[Samba] Mapping directories based on group membership

Paul Gienger pgienger at ae-solutions.com
Sat Mar 13 23:01:00 GMT 2004



Craig White wrote:

>On Fri, 2004-03-12 at 17:35, Scott Gross wrote:
>  
>
>> 
>>I'm using Samba 3.0.2 and LDAP backend.  I have users assigned to groups
>>based on their departments.  I also have a directory created for each
>>department.  What I want to do is map a drive letter to a user's department
>>directory. The groups are also secondary groups as the primary group for
>>every user is 'Domain Users'.  Does anyone know a way to accomplish this?
>>What I'm kind of looking for is a group home directory type situation?
>>    
>>
>-----
>did you check out the sample logon scripts that came with samba - also
>the one of interest is in the 'how-to'
><http://us1.samba.org/samba/docs/man/AdvancedNetworkManagement.html#id2958990>
>
>Craig
>  
>

We do this quite a bit using the pre-exec parameter and the UNIX groups 
command . What we do is like so.  In smb.conf:

[netlogon]
        path = /opt/samba/share/netlogon
        browseable = No
        root preexec = /opt/samba/bin/prelogon.pl %U

and then in the prelogon script, this is in there someplace:

$groups = `/usr/bin/groups $user`;
chomp $groups;

which gives us the info on what groups this user is part of.  On solaris 
the content of $groups looks like:
itserv itadmin isdevel office projects isadminbis Domain Admins
on RedHat 9 there's a slight variation like this:
pgienger : itserv itadmin isdevel office projects isadminbis Domain Admins

Leter you can test against the string like so:

if ( $groups =~ m/itadmin/ )
{
        print LOGON "NET USE Q: \\\\servername\\itadmin\r\n";
}

You'll have to be careful that if you have groups named like somegroup 
and notsomegroup where the first is a substring of the second, that you 
don't match the longer when you are looking for the shorter.  You can 
change the regex to fix that, but I'm lazy so I haven't in mine yet.  I 
used to use the ifmember script, but that only gives you the primary 
unix group.  It will give you all the NT groups, but only the primary 
unix one.

Paul


More information about the samba mailing list