Mac Thread, Deploying a network share to all client computers in Technical; Okay, I want to deploy an automount network share to all student client computers. They will not login individually, but ...
17th August 2012, 05:25 PM #1
- Rep Power
Deploying a network share to all client computers
Okay, I want to deploy an automount network share to all student client computers. They will not login individually, but share the same credentials. So I want to be able to copy a keychain login item to all the users on each mac. Our macs are used in a 1:1 setup so each computer only has one student account and an admin account on it. I think I have the automount figured out through Workgroup manager, but don't know how to place the saved credentials in each computer. I was going to copy a base login.keychain file between each client before the kids are given their macs, but don't know how to do that generally to all user accounts from ARD. Are there any suggestions? Better ways to do this? Thoughts?
IDG Tech News
17th August 2012, 05:29 PM #2
No OD server there? Even a Mac Mini running a server version could allow you to push out settings and make the mac's behave less like the consumer devices they are.
They have workgroup manager or something simmilar which can deploy scripts and files which includes keychain files.
Last edited by SYNACK; 17th August 2012 at 05:30 PM.
17th August 2012, 05:30 PM #3
- Rep Power
Yes I do have an OD server here. I have had issues using Profile Manager, but where would I go to place these files? Any thoughts?
17th August 2012, 05:36 PM #4
@AntonioRocco is probably the person to ask, I am rather anti Mac and have only had the displeasure of managing a few of them without an OD server (Apple is a massive obscene rip off anywhere but inside the US), but I do remember this being discussed at some point and AR is one of those who is generally more clued up on such things.
17th August 2012, 05:37 PM #5
- Rep Power
20th August 2012, 03:03 PM #6
Although old this link should still apply in general?
Mapping a windows network drive at login
1 Install OS X Server's Server Administration tools on any mac client when logged in as a local administrator.
2 Once installed, launch WorkGroup Manager and connect to the LDAP node. Your Mac Server must be configured as an OD Master for this to work and you use the Directory Administrator (diradmin) account that was created on promotion. You may not see the LDAP node initially but simply clicking on the small blue globe and selecting "Other . . ." and then navigating to LDAPv3 and selecting the presented loopback address will get you there.
3 How you apply the setting is up to you but applying it at Group Level is what I usually do. Simply create an OD Group and then add (nest) AD Users and or Groups into that Group. Prior to promotion your OS X Server should be joined to the AD Domain. That way when you try and add desired AD Users and Groups you'll be able to 'see' them.
4 Click on the Go menu and select Connect to Server. Key in the path to a desired share. For example: smb://nameorIPaddressofyourserver/pathtoshare. When prompted use the administrator name and password for that server to mount the share.
5 In WorkGroup Manager, select your Group and click on the Preferences Icon.
6 Click on the Login icon.
7 Click on the Items tab and drag into the window the previously mounted share. You can add as many shares as you like.
8 Make sure you tick the "Authenticate selected share point with user's login name and password" option.
9 Do this for as many groups you've created. For example you may have an OD Students Group that has your AD Students group nested within as well as a similar one for Teachers.
Some things you need to consider:-
1 Depending on the OS X Version of your server and client you must make sure you install the correct version of the Server Administration Tools
2 Don't use Staff or staff as these are reserved for the OS itself. Be a little more imaginative when creating groups on OS X. Use Teaching Staff instead or something even simpler such as Teachers or Tutors. If you've created a folder previously (for sharing purposes) on OS X Server that has the same name as the group, then you won't be able to create the group. Create the group first followed by the folder/share.
3 Most mac-style GPOs are best applied/configured on the Client rather than the Server. Mapping networked drives on the Server will never work.
Strange you're having problems with Profile Manager as it would be ideal to set this policy as it's web-based and can be ran anywhere. If you've been trying to do this on the Server then it won't work as already mentioned. There may be other reasons why Profile Manager did not work but I would eliminate this one first.
Profile Manager should only be used for applying Profiles to IOS Devices and mac workstations that are 10.7 or newer. For older OS (10.6, 10.5) use WorkGroup Manager instead. For a mixed OS environment (10.7, 10.6, 10.5) use WorkGroup Manager instead.
Antonio Rocco (ACSA)
Last edited by AntonioRocco; 20th August 2012 at 03:06 PM.
20th August 2012, 03:13 PM #7
- Rep Power
Thanks @AntonioRocco. We are running a Lion server 10.7.4 currently. Our server is not bound to AD, but we have access to all SMB shares on the districts server. Now will ticking "Authenticate selected share point with user's login name and password" use the current logged in users password and username or the one I used to access the share when I put it in the login items? I had done all this before, but when the user logs in it prompts them for a username and password. This share for them has a common shared username and password (only data files for NWEA MAPS testing).
Yes I have had a lot of issues with profile manager since Lion server, but currently when trying to enroll them in management, I get an error stating that there is something wrong or missing from the enrollment profile. I have reset Profile Manager back to default with no luck. I have given up on it at the moment. I would love to use it though. When it worked before it was great. All of our clients are on Lion so mixed environment is not an issue for us. Thanks for all your help.
20th August 2012, 05:54 PM #8
If you've bound client workstatons to Active Directory then accessing mapped networked drives/shares with that option enabled will work. This is a good example of SSO in action.
If that share has a common user name and password and users are logging into client workstations using their own AD Credentials then it won't work as they'll be prompted for the other account credentials every time. This appears to be what's happening based on your description of the problem. If users all logged in with that account name and password then it would work but at the same time you would have other (potentially major) issues.
It would be simpler if you defined access to that common share by adding appropriate AD Group or Groups users logging into mac workstations are part of.
There are three golden rules you need to remember about the mac platform regardless of whether you're going to integrate or not. In no particular order these are DNS, DNS and . . . DNS. Get this bit right and everything else will follow and try and avoid the use of .local as the TLD for your private domain.
The errors you're describing do sound DNS related in some way?
Key things to remember:
1 Make sure you've created appropriate DNS Records for your Mac Server - A and PTR entries are all you need. If your Windows Server is handling DNS then it makes sense to use it.
2 Make sure the Mac Server has a reserved and fixed IP Address. This can be assigned using a static map via DHCP if you wish
3 Make sure your DHCP Service is pushing out to client workstations appropriate DNS Server IP Addresses and Search Domain information to successfully resolve hostnames with
3 Profile Manager won't work well if at all unless the Server is promoted to OD Master Role. You use the Server App to promote to OD Master (not Server Admin) and you use Server Admin (not Server App) to demote.
4 Profile Manager won't work if there internet reachability is an issue. In other words try and avoid access to the internet is via an authenticated proxy
5 Profile Manager must user port 443 internally
The above is not a definitive or exhaustive list by any means but should help you in some way?
Antonio Rocco (ACSA)
20th August 2012, 05:57 PM #9
- Rep Power
Yea we just are not bound to AD here yet. District will likely switch in the next year or so and I didn't want to take the time to mess with it. I found a way around the issue. Put the mount in Workgroup Manager and then through terminal command put a keychain in keychain access. I can then deploy the script from ARD and everyone is happy. Thanks for all the information. You have been very helpful.
By mhowell in forum Wireless Networks
Last Post: 10th May 2012, 01:09 PM
By Ric_ in forum Thin Client and Virtual Machines
Last Post: 25th July 2010, 11:43 AM
By theeldergeek in forum Mac
Last Post: 4th December 2008, 08:16 PM
By meastaugh1 in forum Thin Client and Virtual Machines
Last Post: 16th May 2007, 11:04 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)