[Samba] ldap + samba + group membership problem
Malte Woelky
Malte.Woelky at gmx.de
Thu Jun 17 21:07:43 GMT 2004
Hallo,
Thanks - I will look into this in detail this weekend and play around.
Yours Malte
Thursday, June 17, 2004, 6:17:07 PM, you wrote:
>>I'd like solve the priblem as i habe to deal with profile creation,
>>would it be possible to post the script, so I can improve it (if it's
>>possible ;-) and don't have to start from scratch.
>>
>>
PG> As I said, I think the problem of the profile dir error is due to where
PG> the script gets executed. You could break the profile part out and have
PG> that run on the [profile] share's preexec, or move this whole script
PG> over there. Creating an extra login script isn't so bad.
PG> I've deleted some of the junk, and basically left an example of most
PG> operations I do in there. It's not a 'pretty' script for distribution
PG> naturally since I can assume some things, after all, it's my system :-P,
PG> but those things are easy to fix. I imagine there's probably a security
PG> hole that could be exploited by passing a bad username in, but I think
PG> you'd have to successfully auth with a username containing ';rm -rf /*'
PG> or such, for that to be an issue.
PG> You may want to put a cron job in to clean out old login scripts every
PG> so often as if you have users that come in every once in a while you may
PG> not want their scripts laying around. I clear the dir every weekend.
PG> #!/usr/bin/perl
PG> $user = $ARGV[0];
PG> $profiledir = "/export/profiles/$user";
PG> $groups = `/usr/bin/groups $user`;
PG> chomp $groups;
PG> #################################################################
PG> ## Make sure that the system environment is sane ##
PG> #################################################################
PG> if ( !-d $profiledir )
PG> {
PG> mkdir($profiledir, oct(700));
PG> $uid = getpwnam($user);
PG> chown($uid, -1, $profiledir);
PG> }
PG> #################################################################
PG> ## Start to create the logon script ##
PG> #################################################################
open (LOGON,">>/opt/samba/share/netlogon/$user.bat");
PG> print LOGON "\@ECHO OFF\r\n";
PG> print LOGON "NET TIME /SETSNTP:10.2.0.1 \r\n";
PG> print LOGON "REM Delete old drives that may be hanging around\r\n";
PG> print LOGON "NET USE G: /delete\r\n";
PG> print LOGON "rem Drives everyone gets\r\n";
PG> print LOGON "NET USE H: \\\\SERVERNAME\\$user\r\n";
PG> print LOGON "IF NOT EXIST G: NET USE G: \\\\SERVERNAME\\shared\r\n";
PG> ##Map drives based upon group memberships
PG> # debug line:
PG> print LOGON "rem :: groups entry: $groups\r\n";
PG> ## DRIVES SECTION
PG> if ( $groups =~ m/itserv/ )
PG> {
PG> print LOGON "NET USE I: \\\\SERVERNAME\\itserv\r\n";
PG> }
PG> # < big snip as groups checking repeats for more groups>
PG> ## END DRIVES SECTION
PG> ## PRINTERS SECTION
PG> # Everyone gets certain printers
PG> print LOGON "rundll32 printui.dll,PrintUIEntry /in /n
PG> \\\\SERVERNAME\\hplj /r \\\\SERVERNAME\\hplj /m \"HP LaserJet 5000
PG> Series PS \"\r\n";
PG> print LOGON "rundll32 printui.dll,PrintUIEntry /in /n
PG> \\\\SERVERNAME\\pdf /r \\\\SERVERNAME\\pdf /m \"AdobePSPDF\"\r\n";
PG> # this should be everyone's default printer unless we've got a good
PG> reason to change it
PG> print LOGON "rundll32 printui.dll,PrintUIEntry /y /z /n
PG> \\\\SERVERNAME\\hplj\r\n";
PG> if ( $groups =~ m/engserv/ ) # engserv gets the plotter
PG> {
PG> print LOGON "rundll32 printui.dll,PrintUIEntry /in /n
PG> \\\\SERVERNAME\\hp755\r\n";
PG> }
PG> ## END PRINTERS
PG> close LOGON;
--
Best regards,
Malte mailto:malte.woelky at gmx.de
Malte Woelky -=[SkyNet]=-
Unix/DBs/Networks/LDAP/Active Directory
Cert : MCSA 2000+2003, MCSA:msg, MCSE 2000+2003
voice : 0209/977 37 03 : 0174/95 32 105
eMail : Malte.Woelky at gmx.de
WWW : http://www.woelky.net/
_________ ICQ# 12 767 43 99 _________
More information about the samba
mailing list