[Samba] ldap + samba + group membership problem

Xavier x.poirier at free.fr
Thu Jun 17 14:14:34 GMT 2004 

Selon Paul Gienger <pgienger at ae-solutions.com>:

Good !

thanks a lot Paul, it's a great solution.
I'm now very interested onto your automatic directory profile-creation.
It would be great to have your "login script" (anonymised) into the SAMBA source
distribution (into examples dir), no ?

Bye

Xavier

> 
> >I've some users members of differents groups and not only the "main" group.
> >Like user "joe" First Group : "admin" and secondary groups : "software" +
> >"development" + "docs"
> >
> >  
> >
> <snip
> 
> 
> > <>My question now is :
> >
> > Has anyone had the same problem for groups membership into the login 
> > script, and
> > how to solve this, perhaps doing some ldap searching into the login 
> > script ?
> 
> We do this exact thing in our login scripts, in a bit of a different 
> way.  What we do is have a perl script generate the login script on the 
> fly for each user.<>  To set this up, we used the 'root preexec' option 
> on the netlogon share:
> 
> [netlogon]
>         path = /opt/samba/share/netlogon
>         browseable = No
>         root preexec = /opt/samba/bin/prelogon.pl %U
> 
> This calls the script with the username as a parameter.  Now in the 
> script the first few lines do something like this:
> 
> #!/usr/bin/perl
> $user = $ARGV[0];
> $groups = `/usr/bin/groups $user`;
> chomp $groups;
> open (LOGON,">/opt/samba/share/netlogon/$user.bat");
> 
> This section of code gets the user from the command line and uses the 
> system 'groups' command to get the groups the user is a member of.  It 
> also opens the logon script file.  Later I do this:
> 
> if ( $groups =~ m/itadmin/ )
> {
>         print LOGON "NET USE Q: \\\\fgoserv\\itadmin\r\n";
> }
> 
> You can do all sorts of other fun stuff in here, like auto-create the 
> profile directories, etc. if you're so inclined.   We were using the 
> ifmember program that comes with the windows server (I think) disks, but 
> that caused problems with secondary group membership.
> 
> 
> -- 
> Paul Gienger                     Office:		701-281-1884
> Applied Engineering Inc.         Cell:			701-306-6254
> Information Systems Consultant   Fax:			701-281-1322
> URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com
> 
> 
> 


-- 
Xavier
mailto: x.poirier at free.fr

More information about the samba mailing list