[Samba] Group Login Scripts in Samba 2.2.3?

Richard Smart rsmart at netaccess.co.nz
Mon Mar 25 02:12:04 GMT 2002 

I used a slightly different approach to solve this problem using a 
single login script. The solution is in two parts

On the Linux/Samba side use a pre-exec script in the netlogon share 
to create a text file of the groups the user is in

i.e groups > /home/%u/grouplist.txt 

and a post-exec script in the netlogon share to delete this file on 
logout 

i.e rm -f /home/%u/grouplist.txt

On the windows side I created a small program in C that read the file 
(grouplist.txt) (accessable via the 'homes' share) and used an exit 
vale of 0 or 1 to confirm if a particular group was included in the 
list. I used this program from within the login script and the DOS 
ERRORLEVEL command to branch depending on wether the user was a 
member of the requested group. The command line parameters to the 
program where the group being checked, and the name of the text with 
the group listing in it.

The login script used lines like this (my prog was called member.exe)

Z:\member \\servername\homes\grouplist.txt staff
IF NOT ERRORLEVEL 1 goto (next part of login script)
do stuff here for members of staff group

I stored the member.exe prog in the netlogon share hence the Z: 
reference.

We use this approach on a school lan with about 150 users and no 
problems to date (after 15 months of use).

If this is of any use I can supply the executable and C source code 
on request.

Richard Smart


On 24 Mar 2002 at 21:16, K. Hawkes wrote:



> > It would be much easier to just set the variable in the login.bat file and
> > do what you need inside of the script.   You can't send command line
> > switches to the logon script from this directive.  You could use multiple
> > logon scripts like '%U.bat'.  This would mean that each user had there own
> > script.  You could then make this script call another script like
> 'login.bat
> > %username%' or something.  But, by far the easiest method is to use a
> single
> > script that will handle multiple users and groups.
> >
> > --
> > Brian
> 
> Brian,
> 
> It would be easier yes, but on the Windows' side of things, it does not have
> access to /etc/passwd or /etc/group,
> so how can I use the single login script to determine what group a user is
> in?  That's why I wrote the C program for, which will
> search for the given username etc...  Windows doesn't have this, I can port
> it to Win32 but I'd rather not as I'd then need to
> copy the /etc/group and /etc/passwd files.  Each user having their own
> script is a problem, we have 1500+ users and we don't have
> time to setup 1500+ login scripts, we thought it would be easy to implement
> group-based logins.
> 
> Seems that's not the case and never was, anyone out there with any other
> suggestions as to enable the use of group logins?
> 
> Thanks
> 
> Kris
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list