[Samba] ldap + samba + group membership problem

Paul Gienger pgienger at ae-solutions.com
Thu Jun 17 16:17:07 GMT 2004 

>I'd like solve the priblem as i habe to deal with profile creation,
>would it be possible to post the script, so I can improve it (if it's
>possible ;-) and don't have to start from scratch.
>  
>

As I said, I think the problem of the profile dir error is due to where 
the script gets executed.  You could break the profile part out and have 
that run on the [profile] share's preexec, or move this whole script 
over there.  Creating an extra login script isn't so bad. 

I've deleted some of the junk, and basically left an example of most 
operations  I do in there.  It's not a 'pretty' script for distribution 
naturally since I can assume some things, after all, it's my system :-P, 
but those things are easy to fix.  I imagine there's probably a security 
hole that could be exploited by passing a bad username in, but I think 
you'd have to successfully auth with a username containing ';rm -rf /*'  
or such, for that to be an issue.

You may want to put a cron job in to clean out old login scripts every 
so often as if you have users that come in every once in a while you may 
not want their scripts laying around.  I clear the dir every weekend.

#!/usr/bin/perl
$user = $ARGV[0];
$profiledir = "/export/profiles/$user";
$groups = `/usr/bin/groups $user`;
chomp $groups;
#################################################################
##        Make sure that the system environment is sane        ##
#################################################################

if ( !-d $profiledir )
{
        mkdir($profiledir, oct(700));
        $uid = getpwnam($user);
        chown($uid, -1, $profiledir);
}
#################################################################
##              Start to create the logon script               ##
#################################################################

open (LOGON,">/opt/samba/share/netlogon/$user.bat");

print LOGON "\@ECHO OFF\r\n";
print LOGON "NET TIME /SETSNTP:10.2.0.1 \r\n";

print LOGON "REM Delete old drives that may be hanging around\r\n";
print LOGON "NET USE G: /delete\r\n";

print LOGON "rem Drives everyone gets\r\n";
print LOGON "NET USE H: \\\\SERVERNAME\\$user\r\n";
print LOGON "IF NOT EXIST G: NET USE G: \\\\SERVERNAME\\shared\r\n";


##Map drives based upon group memberships
# debug line:
print LOGON "rem :: groups entry: $groups\r\n";

## DRIVES SECTION
if ( $groups =~ m/itserv/ )
{
        print LOGON "NET USE I: \\\\SERVERNAME\\itserv\r\n";
}

# < big snip as groups checking repeats for more groups>

## END DRIVES SECTION
## PRINTERS SECTION

# Everyone gets certain printers
print LOGON "rundll32 printui.dll,PrintUIEntry /in /n 
\\\\SERVERNAME\\hplj /r \\\\SERVERNAME\\hplj /m \"HP LaserJet 5000 
Series PS \"\r\n";
print LOGON "rundll32 printui.dll,PrintUIEntry /in /n 
\\\\SERVERNAME\\pdf /r \\\\SERVERNAME\\pdf /m \"AdobePSPDF\"\r\n";

# this should be everyone's default printer unless we've got a good 
reason to change it
print LOGON "rundll32 printui.dll,PrintUIEntry /y /z /n 
\\\\SERVERNAME\\hplj\r\n";

if ( $groups =~ m/engserv/ ) # engserv gets the plotter
{
        print LOGON "rundll32 printui.dll,PrintUIEntry /in /n 
\\\\SERVERNAME\\hp755\r\n";
}
## END PRINTERS
close LOGON;

-- 
Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list