Posted on 05-16-2014 08:14 AM
Hi all,
I am looking to re-map the AD home drive when a Mac wakes up. I have users that let their Macs go to sleep and when they wake, the home drive is disconnected. We have the "Use UNC path from Active Directory to derive network home location" checked on these machines. I know I can use a workaround like sleepwatcher with a dscl script but that doesn't seem elegant :) How are you all handling this? Thanks!
Posted on 05-20-2014 11:00 PM
I'm guessing the users Kerberos ticket is expiring, so when you reconnect are you asked to provide credentials?
I'm assuming that the macs are going to sleep for a few hours, like overnight.
Posted on 05-21-2014 06:47 AM
Yes @bentoms how did you guess :)
Actually, now that you mention it, I've had Kerberos ticket expirations when Macs go to sleep. I had to move away from using Kerberos in Outlook and Lync. I've reached out to our Apple SE but he hasn't written back yet. That does not seem like it should be happening, right?
Posted on 05-21-2014 06:52 AM
@jubei Kerb tickets often expire after 8 hours.
So I'd probably try & prod your users to logout at end of play.
Posted on 05-21-2014 06:57 AM
@bentoms is that a Mac OS X thing or just in general? Trying to sell Mac as an offering so I'm trying to get it to match up to Windows as closely as possible. Thanks for your help, really dig your blog!
Posted on 05-21-2014 01:28 PM
@jubei, not an OSX thing.. but with OSX not keeping shares visible when having no connection (like win clients do under my computer), it's more visible.
http://technet.microsoft.com/en-us/library/cc775748(v=ws.10).aspx.aspx)
Posted on 08-25-2014 06:58 PM
You could have a simple launch agent on a 5 minute trigger that checked if the correct network existed and if the drives didn't exist then attempt to remount them, one disadvantage is it will bring back manually ejected drives whether you like it or not.
It's not instant but it generally gets the job done.
I have created something along these lines for us, running as the logged in user that basically checks.
Is this user in the foreground
Is it on our network
Are there any drives missing
Is Kerberos active
And then goes away and remounts any missing drives.
Posted on 08-25-2014 11:12 PM
I've used two methods in the past, either making the AD home a link in the dock that the user can choose to click on at any time, or using the sleep watcher launchdaemon (http://www.bernhard-baehr.de) to monitor sleep and wake and run scripts at those events.
Although I'd normally use mount_afp in bash, detecting if a kerberos ticket has expired and asking for the user for a new one is a little messy. I would use AppleScript instead as it automatically tries kerberos and falls back to username/password when required.
Posted on 08-26-2014 01:25 AM
i second Sleep Watcher. I found it very useful :)