logon scripts
Edward Irvine
irvinee at yahoo.com.au
Thu Sep 7 05:00:14 GMT 2000
Hi,
--- Greg Ryle <GRyle at maf.org> wrote: >
> I am new to the list and just inherited a
> domain with a linux box
> running Samba 2.0.6 as a PDC. I am wondering
> if anyone has any domain
> logon scripts for machines or for individual
> users I can see as an
> example?
>
> Thanks Greg
>
>
>
Here is a very messy one that needs to be cleaned up!
_____________________________________________________________________________
http://geocities.yahoo.com.au - Yahoo! Australia & NZ GeoCities
- Build your own Web Site - for free!
-------------- next part --------------
$ cat /usr/local/samba/bin/makelogonscript.pl
#!/usr/bin/perl
#
# log when a user "logs into the network"
# and generate a custom logon script
#
# This script should be called from the "root_preexec" command
# in the logon share of Samba - see /usr/local/etc/smb.conf
# for details.
# Basically, this script wants to fill up the samba "netlogon"
# share (~/.winprofile) with the sort of stuff windows 9x wants
# to see. Currently this means that:
# a) ~/.winprofile exists and is a directory.
# b) they need the CONFIG.POL policy file in ~/.winprofile
# -- the correct policy for the correct type of user,
# -- either student or teacher.
# c) ~/.winprofile contains a profile PROFILE.DAT
#
# ARGV[0] is the root directory of the calling samba share,
# ARGV[1] is the user name of the person logging in through samba,
# ARGV[2] is the client computer they are logging in to.
# ARGV[3] is the client architecture (Win95, WinNT),
# ARGV[4] is the NetBios name of this machine.
############################# Command line arguments ######################
$this_directory=$ARGV[0]; # Should be user's directory for windows
# profiles and policies.
$this_user=$ARGV[1]; # User's login name.
$client_machine=$ARGV[2]; # Wintel computer they are logging in from.
$client_architecture=$ARGV[3];# What sort of OS (Win95, WinNT ...
$netbios_name=$ARGV[4]; # The netbios alias of this machine.
############################## Here goes! #################################
use File::stat;
use File::Path;
use File::Copy;
############################## Some constants ############################
if ($client_architecture eq 'Win95') {
# Location of the student's USER.DAT skeleton file.
$STUDENT_USER_DAT= '/usr/local/samba/profiles/student/USER.DAT';
# Location of the student's CONFIG.POL file.
$STUDENT_CONFIG_POL='/usr/local/samba/profiles/student/CONFIG.POL';
# Location of the teacher's skeleton USER.DAT file
$TEACHER_USER_DAT='/usr/local/samba/profiles/teacher/USER.DAT';
# Location of the teacher's CONFIG.POL file.
$TEACHER_CONFIG_POL='/usr/local/samba/profiles/teacher/CONFIG.POL';
# Possible Net_BIOS names. (netbios aliases in /usr/local/etc/smb.conf)
} else {
# UGLY HACK added for NT4 support.
# Location of the student's NTUSER.DAT skeleton file.
$STUDENT_USER_DAT= '/usr/local/samba/profiles/student/NTUSER.DAT';
# Location of the student's NTCONFIG.POL file.
$STUDENT_CONFIG_POL='/usr/local/samba/profiles/student/NTCONFIG.POL';
# Location of the teacher's skeleton NTUSER.DAT file
$TEACHER_USER_DAT='/usr/local/samba/profiles/teacher/NTUSER.DAT';
# Location of the teacher's NTCONFIG.POL file.
$TEACHER_CONFIG_POL='/usr/local/samba/profiles/teacher/NTCONFIG.POL';
# Possible Net_BIOS names. (netbios aliases in /usr/local/etc/smb.conf)
}
$PLAINTEXT='aretha';
$ENCRYPTED='nt';
# Get the user_id number and group_id number of this user.
($uid, $gid) = ((getpwnam($this_user))[2,3]);
# Get the time right now. (tm)
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
$month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct',
'Nov', 'Dec')[$mon];
# And write an entry to the logfile...
open LOG, ">>/var/log/netlogon.log";
print LOG "$month $mday $hour $min $sec\t$this_user\tlogged into\t$client_machin
e\t$client_architecture\t$netbios_name\n";
#############################################################################
#
# Profile Directory check.
#
# Now we will check to make certain that nothing too wierd has
# been done to this directory... kids haven't hacked it up 'n stuff.
#
#############################################################################
# Make sure this directory exists. Make sure its not an
# ordinary file either, and has all the right permissions
$rc=0; # result count.
