[Samba] ldap + samba + group membership problem

Paul Gienger pgienger at ae-solutions.com
Thu Jun 17 14:40:06 GMT 2004 


Xavier wrote:

>Selon Paul Gienger <pgienger at ae-solutions.com>:
>
>Good !
>
>thanks a lot Paul, it's a great solution.
>I'm now very interested onto your automatic directory profile-creation.
>It would be great to have your "login script" (anonymised) into the SAMBA source
>distribution (into examples dir), no ?
>  
>
I should note however, that there is a bug with my profile directory 
creation in that it brings up a very annoying error message on first 
login about not being able to find the profile directory, for some 
reason it either doesn't happen fast enough, or windows comes looking 
for the profile directory before the netlogon preexec happens.  I'd be 
more inclined to believe the latter.

Would anyone who knows the order of operations on logon care to comment 
on that?  It makes more sense (to me anyway) to hook the script up to 
the preexec of the netlogon share, but if the access to the profile 
directory comes first then maybe that is actually the right place to do it?

>Bye
>
>Xavier
>
>  
>
>>>I've some users members of differents groups and not only the "main" group.
>>>Like user "joe" First Group : "admin" and secondary groups : "software" +
>>>"development" + "docs"
>>>
>>> 
>>>
>>>      
>>>
>><snip
>>
>>
>>    
>>
>>><>My question now is :
>>>
>>>Has anyone had the same problem for groups membership into the login 
>>>script, and
>>>how to solve this, perhaps doing some ldap searching into the login 
>>>script ?
>>>      
>>>
>>We do this exact thing in our login scripts, in a bit of a different 
>>way.  What we do is have a perl script generate the login script on the 
>>fly for each user.<>  To set this up, we used the 'root preexec' option 
>>on the netlogon share:
>>
>>[netlogon]
>>        path = /opt/samba/share/netlogon
>>        browseable = No
>>        root preexec = /opt/samba/bin/prelogon.pl %U
>>
>>This calls the script with the username as a parameter.  Now in the 
>>script the first few lines do something like this:
>>
>>#!/usr/bin/perl
>>$user = $ARGV[0];
>>$groups = `/usr/bin/groups $user`;
>>chomp $groups;
>>open (LOGON,">/opt/samba/share/netlogon/$user.bat");
>>
>>This section of code gets the user from the command line and uses the 
>>system 'groups' command to get the groups the user is a member of.  It 
>>also opens the logon script file.  Later I do this:
>>
>>if ( $groups =~ m/itadmin/ )
>>{
>>        print LOGON "NET USE Q: \\\\fgoserv\\itadmin\r\n";
>>}
>>
>>You can do all sorts of other fun stuff in here, like auto-create the 
>>profile directories, etc. if you're so inclined.   We were using the 
>>ifmember program that comes with the windows server (I think) disks, but 
>>that caused problems with secondary group membership.
>>
>>
>>-- 
>>Paul Gienger                     Office:		701-281-1884
>>Applied Engineering Inc.         Cell:			701-306-6254
>>Information Systems Consultant   Fax:			701-281-1322
>>URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com
>>
>>
>>
>>    
>>
>
>
>  
>

-- 
Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list