Automount Network Server

It's very easy to implement auto mounting of AFP/SMB/CIFS network shares by BIC so that it can restore images stored on a network server share.

This method below requires the storage of the username and password are securely stored in the OS X Keychain of the logged in user.

Using this method does not require that BIC knows about any server usernames or passwords as it leverages the Finder and the OS X keychain for security. The server admin could also ensure that the server permissions only permitted the user had read-only access to the images on the network share.

 

It's recommended that if you use this method you should not enable auto-login of the Mac OS X user on the boot drive used to image your Macs, or otherwise the user's keychain would be unlocked and anyone could then mount your server with read-only access. You may want to also enable firewall rules on your server as yet another level of security protection to prevent unauthorized network clients from accessing your server.

Overview

In the Finder, connect to the server and store the username and password in the OS X Keychain. Add a shell script to the Pre-Restore-Scripts folder that tells the Finder to mount the server (via AppleScript). In the configuration file, put the FULL PATH to the disk image to restore.

Steps

Here are the steps that I tested and have worked for the current release of BIC (2.9.0rc6 and later).

  1. Boot up the Mac with the disk volume that will run BIC. Login as the admin user that you will be running BIC with.
  2. In the Finder, select Connect To Server... from the Go menu:
  3. Enter in the server address and click the Connect button to begin the login process. Below is an example of connecting to an AFP server with the 'macadmin' username on the server at the IP of 192.168.1.88 and the share name titled 'system-disk-images'. It's easier to use the DNS name of the server instead of the IP address, even though the IP was used in this documentation. For Windows SMB/CIFS network server shares, change the afp:// to smb:// or cifs://.
  4. Enter in the username and password for the server and check the box for "Remember this password in my keychain" so that when BIC runs the pre restore automount script the Finder can look up the username and password in the logged in user's keychain.
    Note: If you do not check this box, the Finder will prompt you for the username and password when BIC runs the automount server script, which may or may not be the behavior that you want.
  5. Assuming that you entered in the correct username and password for the server it should be visible either on the desktop or in a Finder Window now:
  6. Optional: Open the KeyChain Access application in the Utilities folder within the Applications folder to view the server login keychain entry:
  7. Add a "MountServerVolume.sh" shell script to the PreRestoreScripts folder for the username@my.server.edu/ShareName. Below is the script used to mount the server referenced in this documentation:

    Note: Be sure to include the back slashes (\) to escape/delimit the quotes or this will not work correctly. #!/bin/sh /usr/bin/osascript -e "mount volume \"afp://macadmin@192.168.1.88/system-disk-images\""
  8. In the configuration file:
    1. Set the PRE_RESTORE_SCRIPT key to the filename of the script in the PreRestoreScripts folder:
      PRE_RESTORE_SCRIPT=MountServerVolume.sh
    2. Set the DEFAULT_DISK_IMAGE key to the full image path on the server volume:
      DEFAULT_DISK_IMAGE=/Volumes/ShareName/LabMaster.dmg

      Sometimes the path to the master .dmg file can be a little hard to get, here's a trick on how to get it quickly:

      1. Open the Terminal.app in the Utilities folder, in the Applications folder.
      2. In the Terminal, enter in echo ", drag and drop the icon of the disk image in the Terminal window which will paste the full path of the image. Finish off the entry by entering a closing double quote ", enter in the pipe character ("|") and type pbcopy and press return. This will echo the full image path and send it to the clipboard, which you can then paste directly into your configuration file:
  9. To test that the pre-restore script works correctly unmount the server in the Finder and run the script within the Terminal, ie:
     
    sudo /path/to/BIC/PreRestoreScripts/MountServerVolume.sh
  10. If you are using BIC with a NetBoot image and you make updates to the keychain you can copy the /Users/userid/Library/KeyChains/login.keychain file to the NetBoot.dmg image in the NetBootDisk/Users/userid/Library/Keychains/ folder.
Return to main BIC Documentation

Last Updated February 26, 2015