[Samba] ldap + samba + group membership problem

Paul Gienger pgienger at ae-solutions.com
Thu Jun 17 14:00:50 GMT 2004

>I've some users members of differents groups and not only the "main" group.
>Like user "joe" First Group : "admin" and secondary groups : "software" +
>"development" + "docs"

> <>My question now is :
> Has anyone had the same problem for groups membership into the login 
> script, and
> how to solve this, perhaps doing some ldap searching into the login 
> script ?

We do this exact thing in our login scripts, in a bit of a different 
way.  What we do is have a perl script generate the login script on the 
fly for each user.<>  To set this up, we used the 'root preexec' option 
on the netlogon share:

        path = /opt/samba/share/netlogon
        browseable = No
        root preexec = /opt/samba/bin/prelogon.pl %U

This calls the script with the username as a parameter.  Now in the 
script the first few lines do something like this:

$user = $ARGV[0];
$groups = `/usr/bin/groups $user`;
chomp $groups;
open (LOGON,">/opt/samba/share/netlogon/$user.bat");

This section of code gets the user from the command line and uses the 
system 'groups' command to get the groups the user is a member of.  It 
also opens the logon script file.  Later I do this:

if ( $groups =~ m/itadmin/ )
        print LOGON "NET USE Q: \\\\fgoserv\\itadmin\r\n";

You can do all sorts of other fun stuff in here, like auto-create the 
profile directories, etc. if you're so inclined.   We were using the 
ifmember program that comes with the windows server (I think) disks, but 
that caused problems with secondary group membership.

Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list