[Samba] ldap + samba + group membership problem
Paul Gienger
pgienger at ae-solutions.com
Thu Jun 17 14:00:50 GMT 2004
>I've some users members of differents groups and not only the "main" group.
>Like user "joe" First Group : "admin" and secondary groups : "software" +
>"development" + "docs"
>
>
>
<snip
> <>My question now is :
>
> Has anyone had the same problem for groups membership into the login
> script, and
> how to solve this, perhaps doing some ldap searching into the login
> script ?
We do this exact thing in our login scripts, in a bit of a different
way. What we do is have a perl script generate the login script on the
fly for each user.<> To set this up, we used the 'root preexec' option
on the netlogon share:
[netlogon]
path = /opt/samba/share/netlogon
browseable = No
root preexec = /opt/samba/bin/prelogon.pl %U
This calls the script with the username as a parameter. Now in the
script the first few lines do something like this:
#!/usr/bin/perl
$user = $ARGV[0];
$groups = `/usr/bin/groups $user`;
chomp $groups;
open (LOGON,">/opt/samba/share/netlogon/$user.bat");
This section of code gets the user from the command line and uses the
system 'groups' command to get the groups the user is a member of. It
also opens the logon script file. Later I do this:
if ( $groups =~ m/itadmin/ )
{
print LOGON "NET USE Q: \\\\fgoserv\\itadmin\r\n";
}
You can do all sorts of other fun stuff in here, like auto-create the
profile directories, etc. if you're so inclined. We were using the
ifmember program that comes with the windows server (I think) disks, but
that caused problems with secondary group membership.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list