Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS
- 
 Do I have you guys stumped? 
- 
 @scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: @dustinb3403 said in Is it possible to mount smb share using login credentials of current user.: @scottalanmiller yup. Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does. To clarify. This is a Windows Server (soon to be 2016), and Apple client. 
- 
 @dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: @scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: https://discussions.apple.com/thread/3067279 Do it manually once, right click and make an alias to put on the desktop. Does that work? Yes this works, using Option and Command to drag the shared folder to the desktop I get an alias that when opened opens the share. This however is per shared folder, not per server. Edit the URI I guess? The "server" must be a share, so you should be able to specify that. Also, why do you want it done that way? That's a weird way to group access. 
- 
 @dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: @scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: @dustinb3403 said in Is it possible to mount smb share using login credentials of current user.: @scottalanmiller yup. Okay, so this is a Mac? This isn't a question that can be asked generically. This depends on the SMB protocol server being used. Is this Mac, Samba, Windows, etc. That makes a difference. What is needed or will work for UNIX that isn't Mac doesn't apply to Mac because Mac doesn't use Samba and all other UNIX does. To clarify. This is a Windows Server (soon to be 2016), and Apple client. The server side won't matter, but the client side definitely does. 
- 
 @scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: @dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: @scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: https://discussions.apple.com/thread/3067279 Do it manually once, right click and make an alias to put on the desktop. Does that work? Yes this works, using Option and Command to drag the shared folder to the desktop I get an alias that when opened opens the share. This however is per shared folder, not per server. Edit the URI I guess? The "server" must be a share, so you should be able to specify that. Also, why do you want it done that way? That's a weird way to group access. We have different shared folders, with different permissions from a single server. Also not seeing a way to edit the Shortcut on the desktop, short of the name. But not the path. 
- 
 As to why I'd prefer it to be done this way, is not everyone will have access to all of the shared folders under each server. So if I simply can provide an alias to the server from their desktops or task tray etc than I don't have to worry about failed login attempts to a share the user doesn't have access to. This would simply give them access to the server, and with correct permissions allow them to only see what they have access too. Where as, having saying 100 shared folders, each would have to attempt to connect. Creating all kinds of failed login attempts to a resource the user doesn't have. 
- 
 @dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: As to why I'd prefer it to be done this way, is not everyone will have access to all of the shared folders under each server. So if I simply can provide an alias to the server from their desktops or task tray etc than I don't have to worry about failed login attempts to a share the user doesn't have access to. This would simply give them access to the server, and with correct permissions allow them to only see what they have access too. Where as, having saying 100 shared folders, each would have to attempt to connect. Creating all kinds of failed login attempts to a resource the user doesn't have. Yes, but you could group them under one share on the server, or a few shares. Clearly SMB perms exist for a reason and I'm not trying to throw them out the window, but why not use a single share and NTFS ACLs from there? Keep it simple. 
- 
 @scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: @dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: As to why I'd prefer it to be done this way, is not everyone will have access to all of the shared folders under each server. So if I simply can provide an alias to the server from their desktops or task tray etc than I don't have to worry about failed login attempts to a share the user doesn't have access to. This would simply give them access to the server, and with correct permissions allow them to only see what they have access too. Where as, having saying 100 shared folders, each would have to attempt to connect. Creating all kinds of failed login attempts to a resource the user doesn't have. Yes, but you could group them under one share on the server, or a few shares. Clearly SMB perms exist for a reason and I'm not trying to throw them out the window, but why not use a single share and NTFS ACLs from there? Keep it simple. Ha... Yea no I understand what you're saying there but that would require restructuring all of the data. And well.. that ain't happening. (lol) Due to fs limitations and file path names etc. . . just not happening. . 
- 
 You could try NextCloud. 
- 
 So then I guess the next reasonable question is there a way at login (post joining the domain) to automatically create the SMB connections that the user can then select from? IE all of these ..  And put them into "Favorite Servers:" 
- 
 @scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: You could try NextCloud. That won't work due to business requirements. 
- 
 @dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: @scottalanmiller said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: You could try NextCloud. That won't work due to business requirements. What possible requirement would make that not work? 
- 
 https://groups.google.com/d/msg/macenterprise/Ks-zHlY3h5I/VhlTjcYyKxgJ Use PlistBuddy to add shares to sidebar. You can throw that into dotfiles, and deploy with ansible or example. 
- 
 Or this one, if I read one of your previous comments correctly, where you want users to be asked which share they wanted to mount: 
- 
 @marcinozga thanks for that, but neither appears to be operational on my test system. . . Will dig into it in a bit. 
- 
 @dustinb3403 said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: @marcinozga thanks for that, but neither appears to be operational on my test system. . . Will dig into it in a bit. You probably need to tinker with those scripts to match your environment. 
- 
 I've been able to do this without scripts. Odd you're having these issues. 
- 
 @coliver said in Is It Possible to Mount SMB Share Using Kerberos Token of Current User on MacOS: I've been able to do this without scripts. Odd you're having these issues. The issue isn't just creating an alias to an individual shared folder. I want to create a single folder under /Users/Shared which has links to the server. Apple in all it's wisdom only creates a connection to the individual folder, and not to the server (at least in a browsable fashion). It obviously is connecting to the server, but the approach is annoying to say the least for automation reasons. 
- 
 See the following for ideas as to how you can accomplish what you're seeking to do: https://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/ 


