- Jamf Nation Community
- Products
- Jamf Pro
- Re: OT: Problem with network volumes on the Dock a...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
OT: Problem with network volumes on the Dock and storing passwords
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-09-2012 05:47 AM
I haven't had much luck googling and with other resources so I figured I'd throw this here as there's a lot of smart dudes (and dudettes) here.
I've got a script that runs as part of a "User Configuration" policy that a tech runs to finish deployment of a Mac to an end-user. One of the scripts uses the issued Kerberos ticket from AD to mount 2 volumes. Here's the script:
#!/bin/sh
# Filename: mountShares.sh
# Purpose: Mount file shares automatically with Kerberos ticket
# Author: Jared F. Nichols
#Find the logged in user
user=`ls -la /dev/console | cut -d " " -f 4`
#Find their P drive server
server=`dscl . -read /Users/$user | grep SMBHome: | cut -d '' -f 3`
#Set this temp string because 'defaults' is literal and won't resolve variables
tmpStr='<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/'$user'</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
#Mount the user's P drive
sudo -u $user jamf mount -server $server -share $user -type smb
#Write the P drive to the dock
sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add $tmpStr
#P drive dispensed with, let's do the U drive.
id=`id $user`
echo $id
case $id in
*EQPOD_LOGIN*)
sudo -u $user jamf mount -server cifsbos01 -share eqshared -type smb
sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/eqshared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
;;
*PGRShared*)
sudo -u $user jamf mount -server cifsbos03 -share pgrshared -type smb
sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/pgrshared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
;;
*730Hishared*)
sudo -u $user jamf mount -server cifsbos02 -share hishared -type smb
sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/hishared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
;;
*NLD_TsoLogon*)
sudo -u $user jamf mount -server cifsbos03 -share tsoshared -type smb
sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/tsoshared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
;;
*FIUsers*)
sudo -u $user jamf mount -server fiprdfileinv -share shared -type smb
sudo -u $user defaults write /Users/$user/Library/Preferences/com.apple.dock persistent-others -array-add '<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Volumes/shared</string><key>_CFURLStringType</key><integer>0</integer></dict><key>showas</key><integer>2</integer></dict><key>tile-type</key><string>directory-tile</string></dict>'
;;
esac
#Kick the Dock in the ass. Nothing else to see here, folks.
killall DockBasically, the "P drive" (yes, I know I've used Windows-parlayance here) is the user's personal network drive and the "U drive" is their workgroup's drive.
The script itself works great. It mounts the drives and adds them to the Dock. The issue comes when you login offline and don't get a Kerberos ticket. If you do this, you're prompted (as expected) for username and password. The issue is that no matter what you do, you can't get the OS to use stored credentials on the Keychain for this. You can select the "remember this" box, see the item added to the Keychain, but it's never used subsequently.
My first thought was that perhaps it's because I'm using the 'jamf' binary to do my mounting, so I'm going to try using mount instead, but then I've got to create mount points that stick around (I believe) and don't know how this will play if you have an existing mount point (e.g. I make /Volumes/a292330 manually) and then mount a volume when I've got a Kerberos ticket used.
Any ideas smart people?
EDIT: I should also add that if you manually mount the given volumes (Cmd-K) and store the password in the keychain and drag those to the Dock, it works as expected and uses the stored credentials. It's something to do with how I'm doing it, I think.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-09-2012 11:49 AM
Hi Jared
I went through this dilema many moons ago. I resorted to an applescripted application. I know .... Noooooooooo!
https://jamfnation.jamfsoftware.com/discussion.html?id=1849
I then added some network alias in /Application/Utilities/Network Drives/ packged them up and then used docutil to add them to the dock.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2012 05:17 AM
I think I've got it sorted, but I ran into another issue. I ended up switching to mount_smbfs instead of the jamf binary. This allowed the proper storage of the password in the keychain and its use later.
However, I can't run this with a JAMF policy because the JAMF admin user is running the script and when I'm not using the jamf binary, the script does not have access to the Kerberos ticket of the user. It hangs at wanting a password. So, unless there's some other option, I'm just going to lay it down as a launchagent, fire it off, and then remove it so it runs as the user.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2012 09:59 PM
Hope this doesn't sound silly because I've been up so late tonight reading but...
Would starting your script with something like
ping -c 2 some.internal.server.addressWith some fancy 'if'ing thrown in to make it loop the ping command every few mins until it has a valid address then drop the script.
Or perhaps point it at a specific connection device like en0 or en1. Just throwing thoughts out there.
Perhaps not the 'if' command.
Sometimes I hop on my dirtbike with the top half of a chicken suit, adult diaper and eyepatch then ride around my neighborhood staring at people REAL hard.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-11-2012 05:25 AM
I ended up making a launchagent.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-11-2012 11:58 PM
I'm not yet familiar with launchagents. Mind sharing an example please?
