mountNetworkShare for SMB with AD login on 10.8

ernstcs
Contributor III

Hey all. My only remaining hang up (that I'm aware of) for my using 10.8 in my labs at this point is getting a few general network shares mapped for users at login, these are not their home shares (those mount fine with the AD plug-in). Has anyone successfully used the last version of the mountNetworkShare script from the resource kit or are you using your own custom version of it that works with 10.8? For some reason the user is getting prompted to enter in their credentials as if the kerberos information isn't being handle properly from their AD login. Thanks.

1 ACCEPTED SOLUTION

jarednichols
Honored Contributor

So here's the script I'm using. It uses the Kerberos ticket to mount shares. Those things that I'm case pattern matching to are the AD groups I was talking about that determine what team share (U drive for us)

#!/bin/sh

# Filename: mountShares.sh
# Purpose: Mount file shares automatically with Kerberos ticket
# Author: Jared F. Nichols

#Find the logged in user
user=`ls -la /dev/console | cut -d " " -f 4`

#Find their P drive server
server=`dscl . -read /Users/$user | grep SMBHome: | cut -d '' -f 3`

#Set this temp string because 'defaults' is literal and won't resolve variables
tmpStr='<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/'$user'</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'

#Mount the user's P drive
sudo -u $user jamf mount -server $server -share $user -type smb

#Write the P drive to the dock
sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add $tmpStr

#P drive dispensed with, let's do the U drive.

id=`id $user`

echo $id

case $id in
*EQPOD_LOGIN*)
    sudo -u $user jamf mount -server cifsbos01 -share eqshared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/eqshared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
*PGRShared*)
    sudo -u $user jamf mount -server cifsbos03 -share pgrshared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/pgrshared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
*730Hishared*)
    sudo -u $user jamf mount -server cifsbos02 -share hishared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/hishared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
*NLD_TsoLogon*)
    sudo -u $user jamf mount -server cifsbos03 -share tsoshared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/tsoshared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
*FIUsers*)
    sudo -u $user jamf mount -server fiprdfileinv -share shared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/shared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
esac


#Kick the Dock in the ass. Nothing else to see here, folks.
killall Dock

View solution in original post

12 REPLIES 12

rhs615
New Contributor III

I am having similar issues here: https://jamfnation.jamfsoftware.com/discussion.html?id=5810

Trying to work through them slowly. My snippet of code was pulled out from the mountNetworkShare as we could not get that working on our 10.7 clients. Attempting to get something working on 10.8

rhs615
New Contributor III
 

jarednichols
Honored Contributor

Custom. Our team shares are based on AD group membership. you can do an ```
id
``` and case out for particular groups to mount particular shares. I can post up some script snippets in a few.

jarednichols
Honored Contributor

So here's the script I'm using. It uses the Kerberos ticket to mount shares. Those things that I'm case pattern matching to are the AD groups I was talking about that determine what team share (U drive for us)

#!/bin/sh

# Filename: mountShares.sh
# Purpose: Mount file shares automatically with Kerberos ticket
# Author: Jared F. Nichols

#Find the logged in user
user=`ls -la /dev/console | cut -d " " -f 4`

#Find their P drive server
server=`dscl . -read /Users/$user | grep SMBHome: | cut -d '' -f 3`

#Set this temp string because 'defaults' is literal and won't resolve variables
tmpStr='<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/'$user'</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'

#Mount the user's P drive
sudo -u $user jamf mount -server $server -share $user -type smb

#Write the P drive to the dock
sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add $tmpStr

#P drive dispensed with, let's do the U drive.

id=`id $user`

echo $id

case $id in
*EQPOD_LOGIN*)
    sudo -u $user jamf mount -server cifsbos01 -share eqshared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/eqshared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
*PGRShared*)
    sudo -u $user jamf mount -server cifsbos03 -share pgrshared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/pgrshared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
*730Hishared*)
    sudo -u $user jamf mount -server cifsbos02 -share hishared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/hishared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
*NLD_TsoLogon*)
    sudo -u $user jamf mount -server cifsbos03 -share tsoshared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/tsoshared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
*FIUsers*)
    sudo -u $user jamf mount -server fiprdfileinv -share shared -type smb
    sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/shared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
    ;;
esac


#Kick the Dock in the ass. Nothing else to see here, folks.
killall Dock

bentoms
Release Candidate Programs Tester

jarednichols
Honored Contributor

Always more than one way to skin a cat on our OS :)

ernstcs
Contributor III

Thanks, Gents. I'll take a look and see what sticks. =D

My gosh, even fancy Dock work!

ernstcs
Contributor III

So...this is right up there with the "why the hell didn't I think of that." and just using the mount piece built into the binary. Thanks, Jared AND Ben!

ianmb
Contributor

@jarednichols My users will have Mac homes at SMBHome/osx, is there a way to adapt your script to get those areas mounted?

I'd like to use the jamf mount command if possible (bash beginner here).

jarednichols
Honored Contributor

I think the issue here is that unless your “osx” folder is exposed as a share, it’s not going to work as you intend (or likely at all). When a client connects to a file server, it asks for the shares that it has exposed. The client is then allowed to mount one of those shares (unless it’s a hidden special share like c$ or something like that). It’s actually a security measure to prevent clients from mounting whatever folder on the filesystem that they like. If you knew there was a folder at “/Users/johnnyappleseed/documents/MyImportantStuff” but the only this shared was "/Users/Shared” and you could actually mount “MyImportantStuff” that’d be a bit of a problem, right?

So I know what you’re saying: “But ‘osx’ is nested within the share.” That doesn’t matter. To the server it’s not a listed share (hidden or otherwise) and it won’t let a client mount at that point.

It sort of begs the question: Why? Are there files so different on your Macs that you don’t want to expose them to Windows? Being able to mount where you want also would orphan some file access. /kthompson/documents (should it exist) wouldn’t be accessible as you’d have mounted at a sibling folder of ‘documents’ instead of a parent.

ianmb
Contributor

Does it change anything if I say I can get to SMBHome/osx via Cmd+K in a network account without authenticating again?

mvught
Contributor

You must change the finder pref: "Show these items on the desktop" / Connected servers