "cifs://Server/Share"
                    end try
                end if
            end tell
        end if
    end if
end try

If you want the drives to show up every time the user logs in you'd need a login policy to do it.

Hi tkimpton

Thank you for posting your script to share, could you show me how and where do i apply the script open at login via MCX in JSS please? i could not find where to put the script.
Thank you in advance.