- Jamf Nation Community
- Products
- Jamf Pro
- Difference between sudo Jamf policy and automatic ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-03-2017 06:09 AM
Hi Nation!
I've been at it trying to run an AppleScript via policy in Jamf. The script is supposed to mount an smb share with the standard username/password prompt that you get with CMD+K. Below is a snippet of the script, with a debug dialog just to see that the conditionals work fine:
tell application "Finder"
if not (disk loggedinuser exists) then
tell application "Finder"
mount volume "smb://<ip-address>" as user name loggedinuser
display dialog "Disk mounted!"
end tell
end if
end tellThe problem here is that it works if I execute the check-in with sudo jamf policy, but if I trigger it via login or network state change, the script runs fine and displays the dialog but it doesn't actually run anything.
Now, from what I've read it sounds like user-initiated trigger and event-initiated trigger run as different users. Could someone explain to me why it doesn't work with event-triggered script and also if someone has a solution for this?
Thanks,
Sam
Solved! Go to Solution.
Labels:
- Labels:
-
Remote Control
-
Scripts
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-03-2017 07:27 AM
I think the script runs as root regardless of the trigger. It sounds like a timing issue to me, like the script is executing before the Mac has finished establishing it's network connection. I'd try adding something to the script to verify network connectivity before trying to mount the drive.
For reference you could look at the CheckForNetwork() function in Rich Trouton's Casper Check script
CheckForNetwork(){
# Determine if the network is up by looking for any non-loopback network interfaces.
local test
if [[ -z "${NETWORKUP:=}" ]]; then
test=$(ifconfig -a inet 2>/dev/null | sed -n -e '/127.0.0.1/d' -e '/0.0.0.0/d' -e '/inet/p' | wc -l)
if [[ "${test}" -gt 0 ]]; then
NETWORKUP="-YES-"
else
NETWORKUP="-NO-"
fi
fi
}
# Wait up to 60 minutes for a network connection to become
# available which doesn't use a loopback address. This
# condition which may occur if this script is run by a
# LaunchDaemon at boot time.
#
# The network connection check will occur every 5 seconds
# until the 60 minute limit is reached.
ScriptLogging "Checking for active network connection."
CheckForNetwork
i=1
while [[ "${NETWORKUP}" != "-YES-" ]] && [[ $i -ne 720 ]]
do
sleep 5
NETWORKUP=
CheckForNetwork
echo $i
i=$(( $i + 1 ))
doneYou wouldn't want to run the login script for 60 minutes...maybe 5-20 seconds...but this is just for inspiration.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-04-2017 12:43 AM
You can't tell the Finder to mount a network share until a user has completed login and Finder is running as them.
If your calling it as a login script you need to either wait something like 30 seconds or detect when the Finder is available, obviously when your running from terminal all these conditions are alreay met.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-03-2017 07:27 AM
I think the script runs as root regardless of the trigger. It sounds like a timing issue to me, like the script is executing before the Mac has finished establishing it's network connection. I'd try adding something to the script to verify network connectivity before trying to mount the drive.
For reference you could look at the CheckForNetwork() function in Rich Trouton's Casper Check script
CheckForNetwork(){
# Determine if the network is up by looking for any non-loopback network interfaces.
local test
if [[ -z "${NETWORKUP:=}" ]]; then
test=$(ifconfig -a inet 2>/dev/null | sed -n -e '/127.0.0.1/d' -e '/0.0.0.0/d' -e '/inet/p' | wc -l)
if [[ "${test}" -gt 0 ]]; then
NETWORKUP="-YES-"
else
NETWORKUP="-NO-"
fi
fi
}
# Wait up to 60 minutes for a network connection to become
# available which doesn't use a loopback address. This
# condition which may occur if this script is run by a
# LaunchDaemon at boot time.
#
# The network connection check will occur every 5 seconds
# until the 60 minute limit is reached.
ScriptLogging "Checking for active network connection."
CheckForNetwork
i=1
while [[ "${NETWORKUP}" != "-YES-" ]] && [[ $i -ne 720 ]]
do
sleep 5
NETWORKUP=
CheckForNetwork
echo $i
i=$(( $i + 1 ))
doneYou wouldn't want to run the login script for 60 minutes...maybe 5-20 seconds...but this is just for inspiration.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-04-2017 12:43 AM
You can't tell the Finder to mount a network share until a user has completed login and Finder is running as them.
If your calling it as a login script you need to either wait something like 30 seconds or detect when the Finder is available, obviously when your running from terminal all these conditions are alreay met.
