We have a lot of users connect to a file share regularly. The connection is handled by script. Currently, a lot of users share just a few accounts on the server.
For a number of reasons, we need to move to individual accounts. However, for the majority of users, these reasons do not include differing permissions or protecting ourselves from malicious actors. And having users immediately gain access for work is very important.
So we’re using the same password for all users in the group with the lowest permissions.
For this group, I’d like to have my Applescript just ask the user for their username, store the password in the script, and connect them, like this:
tell application "Finder"
set {userName, buttonChoice} to the {text returned, button returned} of (display dialog "Please enter your username for \"" & teesPath & "\"." & return & "This is usually your name, First and Last, first letters capitalized, with no space." default answer "FirstLast" with icon caution buttons {"Cancel", "Continue"} default button "Continue")
if userName is in {[List of users with higher permissions here]} then
set userPassword to the text returned of (display dialog "Password:" default answer "" buttons {"Cancel", "Submit"} default button "Submit")
else
set userPassword to "[low-permission password here]"
end if
set openServerLink to "smb://" & userName & ":" & userPassword & "@" & serverPath
open location openServerLink
end tell
This works fine, except for if the user mistypes their user name. Then MacOS has the system login dialog pop up asking for their username and password.
This leads to poor UI for a number of reason:
- Applescript does not wait long for them to enter their information and submit, it can easily error out before a user finished entering their username and password and clicks “OK,” and I haven’t been able to figure out how to set how long it will wait.
- Ideally, we don’t want users at this level to know or care what the password is, we don’t want them to have to enter it.
- It often pops up hidden (I can probably fix that).
Is there any way for me to catch the login error and feed it back to my script, so I can generate another dialog saying their username is invalid and asking for it again?
I could maintain a list of valid users in the script and check for typos before trying to connect (or even have them select from a list) but valid users are changing all the time and it would be a pain to keep the script in sync with the accounts on the server.
The server (FreeNAS) has an API I could query to see if it’s a valid account, but that would require putting the root password in the script, so that’s a no-no.
I’m open to any ideas.
Thanks,
Tom.