unless (-d $this_directory){
if (-e $this_directory){ # Hmm.. Not a directory!
system("rm -R -f $this_directory"); $rc += $? >> 8;
print LOG "*** Warning: removed $this_directory\n";
}
system("mkdir -p -m 0750 $this_directory"); $rc += $? >> 8;
print LOG "*** Warning: had to create $this_directory\n";
}
print LOG "*** Warning: Some funny result codes returned from the above! $! \n"
if($rc);
# Check permissions on the directory, and fix if need be.
$sb = stat($this_directory);
if($uid != $sb->uid || $gid != $sb->gid){
chown($uid, $gid, $this_directory);
}
# End of check. Their profile directory should now exist in an
# untampered state. Let's keep going.
# Figure out if the user belongs to
# the group "admin" and/or the group "staff". These
# users get access to special shares.
$admin_person = 0;
$staff_person = 0;
$admin_entries = (getgrnam("admin"))[3];
$admin_person++ if ($admin_entries =~ /$this_user\b/);
$staff_entries = (getgrnam("staff"))[3];
$staff_person++ if ($staff_entries =~ /$this_user\b/);
$exec_entries = (getgrnam("exec"))[3];
$exec_person++ if ($exec_entries =~ /$this_user\b/);
$cst_entries = (getgrnam("cst"))[3];
$cst_person++ if ($cst_entries =~ /$this_user\b/);
# Armed with what sort of groups they belong to, we can
# now write the logon script. Note the use of the MS-DOS
# carriage returns.
open LOGON, ">$this_directory/$this_user.BAT";
print LOGON "\@echo off\r\n";
#this is a hack to delete those huge cookie folders that pile up in
# windows machines. It is ugly as sin. It smells. But it works.
print LOGON "DELTREE /Y C:\\WINDOWS\\Profiles\\$this_user\\Cookies \r\n" if ($ui
d > 3000 and $client_architecture =~ /Win95/ );
# this hack is to put a "/persistent:no" modifier on the NET USE
# commands for NT4 clients.
if ($client_architecture =~ /Win95/){
$persistent = ' ';
} else {
$persistent = '/PERSISTENT:NO';
}
print LOGON "NET TIME \\\\ARETHA /YES /SET\r\n";
print LOGON "NET USE F: \\\\ARETHA\\faculties $persistent\r\n" if ($staff_person
);
print LOGON "NET USE H: /HOME $persistent\r\n" if ($client_architecture eq 'Win9
5');
print LOGON "NET USE P: \\\\ARETHA\\$this_user $persistent\r\n"; # user's unix
home dir
print LOGON "NET USE Q: \\\\ARETHA\\all_share $persistent\r\n";
print LOGON "NET USE R: \\\\ARETHA\\teach_share $persistent\r\n" if ($staff_pers
on);
print LOGON "NET USE S: \\\\ARETHA\\admin_share $persistent\r\n" if ($admin_pers
on);
print LOGON "NET USE T: \\\\ARETHA\\exec_share $persistent\r\n" if ($exec_person
);
print LOGON "NET USE U: \\\\ARETHA\\cst_share $persistent\r\n" if ($cst_person);
print LOGON "NET USE V: \\\\AJAX\\all_share $persistent\r\n" if ($this_user eq "
fhs");
# print LOGON "DELTREE /Y C:\\WINDOWS\\*.PWL $persistent\r\n" if ($client_archit
ecture eq 'Win95');
#print LOGON "PAUSE\r\n";
print LOGON "EXIT\r\n";
close LOGON;
# Students all get the same CONFIG.POL into their directory.
# If the skeleton USER.DAT is newer than the student version,
# then copy that too.
if ( $client_architecture =~ /Win95/ ) {
my ($ctime1, $ctime2 ); # timestamps for files.
