[Samba] group based login scripts other thatn primary(wasifmember.exe)
Brian Ginter
brian.ginter at southern-air.com
Wed Mar 27 05:22:05 GMT 2002
I am attaching the perl script I use to dynamically create a login script for each user.
This script will set drive mappings based on the *nix group(s) the user is a member of.
These are the settings from smb.conf:
logon script = %u.bat
[netlogon]
comment = Network Logon Service
path = /shares/netlogon
root preexec = perl /shares/netlogon/logon_script %u %m %a
----- Begin logon_script -----
#!/usr/bin/perl
#
# log when a user "logs into the network"
# and generate a custom logon script
#
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
$month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec')[$mon];
open LOG, ">>/var/log/samba/netlogon.log";
print LOG "$month $mday $hour:$min:$sec\t$ARGV[0] logged into $ARGV[1]\n";
close LOG;
$username=$ARGV[0];
unlink("/shares/netlogon/$username.bat");
setgrent();
while (@grline=getgrent()) {
(@users)=split(' ',$grline[3]);
if (grep(/^$username$/, at users)) {
push(@groups,$grline[0]);
}
}
#----Uncomment to debug----
#print "$username belongs to:\n";
#foreach $group (@groups) {
# print "$group\n";
#}
open LOGON, ">>/shares/netlogon/$ARGV[0].bat";
print LOGON "\@echo off\r\n";
if (grep(/^electrical$/, at groups)) {
print LOGON "NET USE G: \\\\titan\\G\r\n";
}
print LOGON "NET USE H: \\\\titan\\H\r\n";
print LOGON "NET USE I: \\\\titan\\I\r\n";
if (grep(/^engineering$/, at groups)) {
print LOGON "NET USE J: \\\\titan\\J\r\n";
}
if (grep(/^imaging$/, at groups)) {
print LOGON "NET USE S: \\\\roo\\smartcd\r\n";
}
print LOGON "NET TIME \\\\titan /SET /YES\r\n";
close LOGON;
----- End logon_script -----
Hope this helps
Barry Smoke <barry at arhosting.com> said:
>
> This below is from another thread, but sounds like it is exactly what I
> was looking for....
> My question is, couldn't the linux groups file be used , or smbgroups be
> implemented into samba, where we have some native support for this....
>
> I think simplifying this is really needed for SAMBA.
>
>
>
>
> -----Original Message-----
> From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
> On Behalf Of Richard Smart
> Sent: Monday, February 25, 2002 3:10 AM
> To: K. Hawkes
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Group Login Scripts in Samba 2.2.3?
>
> I used a slightly different approach to solve this problem using a
> single login script. The solution is in two parts
>
> On the Linux/Samba side use a pre-exec script in the netlogon share
> to create a text file of the groups the user is in
>
> i.e groups > /home/%u/grouplist.txt
>
> and a post-exec script in the netlogon share to delete this file on
> logout
>
> i.e rm -f /home/%u/grouplist.txt
>
> On the windows side I created a small program in C that read the file
> (grouplist.txt) (accessable via the 'homes' share) and used an exit
> vale of 0 or 1 to confirm if a particular group was included in the
> list. I used this program from within the login script and the DOS
> ERRORLEVEL command to branch depending on wether the user was a
> member of the requested group. The command line parameters to the
> program where the group being checked, and the name of the text with
> the group listing in it.
>
> The login script used lines like this (my prog was called member.exe)
>
> Z:\member \\servername\homes\grouplist.txt staff
> IF NOT ERRORLEVEL 1 goto (next part of login script)
> do stuff here for members of staff group
>
> I stored the member.exe prog in the netlogon share hence the Z:
> reference.
>
> We use this approach on a school lan with about 150 users and no
> problems to date (after 15 months of use).
>
> If this is of any use I can supply the executable and C source code
> on request.
