Mounting SMB Network Shares Using Jamf Configuration Profiles

ddixon
New Contributor II

How do you get SMB network shares to mount using Jamf Configuration Profiles, under macOS Mojave 10.14.5? All that I have seen is various bash and AppleScript scripts. I was looking for a way to mount the shares without resorting to scripting.

18 REPLIES 18

doschupp
New Contributor III

Hi,

I'm working at the university Erlangen-Nuernberg. We developed a tool to mount network shares via predefined Configuration Profiles. The tool (written in Swift) is started by a LaunchAgent at every network change (for automatic remounting) and when a user logs in. This is done in the background, without any user interaction.

Profile example:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>networkShares</key> <array> <string>smb://home.your.domain/%USERNAME%</string> <string>smb://filer1.your.domain/share</string> <string>smb://filer2.your.domain/another share/foobar</string> </array> </dict> </plist>

We recommend the use of kerberos tickets or mount the shares once manually to store the password in the keychain. That's because we don't want the user to be messed up with any message.

The default mount path is in the users home. We also created a policy to add the folder (~/network share) automatically to the users dock. That's easier for them ;)

You can find it here: https://gitlab.rrze.fau.de/faumac/networkShareMounter

doschupp
New Contributor III

We just released the new version of the Network Share Mounter (v2.0.0). It's a whole new app - living in the menu bar of a user. Here are some of the new features:

  • menu-bar instead of cli app
  • beside shares defined via MDM or plist, a user can add own shares via the menu
  • mount or unmount all defined shares
  • show the directory where the shares are mounted (as it was with the old app, shares are not mounted under /Volumes but in users's home under Networkshares (or Netzlaufwerke.
  • possibility to configure some aspects via MDM:
    • autostart (default: false) defines, if the app will be startet after the user logged in his Mac
    • canChangeAutostart (default: EMPTY) defines, if the user can change the behavior of autostarting the app
    • canQuit (default: true) defines whether the user can quit the app
    • unmountOnExit (default: true) will unmount all shares after exiting the app
    • helpURL (default: EMPTY) URL with a custom help page
    • networkShares (default: EMPTY) an array of strings wehere MDM (or plist) defined shares are listed
    • customNetworkShares (default: EMPTY) an array of strings wehere user defined shares will be stored setting them in the preferences option of the app
  • the app should take care to not create duplicate mounts (such as SHARENAME-1, SHARENAME-2 etc.)
  • if a user has defined his home directory via LDAP or AD (aka SMBHome), this (network) home directory will be mounted regardless of whether the share is defined in the "to mount list" of shares

To our repository: https://gitlab.rrze.fau.de/faumac/networkShareMounter
If anyone has a question, problem or feature request, please feel free to contact us.

Yeah, looks pretty cool.
How do you implement this with JAMF Pro?
There are no clear directions on how this works with JAMF.

What do you mean with "implement with Jamf Pro"? There are AutoPkg Recipes for packaging. Jamf Manifets for the configuration and configuration notes regarding i. g. autostart and managed login items.

SebastianH
New Contributor II

HI,

I ran into a problem here, the home drive is mapped without a problem. but all other shares that were distributed via config profile as given in the example seem to be ignored.

do you have any idea here ?

dstranathan
Valued Contributor II

This may not be optimal for your situation, but we use NoMAD to auto-mount SMB shares dynamically with a NoMAD Shares profile (AD environment here). I think Jamf Connect can do the same thing as well.

mark_mahabir
Valued Contributor

We never really got a configuration profile consistently working for this.

For years we used MacMule's very useful script here but more recently we map network shares via NoMAD, and it works very well.

dstranathan
Valued Contributor II

@mark.mahabir Do you ever see duplicate (or "zombie") SMB mounts in /Volumes with NoMAD?

mark_mahabir
Valued Contributor

@dstranathan I have seen a little bit of that in the past, yes. But nothing recently!

SebastianH
New Contributor II

@dschupp I have done exactly all as you described in the GitLap and also here, unfortunately it does not work, do you have a solution?

@dstranathan how did you NoMad Shares get to Work ?

dstranathan
Valued Contributor II

@SebastianH It's a MDM configuration profile (menu.nomad.shares) that contains a list of AD groups and a list of corresponding SMB shares basically.

Example of some of the NoMAD Shares options:

Automount = yes/no. Yes means that MoMAD mounts the SMB shares dynamically if the domain is reachable.
Groups = An array of the AD group(s) that are allowed to access the SMB share.
Name = The label that appears in the NoMAD menu.
URL = Example: smb://server.domain/share

(There are a few other options but these are the most common)

SMB shares appear under the NoMAD menu "Network Drives" section. A checkmark indicates the drive is mounted already.

Refer to these NoMAD Shares docs

doschupp
New Contributor III

hi @SebastianH,

I didn't saw your first post, .. so sorry for my late reply. In that case it would be easier to create an issue in our repo.

Is it possible for you to post your profile here? To get a status code of the binary you can trigger it with the cli. ig:

./networkShareMounter
2021-06-21 09:35:18.155 networkShareMounter[:] smb://my-share: already mounted
2021-06-21 09:35:18.248 networkShareMounter[:] smb://my-home: already mounted

or:

./networkShareMounter
2021-06-21 09:44:51.093 networkShareMounter[:] smb://share-not-reachable unknown return code: 60

SebastianH
New Contributor II

[@dschupp ]
i think i found the issue, i just changed smb://server/share to smb://server.domain.com/share and it works

bcherry1
New Contributor

Hello, I am having an issue getting devices to use the menu.nomad.shares.plist that is pushed down via a config file.  I can see the config file on the device.  But, when launching nomad no shares are mounted.  I am not sure what is wrong.  When I use the plist manually by placing it in the preference file for the user it works as expected. 

dstranathan
Valued Contributor II

You might be able to reach out to Jamf regarding this issue, and there is a #NoMAD channel on the Mac Admins Slack too. Since Jamf Connect and NoMAD are similar in their SMB mounting configs you might find info there too.

MarcoR
New Contributor II

@doschupp I'm trying to implement networkShareMounter 2.1.1 to our environment.

And basically, it is working as planned but... 

The shares are mounted successfully (macOS Ventura 13.1) but after a couple of minutes - without any shown to the user - share is suddenly ejected. It seems to reconnect automatically but this causes two problems:

- every unmount/re-mount seems to create a login error on our domain controller (username: DRIVE)

- and every unmount/re-mount creates an empty/orphant alias in the Networksharesfolder (Show mounted shares)

Any idea, what the causes are and how to solve it ?

doschupp
New Contributor III

Can you send us your plist configuration? (i.g. email to rrze-mac@fau.de). The value `cleanupLocationDirectory` could be the solution for your second problem. 

MarcoR
New Contributor II

Indeed, the value "cleanupLocactionDirectory" fixed my second problem.