Posted on 03-08-2013 07:22 AM
I have my mountNetworkShare.sh script set as a login policy and it's restricted to run only on internal network segments. The parameters of the policy are being honored, but the share still attempts to mount when I log in from offsite. It looks like the .plist file created in ~/Library/LaunchAgents is the culprit. Has anyone else seen this?
I'm mounting end-user network home folders via smb and I'm using Kerberos. The only modification I made to the script was specifying smb and the name of the share.
Solved! Go to Solution.
Posted on 03-12-2013 12:38 PM
Thanks all. I trashed the original script and combined ideas from the Resource Kit's mountNetworkShare.sh and Jared Nichols' mountShares.sh script in https://jamfnation.jamfsoftware.com/discussion.html?id=5824 Our network home folders are named by smb://server/share/username so I had to play around with the cut parameters. My contents are below if it will help anyone.
#!/bin/sh
#Find the logged in user
user=ls -la /dev/console | cut -d " " -f 4
#remove launch agent
rm -fr /Users/$user/Library/LaunchAgents/com.jamfsoftware.mapdrive.*
#Find their H drive server
path=dscl . read /Users/$user | grep SMBHome: | cut -d '' -f 3 -f 4
#Convert path to readable smb server
server=echo $path | sed 's:\:/:g'
#Mount the user's H drive
sudo -u $user jamf mount -server $server -share $user -type smb
Posted on 03-08-2013 10:19 AM
Possible that your home network is assigning a similar IP to your work network segments?
Gabe Shackney
Princeton Public Schools
Posted on 03-08-2013 10:38 AM
Thanks for the feedback Gabe. I've had this issue in the office as well even if I shut down, then unplug the LAN cable and leave Airport off.
-Dan
Posted on 03-08-2013 01:46 PM
LaunchAgents in ~/ will run when that user logs in.
I guess this is why it's running irrespective of the policy setting.
Posted on 03-08-2013 02:15 PM
Hi Everyone,
Launch Agents, by nature run at the time the user logs in. you could put a logic check in the script to exit if it cannot, say ping an internal server?
$ ping -c 4 google.com
PING google.com (74.125.224.133): 56 data bytes
64 bytes from 74.125.224.133: icmp_seq=0 ttl=54 time=6.099 ms
64 bytes from 74.125.224.133: icmp_seq=1 ttl=54 time=7.921 ms
64 bytes from 74.125.224.133: icmp_seq=2 ttl=54 time=8.779 ms
64 bytes from 74.125.224.133: icmp_seq=3 ttl=54 time=8.660 ms
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 6.099/7.865/8.779/1.071 ms
t-lark-test:scripts tlarkin$ echo $?
0
t-lark-test:scripts tlarkin$ ping -c 4 somefakesite.com
ping: cannot resolve somefakesite.com: Unknown host
t-lark-test:scripts tlarkin$ echo $?
68
So, if I do 4 pings to Google.com it passes, and when I echo $? it shows an exit status of 0, meaning it passed. When I tried to ping somefakesite.com it failed and echo $? returned exit status 68. So, maybe something like this could work out for you.
#!/bin/bash
# check to see if we are on the internal network
/sbin/ping -c 4 myinternalserver.com
if [[ $(/bin/echo $?) != 0 ]]
then /bin/echo "not in the internal network, exiting..."
exit 1
else /bin/echo "inside the network proceeding..."
fi
# rest of network script goes below this
Please test this out, but doing some sort of test to see if you are in the internal network and then forcing an exit if not could be a possible work around for you. I don't have a way to test this out currently.
Thanks,
Tom
Posted on 03-12-2013 12:38 PM
Thanks all. I trashed the original script and combined ideas from the Resource Kit's mountNetworkShare.sh and Jared Nichols' mountShares.sh script in https://jamfnation.jamfsoftware.com/discussion.html?id=5824 Our network home folders are named by smb://server/share/username so I had to play around with the cut parameters. My contents are below if it will help anyone.
#!/bin/sh
#Find the logged in user
user=ls -la /dev/console | cut -d " " -f 4
#remove launch agent
rm -fr /Users/$user/Library/LaunchAgents/com.jamfsoftware.mapdrive.*
#Find their H drive server
path=dscl . read /Users/$user | grep SMBHome: | cut -d '' -f 3 -f 4
#Convert path to readable smb server
server=echo $path | sed 's:\:/:g'
#Mount the user's H drive
sudo -u $user jamf mount -server $server -share $user -type smb