[Samba] Group Login Scripts in Samba 2.2.3?

K. Hawkes k.hawkes at zombies.force9.net
Thu Mar 28 13:07:04 GMT 2002


There is another way to do this, which I discovered today, however I'm still
in the process of testing it.

It's my aforementioned C program with some modification, it will create a
dynamic-on-the-fly login script which you can
then use to call group logins from,  When the program detects a user is in a
group, it adds a few lines to the %U.bat login script to
call out to the group login scripts for that group (if they exist).  The
same thing can be accomplished with the Perl scripts which are on the URL I
was given (I will take a look for it later).  However the perl scripts only
work if the user is listed in the group in /etc/group, it fails if the user
is only in 1 group.  E.g.

User testuser is in group 'users' as initial group (gid 100)... in
/etc/group you won't find 'testuser' under that group unless
you add them to that group as secondary (not initial) group.  It's not too
clear I know and don't quote me but I've done some messing with Webmin and
the /etc/group file to find this out.

I couldn't send the C source or binary to where I work so was unable to test
that out and I don't have a LAN here at home.
But rest assured I will test it out as well as developing my own answer to
this problem.

Cheers,

Kris

----- Original Message -----
From: "Barry Smoke" <barry at arhosting.com>
To: <rsmart at netaccess.co.nz>; "'K. Hawkes'" <k.hawkes at zombies.force9.net>
Cc: <samba at lists.samba.org>
Sent: Wednesday, March 27, 2002 12:02 AM
Subject: RE: [Samba] Group Login Scripts in Samba 2.2.3?


> Yes, yes.....this is exactly what I'm talking about...
> Cool!!!
>
> Can I have the source, and binary....
> Thanks,
> Barry Smoke
> District Network Administrator
> Bryant Public Schools
> Bryant, AR
>
> -----Original Message-----
> From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
> On Behalf Of Richard Smart
> Sent: Monday, February 25, 2002 3:10 AM
> To: K. Hawkes
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Group Login Scripts in Samba 2.2.3?
>
> I used a slightly different approach to solve this problem using a
> single login script. The solution is in two parts
>
> On the Linux/Samba side use a pre-exec script in the netlogon share
> to create a text file of the groups the user is in
>
> i.e groups > /home/%u/grouplist.txt
>
> and a post-exec script in the netlogon share to delete this file on
> logout
>
> i.e rm -f /home/%u/grouplist.txt
>
> On the windows side I created a small program in C that read the file
> (grouplist.txt) (accessable via the 'homes' share) and used an exit
> vale of 0 or 1 to confirm if a particular group was included in the
> list. I used this program from within the login script and the DOS
> ERRORLEVEL command to branch depending on wether the user was a
> member of the requested group. The command line parameters to the
> program where the group being checked, and the name of the text with
> the group listing in it.
>
> The login script used lines like this (my prog was called member.exe)
>
> Z:\member \\servername\homes\grouplist.txt staff
> IF NOT ERRORLEVEL 1 goto (next part of login script)
> do stuff here for members of staff group
>
> I stored the member.exe prog in the netlogon share hence the Z:
> reference.
>
> We use this approach on a school lan with about 150 users and no
> problems to date (after 15 months of use).
>
> If this is of any use I can supply the executable and C source code
> on request.
>
> Richard Smart
>
>
> On 24 Mar 2002 at 21:16, K. Hawkes wrote:
>
>
>
> > > It would be much easier to just set the variable in the login.bat
> file and
> > > do what you need inside of the script.   You can't send command line
> > > switches to the logon script from this directive.  You could use
> multiple
> > > logon scripts like '%U.bat'.  This would mean that each user had
> there own
> > > script.  You could then make this script call another script like
> > 'login.bat
> > > %username%' or something.  But, by far the easiest method is to use
> a
> > single
> > > script that will handle multiple users and groups.
> > >
> > > --
> > > Brian
> >
> > Brian,
> >
> > It would be easier yes, but on the Windows' side of things, it does
> not have
> > access to /etc/passwd or /etc/group,
> > so how can I use the single login script to determine what group a
> user is
> > in?  That's why I wrote the C program for, which will
> > search for the given username etc...  Windows doesn't have this, I can
> port
> > it to Win32 but I'd rather not as I'd then need to
> > copy the /etc/group and /etc/passwd files.  Each user having their own
> > script is a problem, we have 1500+ users and we don't have
> > time to setup 1500+ login scripts, we thought it would be easy to
> implement
> > group-based logins.
> >
> > Seems that's not the case and never was, anyone out there with any
> other
> > suggestions as to enable the use of group logins?
> >
> > Thanks
> >
> > Kris
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>


---
Outgoing mail is certified Virus Free by AVG 6.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.338 / Virus Database: 189 - Release Date: 14/03/2002





More information about the samba mailing list