MAC OSX 10.5.2 Auto Map Network Drive
 

Hello all,

My environment consists of some MACs in a Windows Active Directory environment.

I'm trying to MAP to some shared drives via active directory username when the user logs into the MAC. I don't want the user to have to be prompted for a password as it should automatically use the active directory credentials.

Now I have some MAC computers running 10.4 where I had a script start up to map some network drives. This seemed to work fine for the most part.

I've recently got a new MAC running 10.5 where firstly my script no longer would work and secondly whenever mapping to a network drive I am prompted to login again. I no not want to have to save to the keychain as this will change when the user changes the active directory password.

Does anyone know how to get mapping drives working properly again?

Please let me know.
Thanks in advance! :)

Would you like to show your script? You can use single lines of AppleScript to do this. You also didn't say what kind of shares you're using.

There have been many troubles with AD binding under 10.5. Supposedly 10.5.2 fixed the problems, but in my environment Kerberos still doesn't work for SMB shares.

Thanks for the reply.

Not much point in showing the script as it no longer works in 10.5 something to do with the type of scripting no longer being supported.

The shares are SMB and I gather I am having the same issues as you are?

All I want is for the shared drives to map without any hassles or prompts when the active directory user logs into the MAC. :)

For each share, you can make a one line AppleScript:

mount volume "smb://server/share"

Assuming Kerberos is working, and the user is logging in with a network account, that should just work if the script (saved as an application) is in the user's login items list.

Now, if it works for AFP shares but not for SMB, you're running into the same problem I am. But it doesn't seem to be widespread.

BTW, MAC is for network interface addresses. Mac is short for Macintosh.

Hello again,

On the 'Mac' :) when I go to the terminal and type the exact same command as you wrote above, substituted with my real values of course, I get the following:

username$ mount volume "smb://path.com/share"

mount: realpath /Users/username/smb:: No such file or directory

Or if I run my script:

The script prompts me for a username/password to use.

However if I use this exact same script on Mac 10.4 or below the shares map perfectly fine without any prompts.


I also tried using just mount volume "smb://path.com/share" in a script and I get the same prompt.


Any ideas?

Thanks for your help.

AppleScript commands must be run from Script Editor (or osascript). You can't just enter them in bash.

And as for Script Editor, I told you it was only one line. There's no need to 'tell application' or anything like that.

The 'mount volume' command seems to use the same login facilities as the Finder. If you have a saved user/password in a keychain, or if you have a Kerberos ticket, you will not be prompted.

Are the users obtaining a Kerberos ticket at login?

Thanks,

I had done the one line as well as my other example in script editor.

Is there a way I can verify that the kerberos ticket was received on the Mac?

Thanks for your help.

Try the Kerberos application in /System/Library/CoreServices.

Hmm.. when I load the Kerberos program it shows the active directory username@domain.com with the amount of time left on the ticket. I presume that means its working.

Any thoughts?

Thanks

Did you have the script run as a log in hook?

Not sure what you mean by log in hook. I had it set in the log in items or run it manually.

This has only been a problem with 10.5 not 10.4.

do they map the SMB via their personal credentials or by the same log in? Can you give more info on exactly how it is set up and your current infrastructure?

each user has their own credentials.

well, I am not scripting expert but you could perhaps (and this would take some work) create a log in hook that mounted the SMB drives.

or mount it manually once and then drag it down to the dock, then it should make an alias to that mount and the user can click on it. Haven't tested this in Leopard but it works in Tiger.

Sorry for the late reply.

I wouldn't really know where to begin with doing any major scripting. Surely this is possible in a "less" complicated fashion? I just dont understand why its broken in the new version! :P

I believe 10.5 doesn't work with kerberos in the same way that 10.4 did. I remember reading somewhere that it will only send the kerberos ticket to a server that requests one. Leopard's AD integration is on the whole quite frankly appalling, made even worse in my view, because everything worked fine with tiger.

I have also found that login items doesn't work with AD users. Apple say they are aware of this and are working on a solution to it.

10.5.2 seems to have fixed almost everyone's major AD issues. I don't know anything about the login items issue.

well each user could mount it manually once, and then drag that mounted volume to the dock, and then they can just click the alias to map it after log in.

Yeah thats the same feeling I had; don't get why they broke it. I was hoping there was something I was missing or just a simple work around but it doesn't seem like it.

Hopefully the next update will resolve this.

Well, 10.5.3 still didn't solve this issue. However, I am having a hard time with creating a LoginHook that will interact with my script. I'm not strong in programming and I'm just curious as to how the LoginHook can take the login credentials, then use them to be able to map network drives. This is 10.5.3.

I've having much the same problem, but have dug a bit deeper.

Under 10.4 we ran a loginHook that would copy & modify an automator script (because some of the mounts included the username). The last line of the script was "open <modified for user automator script>". We did this because "open" worked for afp but not smb, despite claims in the documentation otherwise. It correctly used the user's AD credentials from login-- no extra passwords demanded, either for the login script or if they manually mounted another share after logging in.

Now? "open" doesn't work--at least the rest of the script works correctly, but the automator script doesn't run.

Manually mounting requires the AD username/pass to be re-entered for each server. Same thing if by hand the automator script is run.

