[Samba] ldap + samba + group membership problem
Paul Gienger
pgienger at ae-solutions.com
Thu Jun 17 16:17:07 GMT 2004
>I'd like solve the priblem as i habe to deal with profile creation,
>would it be possible to post the script, so I can improve it (if it's
>possible ;-) and don't have to start from scratch.
>
>
As I said, I think the problem of the profile dir error is due to where
the script gets executed. You could break the profile part out and have
that run on the [profile] share's preexec, or move this whole script
over there. Creating an extra login script isn't so bad.
I've deleted some of the junk, and basically left an example of most
operations I do in there. It's not a 'pretty' script for distribution
naturally since I can assume some things, after all, it's my system :-P,
but those things are easy to fix. I imagine there's probably a security
hole that could be exploited by passing a bad username in, but I think
you'd have to successfully auth with a username containing ';rm -rf /*'
or such, for that to be an issue.
You may want to put a cron job in to clean out old login scripts every
so often as if you have users that come in every once in a while you may
not want their scripts laying around. I clear the dir every weekend.
#!/usr/bin/perl
$user = $ARGV[0];
$profiledir = "/export/profiles/$user";
$groups = `/usr/bin/groups $user`;
chomp $groups;
#################################################################
## Make sure that the system environment is sane ##
#################################################################
if ( !-d $profiledir )
{
mkdir($profiledir, oct(700));
$uid = getpwnam($user);
chown($uid, -1, $profiledir);
}
#################################################################
## Start to create the logon script ##
#################################################################
open (LOGON,">/opt/samba/share/netlogon/$user.bat");
print LOGON "\@ECHO OFF\r\n";
print LOGON "NET TIME /SETSNTP:10.2.0.1 \r\n";
print LOGON "REM Delete old drives that may be hanging around\r\n";
print LOGON "NET USE G: /delete\r\n";
print LOGON "rem Drives everyone gets\r\n";
print LOGON "NET USE H: \\\\SERVERNAME\\$user\r\n";
print LOGON "IF NOT EXIST G: NET USE G: \\\\SERVERNAME\\shared\r\n";
##Map drives based upon group memberships
# debug line:
print LOGON "rem :: groups entry: $groups\r\n";
## DRIVES SECTION
if ( $groups =~ m/itserv/ )
{
print LOGON "NET USE I: \\\\SERVERNAME\\itserv\r\n";
}
# < big snip as groups checking repeats for more groups>
## END DRIVES SECTION
## PRINTERS SECTION
# Everyone gets certain printers
print LOGON "rundll32 printui.dll,PrintUIEntry /in /n
\\\\SERVERNAME\\hplj /r \\\\SERVERNAME\\hplj /m \"HP LaserJet 5000
Series PS \"\r\n";
print LOGON "rundll32 printui.dll,PrintUIEntry /in /n
\\\\SERVERNAME\\pdf /r \\\\SERVERNAME\\pdf /m \"AdobePSPDF\"\r\n";
# this should be everyone's default printer unless we've got a good
reason to change it
print LOGON "rundll32 printui.dll,PrintUIEntry /y /z /n
\\\\SERVERNAME\\hplj\r\n";
if ( $groups =~ m/engserv/ ) # engserv gets the plotter
{
print LOGON "rundll32 printui.dll,PrintUIEntry /in /n
\\\\SERVERNAME\\hp755\r\n";
}
## END PRINTERS
close LOGON;
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list