2 Replies Latest reply: Oct 4, 2013 10:03 AM by etresoft
kobayashi maru Level 1 Level 1 (25 points)

Is there a way to write a script that will mount an afp share but also enter the username and password from Active Directory?

 

I need to create a script to propagate to several machines so creating a script to enter one particular username and password isn't going to work.

  • 1. Re: Script to enter Active Directory username and password on server
    Camelot Level 8 Level 8 (45,790 points)

    It isn't entirely clear to me what yo're asking.

     

    Are you asking for a script to pull a username/password from Active Directory and somehow pass that into the AFP mount? If so, that's not going to happen. There is no way (at least, by design) that AD is going to tell you any user's password. Passwords should be securely encrypted on the server and not ever possible to pass back to a client.

     

    If you mean you want the script to know every user's password then that's a security nightmare waiting (no, asking) to happen.

     

    On the other hand, if you're just asking for a way to mount an AFP using the current user's credentials (without necessarily knowing who that user is), then I may be missing something else... namely that should happen anyway - at least, if you're using Keychain on the clients then the client system already knows the user's credentials for the server and can auto-fill them, alternatively if you're running Kerberos in your domain then the authentication should be handled automatically at the server level. In other words, unless you're trying to mount a sharepoint under a different user's credentials, there shouldn't be a need to craft a script to do anything unusual, hence my question as to your use case.

  • 2. Re: Script to enter Active Directory username and password on server
    etresoft Level 7 Level 7 (24,265 points)

    You are crossing domains there. You can configure Activie Directory to automount Active Directory shares. You can configure Open Directory to automount AFP shares. Without being a managed account, under the control of some server, the only way to cross domains with credentials is via the keychain. You could probably write a script to copy credentials from one record in the keychain to another, but that will still have to be run on each machine.