[Samba] ldap + samba + group membership problem
Paul Gienger
pgienger at ae-solutions.com
Thu Jun 17 14:40:06 GMT 2004
Xavier wrote:
>Selon Paul Gienger <pgienger at ae-solutions.com>:
>
>Good !
>
>thanks a lot Paul, it's a great solution.
>I'm now very interested onto your automatic directory profile-creation.
>It would be great to have your "login script" (anonymised) into the SAMBA source
>distribution (into examples dir), no ?
>
>
I should note however, that there is a bug with my profile directory
creation in that it brings up a very annoying error message on first
login about not being able to find the profile directory, for some
reason it either doesn't happen fast enough, or windows comes looking
for the profile directory before the netlogon preexec happens. I'd be
more inclined to believe the latter.
Would anyone who knows the order of operations on logon care to comment
on that? It makes more sense (to me anyway) to hook the script up to
the preexec of the netlogon share, but if the access to the profile
directory comes first then maybe that is actually the right place to do it?
>Bye
>
>Xavier
>
>
>
>>>I've some users members of differents groups and not only the "main" group.
>>>Like user "joe" First Group : "admin" and secondary groups : "software" +
>>>"development" + "docs"
>>>
>>>
>>>
>>>
>>>
>><snip
>>
>>
>>
>>
>>><>My question now is :
>>>
>>>Has anyone had the same problem for groups membership into the login
>>>script, and
>>>how to solve this, perhaps doing some ldap searching into the login
>>>script ?
>>>
>>>
>>We do this exact thing in our login scripts, in a bit of a different
>>way. What we do is have a perl script generate the login script on the
>>fly for each user.<> To set this up, we used the 'root preexec' option
>>on the netlogon share:
>>
>>[netlogon]
>> path = /opt/samba/share/netlogon
>> browseable = No
>> root preexec = /opt/samba/bin/prelogon.pl %U
>>
>>This calls the script with the username as a parameter. Now in the
>>script the first few lines do something like this:
>>
>>#!/usr/bin/perl
>>$user = $ARGV[0];
>>$groups = `/usr/bin/groups $user`;
>>chomp $groups;
>>open (LOGON,">/opt/samba/share/netlogon/$user.bat");
>>
>>This section of code gets the user from the command line and uses the
>>system 'groups' command to get the groups the user is a member of. It
>>also opens the logon script file. Later I do this:
>>
>>if ( $groups =~ m/itadmin/ )
>>{
>> print LOGON "NET USE Q: \\\\fgoserv\\itadmin\r\n";
>>}
>>
>>You can do all sorts of other fun stuff in here, like auto-create the
>>profile directories, etc. if you're so inclined. We were using the
>>ifmember program that comes with the windows server (I think) disks, but
>>that caused problems with secondary group membership.
>>
>>
>>--
>>Paul Gienger Office: 701-281-1884
>>Applied Engineering Inc. Cell: 701-306-6254
>>Information Systems Consultant Fax: 701-281-1322
>>URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
>>
>>
>>
>>
>>
>
>
>
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list