Re-map AD home drive on wake

jubei
New Contributor II

Hi all,
I am looking to re-map the AD home drive when a Mac wakes up. I have users that let their Macs go to sleep and when they wake, the home drive is disconnected. We have the "Use UNC path from Active Directory to derive network home location" checked on these machines. I know I can use a workaround like sleepwatcher with a dscl script but that doesn't seem elegant :) How are you all handling this? Thanks!

8 REPLIES 8

bentoms
Release Candidate Programs Tester

I'm guessing the users Kerberos ticket is expiring, so when you reconnect are you asked to provide credentials?

I'm assuming that the macs are going to sleep for a few hours, like overnight.

jubei
New Contributor II

Yes @bentoms how did you guess :)

Actually, now that you mention it, I've had Kerberos ticket expirations when Macs go to sleep. I had to move away from using Kerberos in Outlook and Lync. I've reached out to our Apple SE but he hasn't written back yet. That does not seem like it should be happening, right?

bentoms
Release Candidate Programs Tester

@jubei Kerb tickets often expire after 8 hours.

So I'd probably try & prod your users to logout at end of play.

jubei
New Contributor II

@bentoms is that a Mac OS X thing or just in general? Trying to sell Mac as an offering so I'm trying to get it to match up to Windows as closely as possible. Thanks for your help, really dig your blog!

bentoms
Release Candidate Programs Tester

@jubei, not an OSX thing.. but with OSX not keeping shares visible when having no connection (like win clients do under my computer), it's more visible.

http://technet.microsoft.com/en-us/library/cc775748(v=ws.10).aspx.aspx)

Look
Valued Contributor III

You could have a simple launch agent on a 5 minute trigger that checked if the correct network existed and if the drives didn't exist then attempt to remount them, one disadvantage is it will bring back manually ejected drives whether you like it or not.
It's not instant but it generally gets the job done.
I have created something along these lines for us, running as the logged in user that basically checks.
Is this user in the foreground
Is it on our network
Are there any drives missing
Is Kerberos active
And then goes away and remounts any missing drives.

davidacland
Honored Contributor II

I've used two methods in the past, either making the AD home a link in the dock that the user can choose to click on at any time, or using the sleep watcher launchdaemon (http://www.bernhard-baehr.de) to monitor sleep and wake and run scripts at those events.

Although I'd normally use mount_afp in bash, detecting if a kerberos ticket has expired and asking for the user for a new one is a little messy. I would use AppleScript instead as it automatically tries kerberos and falls back to username/password when required.

tkimpton
Valued Contributor II

i second Sleep Watcher. I found it very useful :)

https://jamfnation.jamfsoftware.com/discussion.html?id=4813