[Samba] Mapping directories based on group membership

Paul Gienger pgienger at ae-solutions.com
Sat Mar 13 23:01:00 GMT 2004

Craig White wrote:

>On Fri, 2004-03-12 at 17:35, Scott Gross wrote:
>>I'm using Samba 3.0.2 and LDAP backend.  I have users assigned to groups
>>based on their departments.  I also have a directory created for each
>>department.  What I want to do is map a drive letter to a user's department
>>directory. The groups are also secondary groups as the primary group for
>>every user is 'Domain Users'.  Does anyone know a way to accomplish this?
>>What I'm kind of looking for is a group home directory type situation?
>did you check out the sample logon scripts that came with samba - also
>the one of interest is in the 'how-to'

We do this quite a bit using the pre-exec parameter and the UNIX groups 
command . What we do is like so.  In smb.conf:

        path = /opt/samba/share/netlogon
        browseable = No
        root preexec = /opt/samba/bin/prelogon.pl %U

and then in the prelogon script, this is in there someplace:

$groups = `/usr/bin/groups $user`;
chomp $groups;

which gives us the info on what groups this user is part of.  On solaris 
the content of $groups looks like:
itserv itadmin isdevel office projects isadminbis Domain Admins
on RedHat 9 there's a slight variation like this:
pgienger : itserv itadmin isdevel office projects isadminbis Domain Admins

Leter you can test against the string like so:

if ( $groups =~ m/itadmin/ )
        print LOGON "NET USE Q: \\\\servername\\itadmin\r\n";

You'll have to be careful that if you have groups named like somegroup 
and notsomegroup where the first is a substring of the second, that you 
don't match the longer when you are looking for the shorter.  You can 
change the regex to fix that, but I'm lazy so I haven't in mine yet.  I 
used to use the ifmember script, but that only gives you the primary 
unix group.  It will give you all the NT groups, but only the primary 
unix one.


