Mounting Pass and Udrive in an AD environment

Do I script too much?

Today I have a little script that my intern Ethan Cox and I worked on together.

Problem:

Penn State PASS and UDRIVE storage drives require a special edu.psu.kerberos file to be in place to access them. Our Active Directory requires a special edu.psu.kerberos file to be in place to log into the computer. So far, I’ve been able to either remove the machine from our AD or have people access the PASS space via the website. It’s not too bad interacting with the PASS space via the website, but it can be less appealing than the Finder.

Solution:

Create an application to temporarily switch the kerberos file with PSU’s, mount the file share, then put everything back. Seems simple enough, and it was in the end. The hardest issue to overcome was getting kinit to prompt for the password.

What you will Need:

• The Platypus.app.


• The Mounting Script.

OR

• The Mount the Sysman share app


• The Mount the PASS share app

You can edit the finished app by Right clicking it and opening the Contents/Resources/script file.

Putting it together:

Platypus takes a script as input for creating an .app. Download the mounting script and drag it into Platypus’ “Script Path” field. For this script I change the Shell to “/bin/bash” and uncheck the “Remains running after initial execution” check box. Click the “Create” button and save your new app.

Your new app is now a double-clickable script that anyone can run.

Changing the script:

The mounting script is configurable to your needs.

There are two variables at the top of the script. The first variable sets the smb path to mount. Right now, the script only mounts SMB shares. Change the path to mount a different share.

psuserver="smb://udrive.win.psu.edu/sysman"

The second variable is the domain to get a kerberos ticket from. You can use your own domain if you need.

domain="dce.psu.edu"

Some other shares can be:

    cifs://cifs.pass.psu.edu

Edit the alternate kerberos file if it differs from PSU’s. This bit of code checks for the existence of our PSU kerberos file and creates it if it’s missing.

if [[ -e /Library/Preferences/edu.mit.Kerberos.psu ]]; then
    echo "PSU File avail"
else
    echo "[domain_realm]
    .psu.edu = dce.psu.edu
    psu.edu = dce.psu.edu

[libdefaults]
    defaultrealm = dce.psu.edu
    dnslookup_kdc = true
    forwardable = true
    noaddresses = true" > /Library/Preferences/edu.mit.Kerberos.psu
fi