12 thoughts on “OS X / Active Directory integration – hybrid environment using local homes & login scripts.

  1. Raoul Tjin

    Hello. I have the Same challenge .
    If I understand it right there are 3 scripts
    Launchd
    LoginHook
    Launchd.plist (xml file)

    What script do I need to store in /Library/LaunchAgents
    And where can I find /usr/hookfiles .

    Am new in scripting so be patient.

    Reply
  2. Tim Schutt Post author

    Hi Raoul,

    You are correct that there are 3 files (2 scripts, 1 Launcd plist). I have the scripts named as “LoginHook.sh”, “mapping.sh” which reside in /usr/hookfiles – they can reside anywhere so long as you specify the full path to them in the launchd plist and loginhook call.

    the launchd plist should be named something like com.yourcompany.folderredirect and stored in /Library/LaunchAgents. You also need to modify that under the “label” key in the file itself.

    and I actually create the directory /usr/hookfiles.

    Sorry – this wasn’t clear in my write-up. I threw this post together rather quickly, and will take some time soon to refine it a bit.

    If you’re not already familiar with LoginHooks and launchd, you may want to google them and read up a bit as well.

    Reply
    1. Raoul

      Ok I lost You somwhere.

      Ok I have 3 Files called

      LoginHook.sh (short Script)
      mapping.sh (log script)
      Launcd plist (Xml script)

      So far so good.

      Do i need to put all 3 of them in /Library/LaunchAgents ?

      And do i need 2 edit them

      I got it working but cant reproduced what i did to get it working.

      Want to make a Good image to deploy to other machines.

      Reply
    2. Raoul

      Ok from The Top

      #! /bin/bash

      ##
      ## LoginHook script by Tim Schutt, 2013
      ##

      This Script is called Loginhook and placed in /usr/hookfiles

      Then There is

      #! /bin/bash

      ##
      ## launchd script to redirect key folders for Active Directory users – Tim Schutt, 2013
      ##

      What is Called launchd and is also placed in /usr/hookfiles

      Then there is

      Label
      org.yours.goes.here
      LimitLoadToSessionType

      Aqua

      ProgramArguments

      /usr/hookfiles/mapping.sh

      RunAtLoad

      What is called Launchd.plis This is placed in /Library/LaunchAgents

      So far Correct ?
      You said i need to change this
      org.yours.goes.here
      Out network is called network.local

      I know was so when i got here
      So do i need to change it to

      local.network

      Im now testing the script on mine account and a other test account.
      But strange that is all worked i did not edit any file and now i cant get i to work.
      And following steps I took in mine mind to fingure out what i did but no succes yet.

      A bit of help would be fine and welcome.

      Thx For Help and Patience

      Reply
  3. Tim Schutt Post author

    No – you only place the launchd plist in /Library/LaunchAgents, the other two will go into /usr/hookfiles (which you have to create).

    You will need to edit the launchd plist name to reflect your environment (the com.yourcompany.folderredirect) as well as that key in the xml file itself.

    Exercise caution here – as I note in the write up: this is a work in progress. If you are in an area that you are not comfortable hacking about on your own and you don’t understand what these are actually doing, then I would NOT recommend deploying this. You should not treat this as “turn key”, but simply use them as a way to possibly solve a problem.

    Reply
  4. Raoul

    Hmm Dont Know If You Got last Comment But will Post it again But in a nutshell

    Script

    #! /bin/bash

    ##
    ## LoginHook script by Tim Schutt, 2013

    Is called LoginHook and Placed in \usr\hookfiles That Ok ?

    Script

    #! /bin/bash

    ##
    ## launchd script to redirect key folders for Active Directory users – Tim Schutt, 2013
    ##

    Is called launchd and also placed un /usr/hookfiles That’s Ok

    And last script

    Label
    org.yours.goes.here
    LimitLoadToSessionType

    Aqua

    ProgramArguments

    /usr/hookfiles/mapping.sh

    RunAtLoad

    is called Launchd.plis and that is placed in /Library/LaunchAgents That is ok ?

    Our network is called network.local
    and file server is called fsv002
    and can use Windows Home share \\fsv002\users$

    What and where do i find a key or need to edit ?

    Thanks for all the help and patience And if You are ever in Holland the first 3 rounds are on me ๐Ÿ™‚

    Reply
    1. Tim Schutt Post author

      Hey Raoul.

      First script: should exist as /usr/hookfiles/LoginHook.sh

      Second Script: should exist as /usr/hookfiles/mapping.sh

      launchd plist: should exist as
      /Library/LaunchAgents/com.[yourcompany].admapping.plist
      – PLUS you should edit the “org.yours.goes.here” within that fileto the same “com.[yourcompany].admapping” as the file name.

      One further caveat: make sure that the /usr/hookfiles directory and all contents are world readable and executable – execute this in the terminal:

      $ sudo chmod -R 755 /usr/hookfiles

      Does that help clear it up?

      (I’ve always wanted to visit Holland… ๐Ÿ™‚ )

      Reply
  5. Raoul

    Ok I Placed

    mapping.sh
    (script)

    #! /bin/bash

    ##
    ## launchd script to redirect key folders for Active Directory users – Tim Schutt, 2013
    ##

    LIUSER=$(ls -l /dev/console | cut -d ” ” -f 4) ## pulls username in for currently logged in user
    LIGRP=$(ls -l /dev/console | cut -d ” ” -f 6 | cut -d “\\” -f 1) ## extracts group of currently logged in user – used to test if “AD”
    NETLIB=/Volumes/$LIUSER\$/Library ## shortcut – I get lazy sometimes.

    In Folder /usr/hookfiles

    I placed

    Loginhook.sh
    (script)

    #! /bin/bash

    ##
    ## LoginHook script by Tim Schutt, 2013
    ##

    echo “##############################”
    echo “Logging in user is $1”

    In Folder /usr/hookfiles

    $ sudo chmod -R 755 /usr/hookfiles

    Then i Placed File Launchd.plist
    (script)

    Label
    org.yours.goes.here
    LimitLoadToSessionType

    Aqua

    ProgramArguments

    /usr/hookfiles/mapping.sh

    RunAtLoad

    In Folder

    /Library/LaunchAgents

    I named it Launchd.plist
    our Ad is called network.local
    our fsv where the shares are is called fsv002.network.local

    What should org.yours.goes.here
    become ?
    and how do i name the file Launchd.plist

    Reply
  6. Tim Schutt Post author

    Raoul,

    We’re getting way outside the scope of this post at this point. I would suggest a couple of different places where you can read up on what Launchd jobs do, and how to work with the command line for things like file naming.

    http://blog.teamtreehouse.com/introduction-to-the-mac-os-x-command-line

    https://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html#//apple_ref/doc/uid/10000172i-SW7-BCIEDDBJ

    Tim.

    Reply
  7. Raoul

    Hello

    I got it working Thx

    Did you test what happend if server becomes unavaleble ?
    How do you deal with that problem.

    Reply
    1. Tim Schutt Post author

      Good! Glad it’s working for you.

      If the AD servers are unavailable, then the logins won’t process anyways – no non-local users will be able to log in.

      If it breaks while they are logged in, then the user directory disappears and takes all desktop/document folder items with it – haven’t tested how Firefox/safari/etc… handle that – I would assume they would break in some non-elegant manner.

      I haven’t tried to deal with that situation at all – I just accept that if the servers go down, things break.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Prove yourself. *