Windows 2K8 Server (and 2K12S), MS SMB and "Can't Mount Distribution Point" errors ... with policies

CGundersen
Contributor III

We are reviewing/testing options for our move to Casper 9. In particular, we will need to decide what OS to use for our distribution points. We will be moving away from Mac OS X (and AFP) to Windows (SMB/IIS) or Linux (RHEL/SAMBA/Apache). The JDS will be a possibility for us, but for purposes of this discussion I would like to focus on SMB/share-based distribution. I've done some testing with W2K8 and W2K12 Server at both home and work environments and have run into the following problem ...

I can NetBoot and use Casper Imaging to lay down OS/Configuration perfectly using either W2K8/12 server SMB shares. However, as soon as I try to deliver packages via Policy I get consistent "Can't mount a distribution point" failures. As soon as I turn on IIS and use HTTP on these servers for my policies all is well. I've tried with both local and domain accounts with same result. I can mount the share using the read and read/write account perfectly fine. Again, Casper Imaging is using the share with success, but delivery via Policy is failing with aforementioned error on both home domain and work domain. My testing is with Casper 9.22. The AFP distro point works fine for both Casper Imaging and Policy deployment, but that's not the direction we need to be moving. Linux/SAMBA testing comes next, but I'm expecting the same error with SAMBA. What the heck?

1 ACCEPTED SOLUTION

CGundersen
Contributor III

So it seems that the "issue" was with a line in a first boot script I borrowed/modified and was using after laying down AutoDMG-based OS with Casper Imaging. While AFP and HTTP policies worked great, SMB policies were borked. SMB mounts/testing outside of policies worked great and that messed me up a bit. Oh well.

# Disable root login by setting root's shell to /usr/bin/false
dscl . -create /Users/root UserShell /usr/bin/false

View solution in original post

8 REPLIES 8

nessts
Valued Contributor II

I have centos samba servers running and they are working fine. I have noticed with 10.9 that things work better mounting from the samba servers with cifs instead of smb
I have w2k8 servers working ok as distribution points with smb. I dont' know much about the windows servers but its all worked in testing for us.

frozenarse
Contributor II

We switched over from SMB to HTTP for our windows based distribution point. With SMB we were seeing the client mount the "Casper share" and sometimes it wouldn't drop it. The next time a policy tried to create the mount it would puke out with that message. (Actually it might have been the 2nd or 3rd policy to run after an existing Casper share was already mounted but...) This is with version 8.x so i'm just tossing this out there in case you are seeing similar behavior on the client.

CGundersen
Contributor III

Thanks for the info. I probably shouldn't worry too much about SMB and Policies as we plan to move to HTTP. However, I would like to have it working "just in case" and find it strange that Casper Imaging works great with JSS configuration info (CasperShare, credentials), but post-image policy fails. I'll give SAMBA a try, create a support case with JAMF on the MS SMB issue and report back.

CGundersen
Contributor III

So it seems that the "issue" was with a line in a first boot script I borrowed/modified and was using after laying down AutoDMG-based OS with Casper Imaging. While AFP and HTTP policies worked great, SMB policies were borked. SMB mounts/testing outside of policies worked great and that messed me up a bit. Oh well.

# Disable root login by setting root's shell to /usr/bin/false
dscl . -create /Users/root UserShell /usr/bin/false

JPDyson
Valued Contributor

Wouldn't that line adversely affect, like, practically everything Casper would try to do on a managed system?

CGundersen
Contributor III

Seemingly not as AFP and HTTP-based policies worked just fine?

G-Lo
New Contributor III

Could the problem stem from more than 1 SMB mount at a time? I run into this often with my Win2K8 server. Workaround is to try a few minutes later and policy runs fine. See more details here: id=7273https://jamfnation.jamfsoftware.com/discussion.html?id=7273

JPDyson
Valued Contributor

@CGundersen If root's shell is a bad value, I'd think that the root user wouldn't be able to run a lot of scripts and commands that you'd want to deploy.