if ($uid >= 3000){ # must be a student.
copy( $STUDENT_CONFIG_POL, "$this_directory/CONFIG.POL" )
|| warn "$0 Warning: failed to copy. $!\n";
# get the timestamp on the skeleton USER.DAT
my $inode = stat( $STUDENT_USER_DAT )
|| warn "$0 warning: failed to stat. $!\n";
$ctime1 = $inode->ctime;
# get the timestamp on the students actual user.dat
if ( -e "$this_directory/USER.DAT" ) {
$inode = stat( "$this_directory/USER.DAT" )
||warn "$0 Warning: failed to stat. $!\n";
$ctime2 = $inode->ctime;
} else {
$ctime2 = 0;
}
if ($ctime2 < $ctime1) {
copy( $STUDENT_USER_DAT , "$this_directory/USER.DAT" );
chown( $uid, $gid, "$this_directory/USER.DAT" );
}
# Zap any old Mandatory Profiles that may be around.
if( -e "$this_directory/USER.MAN" ){
unlink ( "$this_directory/USER.MAN" );
}
} else { # must be a teacher type of person. This is easi
er
if($uid > 1001) { # as there are not user.dat skeletons yet.
copy( $TEACHER_CONFIG_POL , "$this_directory/CONFIG.POL" );
system("touch $this_directory/USER.DAT");
}
}
} else {
# Ugly hack for NT4 support.
my ($ctime1, $ctime2 ); # timestamps for files.
if ($uid >= 3000){ # must be a student.
copy( $STUDENT_CONFIG_POL, "$this_directory/NTCONFIG.POL" )
|| warn "$0 Warning: failed to copy. $!\n";
# get the timestamp on the skeleton NTUSER.DAT
my $inode = stat( $STUDENT_USER_DAT )
|| warn "$0 warning: failed to stat. $!\n";
$ctime1 = $inode->ctime;
# get the timestamp on the students actual user.dat
if ( -e "$this_directory/NTUSER.DAT" ) {
$inode = stat( "$this_directory/NTUSER.DAT" )
||warn "$0 Warning: failed to stat. $!\n";
$ctime2 = $inode->ctime;
} else {
$ctime2 = 0;
}
if ($ctime2 < $ctime1) {
copy( $STUDENT_USER_DAT , "$this_directory/NTUSER.DAT" );
chown( $uid, $gid, "$this_directory/NTUSER.DAT" );
}
# Zap any old Mandatory Profiles that may be around.
if( -e "$this_directory/NTUSER.MAN" ){
unlink ( "$this_directory/NTUSER.MAN" );
}
} else { # must be a teacher type of person.
if($uid > 1001) {
copy( $TEACHER_CONFIG_POL , "$this_directory/NTCONFIG.POL" );
# get the timestamp on the skeleton NTUSER.DAT
my $inode = stat( $TEACHER_USER_DAT )
|| warn "$0 warning: failed to stat. $!\n";
$ctime1 = $inode->ctime;
# get the timestamp on the teachers actual user.dat
if ( -e "$this_directory/NTUSER.DAT" ) {
$inode = stat( "$this_directory/NTUSER.DAT" )
||warn "$0 Warning: failed to stat. $!\n";
$ctime2 = $inode->ctime;
} else {
$ctime2 = 0;
}
if ($ctime2 < $ctime1) {
# copy( $TEACHER_USER_DAT , "$this_directory/NTUSER.DAT" );
# chown( $uid, $gid, "$this_directory/NTUSER.DAT" );
}
}
}
}
# copy( $TEACHER_USER_DAT , "$this_directory/NTUSER.DAT" );
# print "$ARGV[0] $this_user uid = $uid \n";
# dlete any NTCONFIG.POL files around - they don't seem to work.
system("rm $this_directory/NTCONFIG.POL");
close LOG;
exit;
[sysop at Aretha ~]
More information about the samba-ntdom
mailing list