[Samba] group based login scripts other thatn primary(wasifmember.exe)

Barry Smoke barry at arhosting.com
Tue Mar 26 16:51:07 GMT 2002


This below is from another thread, but sounds like it is exactly what I
was looking for....
My question is, couldn't the linux groups file be used , or smbgroups be
implemented into samba, where we have some native support for this....

I think simplifying this is really needed for SAMBA.




-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
On Behalf Of Richard Smart
Sent: Monday, February 25, 2002 3:10 AM
To: K. Hawkes
Cc: samba at lists.samba.org
Subject: Re: [Samba] Group Login Scripts in Samba 2.2.3?

I used a slightly different approach to solve this problem using a 
single login script. The solution is in two parts

On the Linux/Samba side use a pre-exec script in the netlogon share 
to create a text file of the groups the user is in

i.e groups > /home/%u/grouplist.txt 

and a post-exec script in the netlogon share to delete this file on 
logout 

i.e rm -f /home/%u/grouplist.txt

On the windows side I created a small program in C that read the file 
(grouplist.txt) (accessable via the 'homes' share) and used an exit 
vale of 0 or 1 to confirm if a particular group was included in the 
list. I used this program from within the login script and the DOS 
ERRORLEVEL command to branch depending on wether the user was a 
member of the requested group. The command line parameters to the 
program where the group being checked, and the name of the text with 
the group listing in it.

The login script used lines like this (my prog was called member.exe)

Z:\member \\servername\homes\grouplist.txt staff
IF NOT ERRORLEVEL 1 goto (next part of login script)
do stuff here for members of staff group

I stored the member.exe prog in the netlogon share hence the Z: 
reference.

We use this approach on a school lan with about 150 users and no 
problems to date (after 15 months of use).

If this is of any use I can supply the executable and C source code 
on request.

Richard Smart


On 24 Mar 2002 at 21:16, K. Hawkes wrote:



> > It would be much easier to just set the variable in the login.bat
file and
> > do what you need inside of the script.   You can't send command line
> > switches to the logon script from this directive.  You could use
multiple
> > logon scripts like '%U.bat'.  This would mean that each user had
there own
> > script.  You could then make this script call another script like
> 'login.bat
> > %username%' or something.  But, by far the easiest method is to use
a
> single
> > script that will handle multiple users and groups.
> >
> > --
> > Brian
> 
> Brian,
> 
> It would be easier yes, but on the Windows' side of things, it does
not have
> access to /etc/passwd or /etc/group,
> so how can I use the single login script to determine what group a
user is
> in?  That's why I wrote the C program for, which will
> search for the given username etc...  Windows doesn't have this, I can
port
> it to Win32 but I'd rather not as I'd then need to
> copy the /etc/group and /etc/passwd files.  Each user having their own
> script is a problem, we have 1500+ users and we don't have
> time to setup 1500+ login scripts, we thought it would be easy to
implement
> group-based logins.
> 
> Seems that's not the case and never was, anyone out there with any
other
> suggestions as to enable the use of group logins?
> 
> Thanks
> 
> Kris
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-----Original Message-----
From: Brian Whitehead [mailto:bwhitehd at earthlink.net] 
Sent: Monday, March 25, 2002 6:45 AM
To: Barry Smoke
Subject: Re: [Samba] group based login scripts other thatn
primary(wasifmember.exe)

I have been using ifmember.exe for several years.  It works great for
NT/2k
clients, but will not work with 9x clients.  Major drawback.  A perl or
kixtart script would work much better in handling this if you need to
support Win9x clients.

--
Brian

----- Original Message -----
From: "Barry Smoke" <barry at arhosting.com>
To: "John Benedetto" <jbenedet at unm.edu>
Cc: <samba at lists.samba.org>
Sent: Thursday, March 21, 2002 4:36 PM
Subject: Re: [Samba] group based login scripts other thatn
primary(wasifmember.exe)


> Thanks everyone for the responses, but this seems like a very
> complicated solution, where samba could simply answer a ifmember.exe
> with every unix group that user belongs to...
>
> has anyone poked around with ifmember.exe from the nt resource kits?
>
> could another DOS program be written to ask samba about what groups a
> user belongs to?
>
> We have customized our smb.conf files, and login scripts to a point to
> where I really would rather stay away from dynamically generated ones.
>
>
>
> On Thu, 2002-03-21 at 11:38, John Benedetto wrote:
> > --On Thursday, March 21, 2002 9:18 AM -0600 Barry Smoke
> > <barry at arhosting.com> wrote:
> >
> > > This is one of the only drawbacks I've found so far, is that you
can't
> > > do log-in scripts based on a person's membership to group other
than
> > > their primary group.
> > >
> > > Or did I miss something?
> >
> > Yes.
> >
> > There are a number of resources detailing how to do this... here is
one
> > online: http://www.phonax.com/fileservers/index.shtml and Richard
Sharpe's
> > Que Special Edition Using Samba book also has details.
> >
> > In a nutshell:  do a root pre-exec to execute a script - be it Perl,
or
> > shell, or whatever your preference.  That script dynamically builds
a
logon
> > script, on the fly, for the user.  One of the things you can do is
have
the
> > script walk through the /etc/group file, and pull 'secondary'
memberships,
> > for logging in.  That batch file is then sent down to the client
during
> > logon, and executed on the client side.
> >
> > - john
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>







More information about the samba mailing list