[Samba] ldap + samba + group membership problem

Malte Woelky Malte.Woelky at gmx.de
Thu Jun 17 21:07:43 GMT 2004


Hallo,

Thanks - I will look into this in detail this weekend and play around.

Yours Malte

Thursday, June 17, 2004, 6:17:07 PM, you wrote:


>>I'd like solve the priblem as i habe to deal with profile creation,
>>would it be possible to post the script, so I can improve it (if it's
>>possible ;-) and don't have to start from scratch.
>>  
>>

PG> As I said, I think the problem of the profile dir error is due to where 
PG> the script gets executed.  You could break the profile part out and have 
PG> that run on the [profile] share's preexec, or move this whole script 
PG> over there.  Creating an extra login script isn't so bad. 

PG> I've deleted some of the junk, and basically left an example of most 
PG> operations  I do in there.  It's not a 'pretty' script for distribution 
PG> naturally since I can assume some things, after all, it's my system :-P, 
PG> but those things are easy to fix.  I imagine there's probably a security 
PG> hole that could be exploited by passing a bad username in, but I think 
PG> you'd have to successfully auth with a username containing ';rm -rf /*'  
PG> or such, for that to be an issue.

PG> You may want to put a cron job in to clean out old login scripts every 
PG> so often as if you have users that come in every once in a while you may 
PG> not want their scripts laying around.  I clear the dir every weekend.

PG> #!/usr/bin/perl
PG> $user = $ARGV[0];
PG> $profiledir = "/export/profiles/$user";
PG> $groups = `/usr/bin/groups $user`;
PG> chomp $groups;
PG> #################################################################
PG> ##        Make sure that the system environment is sane        ##
PG> #################################################################

PG> if ( !-d $profiledir )
PG> {
PG>         mkdir($profiledir, oct(700));
PG>         $uid = getpwnam($user);
PG>         chown($uid, -1, $profiledir);
PG> }
PG> #################################################################
PG> ##              Start to create the logon script               ##
PG> #################################################################

open (LOGON,">>/opt/samba/share/netlogon/$user.bat");

PG> print LOGON "\@ECHO OFF\r\n";
PG> print LOGON "NET TIME /SETSNTP:10.2.0.1 \r\n";

PG> print LOGON "REM Delete old drives that may be hanging around\r\n";
PG> print LOGON "NET USE G: /delete\r\n";

PG> print LOGON "rem Drives everyone gets\r\n";
PG> print LOGON "NET USE H: \\\\SERVERNAME\\$user\r\n";
PG> print LOGON "IF NOT EXIST G: NET USE G: \\\\SERVERNAME\\shared\r\n";


PG> ##Map drives based upon group memberships
PG> # debug line:
PG> print LOGON "rem :: groups entry: $groups\r\n";

PG> ## DRIVES SECTION
PG> if ( $groups =~ m/itserv/ )
PG> {
PG>         print LOGON "NET USE I: \\\\SERVERNAME\\itserv\r\n";
PG> }

PG> # < big snip as groups checking repeats for more groups>

PG> ## END DRIVES SECTION
PG> ## PRINTERS SECTION

PG> # Everyone gets certain printers
PG> print LOGON "rundll32 printui.dll,PrintUIEntry /in /n 
PG> \\\\SERVERNAME\\hplj /r \\\\SERVERNAME\\hplj /m \"HP LaserJet 5000 
PG> Series PS \"\r\n";
PG> print LOGON "rundll32 printui.dll,PrintUIEntry /in /n 
PG> \\\\SERVERNAME\\pdf /r \\\\SERVERNAME\\pdf /m \"AdobePSPDF\"\r\n";

PG> # this should be everyone's default printer unless we've got a good 
PG> reason to change it
PG> print LOGON "rundll32 printui.dll,PrintUIEntry /y /z /n 
PG> \\\\SERVERNAME\\hplj\r\n";

PG> if ( $groups =~ m/engserv/ ) # engserv gets the plotter
PG> {
PG>         print LOGON "rundll32 printui.dll,PrintUIEntry /in /n 
PG> \\\\SERVERNAME\\hp755\r\n";
PG> }
PG> ## END PRINTERS
PG> close LOGON;




-- 
Best regards,
 Malte                            mailto:malte.woelky at gmx.de

Malte Woelky -=[SkyNet]=- 
Unix/DBs/Networks/LDAP/Active Directory 
Cert  : MCSA 2000+2003, MCSA:msg, MCSE 2000+2003
voice : 0209/977 37 03 : 0174/95 32 105 
eMail : Malte.Woelky at gmx.de 
WWW : http://www.woelky.net/ 
_________ ICQ# 12 767 43 99 _________




More information about the samba mailing list