Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-5891: Automounted network shares not working properly after updating to 5.2.2 or higher

Centrify Identity Service, Mac Edition ,  

31 December,15 at 05:53 PM

Applies to: Centrify DirectControl for Mac version 5.2.2 and higher

Problem:

After updating the Mac agent to version 5.2.2 or higher, network shares that are being pushed via the "Automount Settings" group policies appear to not be working correctly anymore.
For example an application that uses these automounted network share paths to save reference links may no longer function properly.


Cause:

The loginmount.pl module was updated in Centrify Suite 2015 (agent version 5.2.2) to force the mountpoints of automounted network shares always be created at:
  • /Users/ [AD username] /Network Shares/ [share name]
The reason for this change is because the previous method of creating automounted network shares relied on native OS X methods create the mountpoints for each share path.
It was discovered that the location of these mountpoints was not consistent between each different version of OS X, which in turn caused some inconsistent behaviour when the same group policy was pushed to an environment with different versions of OS X deployed (One common issue would the icons would not always be successfully created on the Desktop).

The update to have a consistent mount point across all versions of OS X allowed the automounted network share management to be much more predictable and controllable.

However it was found that this method may be incompatible with some third-party software that expects the mountpoints to be at the OS X defaults. 


Workaround:

There are several ways to work around this behaviour:


Option 1:

To revert to the original way of implementing automounted network shares, the original automount scripts can be pushed out to the affected systems (or users):
  1. On your AD server, create a folder named macscripts in the following location: 
    • ​​\\ [domain] \ SYSVOL \ [domain] \ macscripts \ 
  2. Download the mapper scripts (attached to this KB) into the above folder.
    • NOTE: Version 5.2.4 of the Centrify agent needed some fundamental revisions to comply with the Apple's System Integrity Protection feature introduced in OS X 10.11. 
    • This means if there are Mac systems with version 5.2.4 or higher deployed in the environment, the modified mapper package will need to be used instead:
      • For versions 5.2.2 and 5.2.3, use: 5.2.1_mappers.zip 
      • For version 5.2.4 and higher, use: 5.2.4_mappers.zip
    • If there are a mix of agent versions in the environment, it is recommended to bring them all to the same versions before implementing this workaround.
    • If this is not feasible, consider using the Option 2 method detailed below.
  3. Configure the following group policy: 
    • Computer Configuration / Centrify Settings / Common UNIX Settings / "Copy files"
  4. Add two new entries with the following properties:
    • ​If using the 5.2.1_mappers.zip package:
      • Filename: (Browse to) macscripts/mac_mapper_loginmount.pl
        • Destination: /usr/share/centrifydc/mappers/user/
        • Use destination file ownership and permissions
        • Copy as binary file: Enabled
      • Filename: (Browse to) macscripts/loginmount.pl
        • Destination: /usr/share/centrifydc/mappers/extra/
        • Use destination file ownership and permissions
        • Copy as binary file: Enabled
    • ​​​If using the 5.2.4_mappers.zip package:
      • Filename: (Browse to) macscripts/mac_mapper_loginmount.pl
        • Destination: /usr/local/share/centrifydc/mappers/user/
        • Use destination file ownership and permissions
        • Copy as binary file: Enabled
      • ​Filename: (Browse to) macscripts/loginmount.pl
        • Destination: /usr/local/share/centrifydc/mappers/extra/
        • Use destination file ownership and permissions
        • Copy as binary file: Enabled
  5. Save the GPO and then go to the Mac and either wait for the next group policy refresh, or run the command to immediately retrieve the alternate automount modules:
    • adgpupdate
  6. The AD user will need to logout and log back for the changes to take effect.



Option 2: 

NOTE: This alternative method will only work for Mac systems that are permanently connected to the domain and users will NOT be performing offline logins.
  1. Make a note of all the network share paths used in the Automount Settings group policies, and then disable the GPs in this folder as they will no longer be used.
    • User Configuration / Centrify Settings / Mac OS X Settings / Automount Settings / ...
  2. Enable the GP at:
    • User Configuration / Centrify Settings / Mac OS X Settings / Login Settings / "Enable login items"
  3. In the GP properties, scroll down to the "Network share" section and enter the share paths that were previously in the "Automount Settings" GPs.
    • (Configure the rest of the options in this GP as needed.)
  4. Enable the GP at:
    • User Configuration / Centrify Settings / Mac OS X Settings / Finder Settings / "Configure Finder preferences"
  5. Configure the Finder options as desired, but make sure the following checkbox is definitely enabled:
    • Show these items on the Desktop: Connected servers
  6. Save the GPO and then go to the Mac and either wait for the next group policy refresh, or run the command to immediately get the updated policies:
    • adgpupdate
  7. The AD user will need to logout and log back for the changes to take effect.



Resolution:

There will be an option in Suite 2016 to specify flexible mountpoint. For example, it can be customized to use /Volumes as mountpoint and the share folder will be /Volumes/sharefolder.
Attachments:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.