[Samba] different logon scripts and mappings for individual users

Leandro Tracchia ltracchia at gmail.com
Wed Jun 18 12:26:56 GMT 2008 

---------- Forwarded message ----------
From: Leandro Tracchia <ltracchia at gmail.com>
Date: Wed, Jun 18, 2008 at 8:26 AM
Subject: Re: [Samba] different logon scripts and mappings for individual users
To: Charlie <medievalist at gmail.com>


my company is nowhere near that type of need but its good to know that
capability exists. thanks!

On Tue, Jun 17, 2008 at 6:22 PM, Charlie <medievalist at gmail.com> wrote:
> We use a perl script that accesses our LDAP directory and dynamically
> constructs the login script based on the IP address of the user (which
> gives us the physical location) and the user groups the person belongs
> to.  It gets invoked from smb.conf like this:
>
> [global]
>       logon script = %U.bat
>
> [netlogon]
>        path = /var/lib/samba/netlogon
>        root preexec = perl /var/lib/samba/scripts/logonscript.pl %U %M %m %a %I
>        root postexec = perl /var/lib/samba/scripts/logoutscript.pl %U %M %m %a
>
> The dynamically generated %U.bat file is used to install software,
> tweak the registry, map drives, etc. etc. and basically serves the
> same purpose as Windows group policies.  I can't show you ours
> (sorry!) but you can get the general idea from
> http://freshmeat.net/projects/exampleadvancedsambaloginscript/ which
> is the script that inspired us to build our own (thanks Raymond!)
>
> We've been doing this successfully since around 2001.  The perl script
> has grown to integrate our RADIUS and websense stuff, so that
> adjusting a person's internet access is as simple as modifying their
> LDAP attributes in ldapadmin or any similar tool.  It's wonderfully
> efficient, hundreds of users on each logon server without incurring
> the high licensing costs of Microsoft PDCs.
>
> --Charlie
>
> On Tue, Jun 17, 2008 at 3:32 PM, Leandro Tracchia <ltracchia at gmail.com> wrote:
>> wow thats very helpful (i didn't realize the logon script could be
>> that complicated). thanks!!
>>
>> On Tue, Jun 17, 2008 at 2:00 PM, Charles Marcus
>> <CMarcus at media-brokers.com> wrote:
>>> On 6/17/2008, Leandro Tracchia (ltracchia at gmail.com) wrote:
>>>>
>>>> i'm not sure how to create different logon scripts for different
>>>> users. right now i have one logon script called 'logon.bat' that maps
>>>> all users to a server share and syncs the time with the server. i need
>>>> to be able to map different users to different server shares. not all
>>>> users should be mapped to all server shares. these should be automatic
>>>> mappings.
>>>>
>>>> for example:
>>>>
>>>> user1 should only be automatically mapped to music/ share when he logs in.
>>>> user2 should only be automatically mapped to photos /share when he logs
>>>> in.
>>>
>>> Here's my Global Logon script:
>>>
>>> **********************************
>>>
>>> echo off
>>> cls
>>> net time \\mytimeserver /set /y
>>>
>>> if exist C:\WINDOWS\system32\ISMEMBER.EXE goto map-all
>>> if exist y: net use y: /del
>>> net use y: \\mypdc\installers /persistent:no
>>> copy y:\Free\ISMEMBER.EXE c:\WINDOWS\system32\
>>> copy y:\Free\OSVER.EXE c:\WINDOWS\system32\
>>>
>>> :map-all
>>> call \\mypdc\netlogon\unmap-all.bat
>>> call \\mypdc\netlogon\map-all.bat
>>>
>>> if %username% == user1 net use f: \\myotherserver\Share1 /persistent:no
>>>
>>> ISMEMBER "MyDomain\Group1"
>>> if errorlevel 1 net use j: \\mypdc\Share1 /persistent:no
>>>
>>> ISMEMBER "MyDomain\Group2"
>>> if errorlevel 1 call \\mypdc\netlogon\Group2.bat
>>>
>>> ISMEMBER "MyDomain\Group3"
>>> if errorlevel 1 net use q: \\myotherserver\Share2 /persistent:no
>>>
>>> ISMEMBER "MyDomain\Group4"
>>> if errorlevel 1 net use s: \\mypdc\Share2 /persistent:no
>>>
>>> :end
>>>
>>> ************************************
>>>
>>> Then each Group and/or user can have their own - or not.
>>>
>>> map-all maps drives that are common to everyone
>>> unmap-all unmaps *all* mapped drives
>>>
>>> ISMEMBER.EXE and OSVER.EXE (which I don't use anymore) are available free
>>> online from microsoft.
>>>
>>> --
>>>
>>> Best regards,
>>>
>>> Charles
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>

More information about the samba mailing list