Help

Oddities using mountNetworkShare.sh script

Not applicable

Posted on ‎06-07-2010 06:53 AM

Hello all,

I'm trying to use the script in the Resource Kit to automount some AFP shares for users using Kerberos.

The script seems to run fine at login, but the shares do not mount. This is what the JSS log tells me:

/usr/sbin/jamf is version 7.21
Executing Policy Run Script mountClasses.sh...
Downloading http://xxx.xxx.xxx.xxx:80/CasperShare/Scripts//mountClasses.sh...
Running Script mountClasses.sh...
Script Exit Code:0
Script Result: Attempting to mount afp://xxxxxxx.xxxx.virginia.edu/classes using xxxxx's kerberos ticket...
Loading com.jamfsoftware.mapdrive.classes...

I'm fairly brand new to Casper Suite, and this one seems to stump me. Anybody have any suggestions?

Thanks in advance!

--
Terry Sheltra, Macintosh Support Technician
University of Virginia, School of Architecture
w: 434.982.3047 e: terrys at virginia.edu<mailto:terrys at virginia.edu> skype: barret55
--
?????????

0 Kudos
8 REPLIES 8

ernstcs
Contributor III

Posted on ‎06-07-2010 06:57 AM

You may also need to look at the All Messages or System Log to really see
what the issue is...

I don't think the jamf.log is really going to give you the whole picture to
troubleshoot this.

Craig E

On 6/7/10 8:53 AM, "Sheltra, Terrance (tls2t)" <tls2t at eservices.virginia.edu> wrote:

Hello all, I'm trying to use the script in the Resource Kit to automount some AFP shares for users using Kerberos. The script seems to run fine at login, but the shares do not mount. This is what the JSS log tells me: /usr/sbin/jamf is version 7.21 Executing Policy Run Script mountClasses.sh... Downloading http://xxx.xxx.xxx.xxx:80/CasperShare/Scripts//mountClasses.sh... Running Script mountClasses.sh... Script Exit Code:0 Script Result: Attempting to mount afp://xxxxxxx.xxxx.virginia.edu/classes using xxxxx's kerberos ticket... Loading com.jamfsoftware.mapdrive.classes... I'm fairly brand new to Casper Suite, and this one seems to stump me. Anybody have any suggestions? Thanks in advance! -- Terry Sheltra, Macintosh Support Technician University of Virginia, School of Architecture w: 434.982.3047 e: terrys at virginia.edu<mailto:terrys at virginia.edu> skype: barret55 -- ????????? _________________________________________

Casper mailing

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎06-07-2010 07:01 AM

Silly question.

But are network shares set to show ion the desktop?

Ben Toms
IT Support Analyst GREY Group
The Johnson Building, 77 Hatton Garden, London, EC1N 8JS
T: +44 (0) 20-3037-3819 Main: +44 (0) 20 3037 3000 | IT Helpdesk: +44 (0) 20 3037 3883

0 Kudos

Bukira
Contributor

Posted on ‎06-07-2010 07:02 AM

can you not add to the loginwindow.plist ?

thats where mine are added, i do use an OD but it adds the share to the
users loginwindow.plist

under AutoLaunchedApplicationsDictionary-managed key

<dict> <key>AuthenticateAsLoginUserShortName</key> <true> <URL> <string>cifs://xxx.xxx.ac.uk</string? </dict>

Criss Myers
Senior Customer Support Analyst (Mac Services)
iPhone Developer
Apple Certified Technical Coordinator v10.5
LIS Development Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5054
01772 895054

0 Kudos

Not applicable

Posted on ‎06-11-2010 04:17 AM

Terry,

Just quickly I am not sure its a kerberos thing, as the system will attempt to use kerberose if it is available via AFP, Can you connect via the Finder to any other share on the server outside of the resource script?.

You have your Mac hosting the "CasperShare" I am assuming. BUT, is your primary authentication provided by AD. If it is you will not only need to configure your Golden Triangle, but if the server is 10.6 the ss_util -enableSSO does NOT kerberise the AFP service.

have a look at this
http://support.apple.com/kb/TS2938

Or check the ticket.

The other way to do this is via an automount

Tomos Tyler
National Project Manager
Tomos.Tyler at compnow.com.au

Computers Now Pty Ltd
222 Pacific Highway Crows Nest NSW 2065

m: +614 0916 8532 f: +612 9957 4325

www.compnow.com.au

0 Kudos

Not applicable

Posted on ‎06-11-2010 11:29 AM

I just configured the triangle with 10.6. I had to bind the server to AD first and tell it to join the Kerberos domain but after I ran dsconfigad --enableSSO and I have full single sign on now. Server was at 10.6.3.

- JD

0 Kudos

philcebutv
New Contributor III

Posted on ‎12-03-2014 01:13 AM

Will this work on Mavericks?

I have been trying to auto mount a shared drive but I can't get it to work. I have all entries correct on the loginwindow.plist but users are still being ask to enter their user name and password on which we are trying to avoid

0 Kudos

davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎12-03-2014 03:15 AM

This is normally a Kerberos issue of some kind. The possible causes are:

  • User doesn't have a kerberos ticket after login
  • Server isn't part of the kerberos realm
  • The server service you're trying to authenticate against isn't part of the kerberos realm (or doesn't have a principle in the KDC)

To check if the client is getting a ticket after login, login as the user, open a Terminal window and type "klist". You should see a krbtgt (ticket granting ticket). When the Mac tries to access the network drive it should also create a service ticket (either smb or afp). If you're not getting these, check the Mac is bound to the domain ok and is on the network.

If the tickets are there, it may be a server configuration issue. If you can describe a bit more about the setup there will be some more steps to try.

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎01-04-2015 10:14 AM

@philcebutv, we use the following: https://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/

0 Kudos