Group logon Scripts

Fri Jan 7 18:02:39 GMT 2000

> I use the following script in the root preexec field for the netlogon 
> share,called by tthis command:
> perl /home/netlogon/logon_script %u %m %g

According to smb.conf(1), %g only returns the primary group
of the user (as you've noted below).  If you want to retreive all the
groups,
you could forget about %g altogether and use perl's getgr routines
and such to get all the groups that a user belongs to.
This way, if a user belongs to, say, 2 groups, you could set
up separate net use's, for example, that are appropriate for each group.

If user A belongs to group 1 and user B belongs to group 2, you have
different settings for each.  What about user C who belongs to both
groups 1 and 2 and needs both groups' settings?

My take on it:
You could set up an array of all the groups that a user belongs to
like this:

$username=$ARGV[0];
setgrent();
while (@grline=getgrent()) {
        (@users)=split(' ',$grline[3]);
        if (grep(/^$username$/, at users)) {
                push(@groups,$grline[0]);
        }
}
# Uncomment to debug
#print "$username belongs to:\n";
#foreach $group (@groups) {
#        print "$group\n";
#}

So, @groups is a list that contains all the group names that the
user belongs to.  See changes to your code below.

> 
> Then the logon script is set to :%u.bat
> 
> It works great with the only problem being with users belonging to 
> multiple groups, this will only select the users primary group to 
> create a logon script.
> 

See above.

> I am also including my root postexec script for the netlogon share.
> 
> 
> #!/usr/bin/perl
> #
> # log when a user "logs into the network"
> # and generate a custom logon script
> #
> ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = 
> localtime(time);
> $month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 
> 'Sep', 'Oct', 'Nov', 'Dec')[$mon];
> open LOG, ">>/var/log/samba/netlogon.log";
> print LOG "$month $mday $hour:$min:$sec\t$ARGV[0] logged into 
> $ARGV[1]\n";
> close LOG;

That is really a great idea. Wish I'd thought of it.  But don't
Samba's log files give you this info already?

> 
> $command = "rm /home/netlogon/$ARGV[0].bat";
> open (COMMAND, "|bash");
> print COMMAND $command;
> close (COMMAND);

Instead of all that, just use:
unlink("/home/netlogon/$ARGV[0].bat");

(better check if that is syntactically correct, tho' ;) )

> open LOGON, ">>/home/netlogon/$ARGV[0].bat";
> print LOGON "\@echo off\r\n";
> print LOGON "set pml=h:\\pmail\r\n";
> print LOGON "set pmr=h:\\pmail\r\n";
> print LOGON "NET USE X: \\\\titan\\$ARGV[0]\r\n";
> print LOGON "NET USE H: \\\\titan\\H\r\n";
> print LOGON "NET USE I: \\\\titan\\I\r\n";
> print LOGON "NET USE V: \\\\titan\\V\r\n";
> 
[snip]
> 
> if ($ARGV[2] eq 'imaging') {
>     print LOGON "NET USE S: \\\\roo\\smartcd\r\n";
>     print LOGON "NET USE T: \\\\roo\\image_vol\r\n";
>     print LOGON "NET USE U: \\\\roo\\sybase\r\n";
> }

Ok, now instead of using if ($ARGV[2])..., use grep:

if (grep(/^imaging$/, at groups)) {
	print LOGON "net use .......\r\n"
	...
}

> print LOGON "NET TIME \\\\titan /SET /YES\r\n";
> 
> close LOGON;
> 
> --------------------------------------------------------------
> ------------------------------------
> 
> 
> #!/usr/bin/perl
> #
> # log when a user "logs out of the network"
> # and delete their logon script
> #
> ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = 
> localtime(time);
> $month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 
> 'Sep', 'Oct', 'Nov', 'Dec')[$mon];
> open LOG, ">>/var/log/samba/netlogon.log";
> print LOG "$month $mday $hour:$min:$sec\t$ARGV[0] logged out.\n";
> close LOG;
> 
> $command = "rm /home/netlogon/$ARGV[0].bat";
> open (COMMAND, "|bash");
> print COMMAND $command;
> close (COMMAND);

Again, unlink("$ARGV[0].bat");

Just my $0.02...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3672 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20000107/acc38a2f/attachment.bin