Fwd: RE: Group logon Scripts
Brian Ginter
brian.ginter at southern-air.com
Wed Feb 23 13:09:47 GMT 2000
I have a similar situation and have assigned all users to varying primary groups. It
works OK but could be better. I am including an e-mail from the samba list that improves
on my login/out scripts. I have not had a chance to try the improvements yet. Good
luck.
Forwarded From: "Naccarato, Robert" <naccarar at bis.adp.com>
>
> > I use the following script in the root preexec field for the netlogon
> > share,called by tthis command:
> > perl /home/netlogon/logon_script %u %m %g
>
> According to smb.conf(1), %g only returns the primary group
> of the user (as you've noted below). If you want to retreive all the
> groups,
> you could forget about %g altogether and use perl's getgr routines
> and such to get all the groups that a user belongs to.
> This way, if a user belongs to, say, 2 groups, you could set
> up separate net use's, for example, that are appropriate for each group.
>
> If user A belongs to group 1 and user B belongs to group 2, you have
> different settings for each. What about user C who belongs to both
> groups 1 and 2 and needs both groups' settings?
>
> My take on it:
> You could set up an array of all the groups that a user belongs to
> like this:
>
> $username=$ARGV[0];
> setgrent();
> while (@grline=getgrent()) {
> (@users)=split(' ',$grline[3]);
> if (grep(/^$username$/, at users)) {
> push(@groups,$grline[0]);
> }
> }
> # Uncomment to debug
> #print "$username belongs to:n";
> #foreach $group (@groups) {
> # print "$groupn";
> #}
>
> So, @groups is a list that contains all the group names that the
> user belongs to. See changes to your code below.
>
> >
> > Then the logon script is set to :%u.bat
> >
> > It works great with the only problem being with users belonging to
> > multiple groups, this will only select the users primary group to
> > create a logon script.
> >
>
> See above.
>
> > I am also including my root postexec script for the netlogon share.
> >
> >
> > #!/usr/bin/perl
> > #
> > # log when a user "logs into the network"
> > # and generate a custom logon script
> > #
> > ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
> > localtime(time);
> > $month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul',
> > 'Sep', 'Oct', 'Nov', 'Dec')[$mon];
> > open LOG, ">>/var/log/samba/netlogon.log";
> > print LOG "$month $mday $hour:$min:$sect$ARGV[0] logged into
> > $ARGV[1]n";
> > close LOG;
>
> That is really a great idea. Wish I'd thought of it. But don't
> Samba's log files give you this info already?
>
> >
> > $command = "rm /home/netlogon/$ARGV[0].bat";
> > open (COMMAND, "|bash");
> > print COMMAND $command;
> > close (COMMAND);
>
> Instead of all that, just use:
> unlink("/home/netlogon/$ARGV[0].bat");
>
> (better check if that is syntactically correct, tho' ;) )
>
> > open LOGON, ">>/home/netlogon/$ARGV[0].bat";
> > print LOGON "@echo offrn";
> > print LOGON "set pml=h:\pmailrn";
> > print LOGON "set pmr=h:\pmailrn";
> > print LOGON "NET USE X: \\titan\$ARGV[0]rn";
> > print LOGON "NET USE H: \\titan\Hrn";
> > print LOGON "NET USE I: \\titan\Irn";
> > print LOGON "NET USE V: \\titan\Vrn";
> >
> [snip]
> >
> > if ($ARGV[2] eq 'imaging') {
> > print LOGON "NET USE S: \\roo\smartcdrn";
> > print LOGON "NET USE T: \\roo\image_volrn";
> > print LOGON "NET USE U: \\roo\sybasern";
> > }
>
> Ok, now instead of using if ($ARGV[2])..., use grep:
>
> if (grep(/^imaging$/, at groups)) {
> print LOGON "net use .......rn"
> ...
> }
>
> > print LOGON "NET TIME \\titan /SET /YESrn";
> >
> > close LOGON;
> >
> > --------------------------------------------------------------
> > ------------------------------------
> >
> >
> > #!/usr/bin/perl
> > #
> > # log when a user "logs out of the network"
> > # and delete their logon script
> > #
> > ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
> > localtime(time);
> > $month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul',
> > 'Sep', 'Oct', 'Nov', 'Dec')[$mon];
> > open LOG, ">>/var/log/samba/netlogon.log";
> > print LOG "$month $mday $hour:$min:$sect$ARGV[0] logged out.n";
> > close LOG;
> >
> > $command = "rm /home/netlogon/$ARGV[0].bat";
> > open (COMMAND, "|bash");
> > print COMMAND $command;
> > close (COMMAND);
>
> Again, unlink("$ARGV[0].bat");
>
>
> Just my $0.02...
>
--
Brian Ginter
Southern Air, Inc.
brian.ginter at southern-air.com
More information about the samba
mailing list