DartFS access from Tuck-domain Windows systems


DartFS mount from Tuck-domain Windows systems require explicit authentication to the KIEWIT domain.


Windows systems joined to the TUCKNT active directory domain have a problem when trying to mount DartFS as a network share.  The Windows credential is automatically offered for the mount, unlike a non-domain-joined system, which prompts for domain\username and password.  The Tuck credential is accepted as valid for the mount, but the Isilon does not consider it equivalent to a KIEWIT domain credential and so you do not have the expected access in DartFS.

To tell Windows to use an alternate credential for a network share, use the "net use" command at the command line.  E.g. to map drive letter x: to the home directory for NetID f003bjx

net use x: \\dartfs-hpc.dartmouth.edu\rc\home\x\f003bjx /user:KIEWIT.DARTMOUTH.EDU\f003bjx

When logged in to the domain,  environment variable USER is set to you NetID, so we can automate this in PowerShell as: 

$userName = $env:USERNAME
$lastLetter = $userName[$userName.Length-1]
NET USE X: \\dartfs-hpc.dartmouth.edu\rc\home\$lastLetter\$userName /user:kiewit\$userName

To mount via UNC path rather than a mapped drive, omit the drive letter.  As a batch script to mount and then open an explorer window, use dartfs-home.bat.

@echo off
REM Mount a DartFS home with a KIEWIT credential - for use by TUCKNT users
REM Assumes that we are logged in with a NetID already
REM We could set up lab shares too, but that would require some additional information from the user.
REM If klist shows that we already have a KIEWIT ticket, we can skip 'net use' and just open the window.
REM If we aren't domain-joined, we could prompt for NetID and password (USERDOMAIN)
REM Maybe also an option to map a drive letter ?
echo net use \\dartfs-hpc\rc\home\%USERNAME:~-1,1%\%USERNAME% /USER:KIEWIT\%USERNAME% *
echo Enter password for %USERNAME% at the prompt:
net use \\dartfs-hpc\rc\home\%USERNAME:~-1,1%\%USERNAME% /USER:KIEWIT\%USERNAME% *
start \\dartfs-hpc\rc\home\%USERNAME:~-1,1%\%USERNAME%
timeout 10

Scripts to authenticate and mount lab shares can be constructed similarly, but we can't in general determine what lab shares a user may have access to.




Article ID: 81557
Mon 6/24/19 12:54 PM
Tue 3/28/23 5:17 PM

Related Articles

Related Articles (1)



mkdartfsmounts.zip Computer

Tue 3/28/23 5:17 PM