Having each user login and mount by hand "the first time" is just not an option --it's a lab so we control the environment (dock) fairly stringently so it wouldn't carry over between logins, and there are just too many users to have them do anything manually one by one! (Same thing about setting login items--no way am I setting login items for hundreds of users. LoginHooks only).

I have a partial fix for this.

For mounting our Windows 2003 server shares

mount_smbfs -N //server/share /mountpoint

Does not demand a password. However, the mountpoints need to be pre-created directories. It also doesn't work for our one Linux share (which is odd, since that's the only one that's actually samba.)

My LoginHook is a shell script that:

mkdir mountpoint (for every share)

copy automator script that does nothing but run a shell script consisting of the mount_smbfs lines above--when adding a shell script to the loginitems (individual, rather than the universal loginhook) it wanted to open it in text edit rather than run it, so I stuffed it in an automator script.

copy a loginwindow.plist that points to said automator script into the user's preferences directory -- thus making it run as a LoginItem for that one user as soon as the LoginHook is done.

---

Clean & Elegant? No--but it works for mounting the Server 2003 shares w/o ore passwords.

Was wondering if anyone found a solution for this? I actually had a very similar Apple Script solution set up to mount drives since back in the 10.3 days that of course now fails. Was using the same method:

Tell Finder
mount volume "smb://server/servershare"
end tell

Did you find a good solution?

Mac OSX Login script
 

We recently bound all the macs on campus to a AD and heres the script I made to do this. We just had it run in the default users login items.

set MyName to do shell script "whoami"
tell application "Finder"
try
mount volume "smb://saga/" & MyName & "$"
do shell script "ln -s /Volumes/" & MyName & "$ ~/Desktop"
end try
try
mount volume "smb://saga/" & "common" & ""
do shell script "ln -s /Volumes/" & "common" & " ~/Desktop"
end try
end tell


This creates 2 mapped drives, one mapped to smb://saga/username$ and one to smb://saga/common and then creates an alias to them on the desktop (since 10.5 wont do that anymore).

Tried this applescript, it simply won't work under 10.6.3
 

I attempted this script and get the following error w/ v10.6.4

CONNECTION FAILED

There was an error connecting to the server
"subdomain.domain.edu". Check the server name
or IP address and then try again.

If you are unable to resolve the problem
contact your system administrator.

If I enter the server name manually w/ Go -> Connect to Server in the Finder it works flawlessly. Authentication is not an issue, I have the proper kerberos certificates when logging in as a user.


This is the script I used based on the previous post:

set MyName to do shell script "whoami"

tell application "Finder"

try
mount volume "smb://subdomain.domain.edu/home/" & MyName & "$"
do shell script "ln -s /Volumes/" & MyName & "$ ~/Desktop"
end try

end tell


Can anyone help? What could be the issue? Why will OS X connect by Finder but not Actionscript?

http://forums.macosxhints.com/showthread.php?t=109766

I've been having issues with this for ages. We are going to get an application called Casper ( http://www.jamfsoftware.com/ ) which should help with this. Wasted way to much time with MAC's & AD.... Love to be able to kick Mr Jobs in the nuts for the amount of hours I have wasted on this... It keeps me in beer & cheap package holidays, so I'm not going to grumble :)

I have ran Casper for the past 3 years at my job. Awesome product, however, Jamf Software just uses the under-the-hood Unix and built in APIs from Apple. They aren't re-writing any code. They are using tools given to them, they just make it more efficient, and have more of an enterprise mindset. Where Apple, despite making enterprise products, still have a consumer mindset.

The AD Plug-in should now allow for SMB mounted home folders from an AD server.

As for using a log in hook and using the "whoami" command to find out what user you are, you cannot use that. Login hooks run as root user. So if you use "whoami" it will always return root.

There are several ways to determine who is logging in, my preferred way is to check ownership of /dev/console. Since once any user logs in, they acquire ownership of /dev/console. So, something like this:


I suggest you go grab a copy of setting up the "Golden Triangle," white paper over at www.afp548.com. It should have the steps needed to use AD for authentication and home folder. However, if you are also using OD, you can always host the home folders on an OS X server over AFP.

Drive mapping
 

Here's the AppleScript that has worked for me.

(*
: Login Scripting for the Apple Domain Users
:
: 09.29.04 Created 1.0
: 07.18.06 Changed1.5 Moved to new server locations
: 03.22.06 Changed 2.0 Removed User info from mounts (not needed).
:
*)

set whoami to "User ID goes here"
try
set volumeName to "Public"
if (list disks) does not contain volumeName then
mount volume "smb://" & whoami & "@file_share_path/" & volumeName
end if
end try

try
set volumeName to "Apps"
if (list disks) does not contain volumeName then
mount volume "smb://" & whoami & "@file_share_path/" & volumeName
end if
end try

try
set volumeName to "Departments"
if (list disks) does not contain volumeName then
mount volume "smb://" & whoami & "@file_share_path/" & volumeName
end if
end try

try
set volumeName to "Home"
if (list disks) does not contain volumeName then
mount volume "smb://" & whoami & "@file_share_path/home"
end if
end try