>
> Richard Smart
>
>
> On 24 Mar 2002 at 21:16, K. Hawkes wrote:
>
>
>
> > > It would be much easier to just set the variable in the login.bat
> file and
> > > do what you need inside of the script. You can't send command line
> > > switches to the logon script from this directive. You could use
> multiple
> > > logon scripts like '%U.bat'. This would mean that each user had
> there own
> > > script. You could then make this script call another script like
> > 'login.bat
> > > %username%' or something. But, by far the easiest method is to use
> a
> > single
> > > script that will handle multiple users and groups.
> > >
> > > --
> > > Brian
> >
> > Brian,
> >
> > It would be easier yes, but on the Windows' side of things, it does
> not have
> > access to /etc/passwd or /etc/group,
> > so how can I use the single login script to determine what group a
> user is
> > in? That's why I wrote the C program for, which will
> > search for the given username etc... Windows doesn't have this, I can
> port
> > it to Win32 but I'd rather not as I'd then need to
> > copy the /etc/group and /etc/passwd files. Each user having their own
> > script is a problem, we have 1500+ users and we don't have
> > time to setup 1500+ login scripts, we thought it would be easy to
> implement
> > group-based logins.
> >
> > Seems that's not the case and never was, anyone out there with any
> other
> > suggestions as to enable the use of group logins?
> >
> > Thanks
> >
> > Kris
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
> -----Original Message-----
> From: Brian Whitehead [mailto:bwhitehd at earthlink.net]
> Sent: Monday, March 25, 2002 6:45 AM
> To: Barry Smoke
> Subject: Re: [Samba] group based login scripts other thatn
> primary(wasifmember.exe)
>
> I have been using ifmember.exe for several years. It works great for
> NT/2k
> clients, but will not work with 9x clients. Major drawback. A perl or
> kixtart script would work much better in handling this if you need to
> support Win9x clients.
>
> --
> Brian
>
> ----- Original Message -----
> From: "Barry Smoke" <barry at arhosting.com>
> To: "John Benedetto" <jbenedet at unm.edu>
> Cc: <samba at lists.samba.org>
> Sent: Thursday, March 21, 2002 4:36 PM
> Subject: Re: [Samba] group based login scripts other thatn
> primary(wasifmember.exe)
>
>
> > Thanks everyone for the responses, but this seems like a very
> > complicated solution, where samba could simply answer a ifmember.exe
> > with every unix group that user belongs to...
> >
> > has anyone poked around with ifmember.exe from the nt resource kits?
> >
> > could another DOS program be written to ask samba about what groups a
> > user belongs to?
> >
> > We have customized our smb.conf files, and login scripts to a point to
> > where I really would rather stay away from dynamically generated ones.
> >
> >
> >
> > On Thu, 2002-03-21 at 11:38, John Benedetto wrote:
> > > --On Thursday, March 21, 2002 9:18 AM -0600 Barry Smoke
> > > <barry at arhosting.com> wrote:
> > >
> > > > This is one of the only drawbacks I've found so far, is that you
> can't
> > > > do log-in scripts based on a person's membership to group other
> than
> > > > their primary group.
> > > >
> > > > Or did I miss something?
> > >
> > > Yes.
> > >
> > > There are a number of resources detailing how to do this... here is
> one
> > > online: http://www.phonax.com/fileservers/index.shtml and Richard
> Sharpe's
> > > Que Special Edition Using Samba book also has details.
> > >
> > > In a nutshell: do a root pre-exec to execute a script - be it Perl,
> or
> > > shell, or whatever your preference. That script dynamically builds
> a
> logon
> > > script, on the fly, for the user. One of the things you can do is
> have
> the
> > > script walk through the /etc/group file, and pull 'secondary'
> memberships,
> > > for logging in. That batch file is then sent down to the client
> during
> > > logon, and executed on the client side.
> > >
> > > - john
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
--
Brian Ginter
Southern Air, Inc.
More information about the samba
mailing list