Hey all. Hope you’ve all been enjoying the shockingly great weather we’ve had over the last few weeks. Or how about those Olympics? Team GB didn’t do too badly overall!
Ok, down to work. I apologise once again for the lack of posts. Working for our Mac Consultancy department that specialises in education installs, you can imagine that the summer break has been super-busy for everyone involved.
Without further ado, I’ve decided to take a look at, if not one of the most common commands, one of the most useful, the “mount” command.
“mount”…that wouldn’t have something to do with mounting shares by any chance?
Yes and no. The mount command can be used to mount other items, but this week I’ll be looking at its ability to mount network shares, specifically AFP (Apple File [sharing] Protocol) and SMB (Server Message Block).
This command is adapted to ‘mount_afp’ and ‘mount_smbfs’ for each protocol, so picking the correct version really will make your life easier. A second key point is that before you jump in and mount your volume, the Mac OS requires that a directory (or folder) is specified to mount the volume ‘on to’.
Essentially this dictates that each ‘mount’ command is preceded by a ‘mkdir’ (‘make directory’) command. For example, to mount the AFP share “MNH” on the server “mac.test.internal” you’d be looking at something like the following:
mkdir "/Volumes/MNH" mount_afp "afp://mac.test.internal/MNH" /Volumes/MNH
So, what can I do with ‘mount_afp’?
So you’ve got the basic structure on how to mount an AFP volume using the command line, lets check out some options.
A lot of the authentication options for mount_afp are the same as for ssh (and many other terminal commands). So what if you want to mount the volume with a different set of credentials? Simply add [username]:[password] to the url. Example below (username is bob and password is 1234):
mkdir "/Volumes/MNH" mount_afp "afp://bob:email@example.com/MNH" /Volumes/MNH
Not too bad, not too bad, however it is a little insecure, what with having the username and password in the command. That’s not something you’d like to have laying around.
How about a compromise? Lets leave the username in there but ask for the password instead.
mkdir "/Volumes/MNH" mount_afp –i "afp://firstname.lastname@example.org/MNH" /Volumes/MNH
The Terminal window will request a password (for the network user, not the local user) which will be used to authenticate the user and, if authorised, to mount the requested share.
So by adding the ‘-i’ and removing the password we have secured our script a little more. But lets say you have a typical enterprise environment. I’m talking Kerberos (or SSO – Single Sign On). I’m talking multiple users on each machine. This script just can’t take those variables easily and securely.
Aha, I know some of you have spotted it already, but we can take advantage of Kerberos/SSO that is in place. Kerberos is one of those easier to configure but difficult to troubleshoot technologies to help users authenticate and authorise themselves, all without sending a single password across a (possible compromised or watched) network.
Now don’t worry, I’m not going to delve into the infinite realms of Kerberos in this post (maybe at a later date) I will get back on topic.
As you may have guessed, it’s a case of replacing the ‘authentication’ method area of the url with “;AUTH=Client%20Krb%20v2”.
mkdir "/Volumes/MNH" mount_afp –i "afp://;AUTH=Client%20Krbemail@example.com/MNH" /Volumes/MNH
That’ll work for any user that logs in and has a Kerberos ticket!
What about smb?
Well mount_smbfs is a little simpler. The first option, using the username and password ‘baked’ into the script works as expected. Example:
mkdir "/Volumes/MNH" mount_smbfs "smb://bob:firstname.lastname@example.org/MNH" /Volumes/MNH
The second option, removing the password, works just as well but without the ‘-i’.
mkdir "/Volumes/MNH" mount_smbfs "smb://email@example.com/MNH" /Volumes/MNH
And finally, what about Kerberos/SSO? It’s even easier, just remove all authentication that is ‘baked’ in. Example:
mkdir "/Volumes/MNH" mount_smbfs "smb://mac.test.internal/MNH" /Volumes/MNH
There you have it, that’s how to mount network shares via the command line. What’s the point, I hear you ask! Well, next time I’ll show you the power of rsync which, when used with something like ‘mount’ can provided massive opportunities!
Any hints, tips or opinions? Let us know in the comments below and I’ll try to respond to as many as I can.