Windows Distribution Point Account Question...

Lhsachs
Contributor II

I've created a test windows distribution point. Made local accounts for both casperadmin and casperinstall. I've replicated my main distribution point to the test distribution point on the windows vm with CasperShare on drive D. I was pleased when it succeeded...

When using a boot drive that kicks off Casper Imaging, I see the site, but it can not mount it...

My debugging showed that I can mount the CasperShare on the VM using my credentials (smb://servername/CasperShare), but can't using either casperinstall or casperadmin.

Do we need a service account in order to be able to mount these shares over the network?

1 ACCEPTED SOLUTION

adiSean
New Contributor III

Yeah you got it. The service accounts have to have access to the share. SSH account can live locally. So in my set up I have an svc_casper and svc_casper_ro accounts. svc_casper is read/write and svc_casper_ro is read only. They both have respective permissions set on the share on the Windows server. They are also the same accounts I have set in my Distribution Point settings in the JSS.

View solution in original post

6 REPLIES 6

adiSean
New Contributor III

You'll need the service accounts and configured correctly in the JSS. The Share Name under the File Sharing tab in your DP settings should just be in your case CasperShare. Add any domain info and port 139 for SMB (assuming this is what you are using).

Lhsachs
Contributor II

@adiSean - Thanks... I was able to replicate to the VM Distribution Point with only local accounts on the CasperShare, but can't mount from elsewhere without a service account. Do I need to add the service accounts (which will have the same name as the local casperadmin, casperinstall) to the share, too? Do I also need to add the ssh username as a service account - or can it live as a local account?

I knew the old trick of test mounting the shares with casperadmin or casperinstall from the times passwords at my old site expired...

adiSean
New Contributor III

Yeah you got it. The service accounts have to have access to the share. SSH account can live locally. So in my set up I have an svc_casper and svc_casper_ro accounts. svc_casper is read/write and svc_casper_ro is read only. They both have respective permissions set on the share on the Windows server. They are also the same accounts I have set in my Distribution Point settings in the JSS.

donmontalvo
Esteemed Contributor III

How are you guys ensuring shell scripts show up as executable on Windows (or NAS) shares?

We make sure they're executable before uploading, but they don't always get the bit.

Don

--
https://donmontalvo.com

nkalister
Valued Contributor

hey don, we haven't needed to do anything in connection with the executable bit with our shell scripts at all- I just upload them in casper admin, and they work from both our windows and mac distribution points.

mm2270
Legendary Contributor III

Same here. I never worry about setting an executable bit on any shell scripts we use. I write them, test them, upload them. they work (most of the time :). Our Master DP is hosted on a Windows server, (although the DPs most of the clients are pointed to are on Mac servers right now) Anyway, everything works fine. I believe as long as the script has the shebang that specifies which interpreter to use, Casper Suite takes care of running it properly.
Not sure how it handles AppleScripts but I assume it sees the .scpt extension and knows its an AppleScript and how to run it.

Have you seen different behavior? Remember that the script downloads and runs locally on the Mac so it shouldn't actually matter how the Windows server sees them, as long as it doesn't botch it up by adding extra characters to the script contents or modify the extension.