[Samba] logon scripts by group
Paul Gienger
pgienger at ae-solutions.com
Wed Oct 6 15:44:40 GMT 2004
>I am having a hard time figuring out how to have logon scripts that only
>execute if the user is a member of a certain group.
>
>
We got around a problem like that here initially by using the ifmember
tool, however that only returned the primary group, at the time that was
under 2.2.x.
To get around THAT problem I started writing pre-exec scripts attached
to the netlogon share. What I do is define this as netlogon:
[netlogon]
path = /opt/samba/share/netlogon
browseable = No
root preexec = /local/scripts/prelogon.pl '%U'
Which then generates a script for the user with their name that has the
commands that they need to run according to this global line:
logon script = %U.bat
In the script I do something like this:
$groups = `/usr/bin/groups $user`;
open (LOGON,">/opt/samba/share/netlogon/$user.bat");
if ( $groups =~ m/itadmin/ )
{
print LOGON "NET USE Q: \\\\fgoserv\\itadmin\r\n";
}
That's perl in case you aren't fluent, but I imagine you could use any
scripting language and probably do fun stuff like direct ldap queries if
that's where you store your posix data, but this works well for us.
>things in postexec scripts? (things like "net use /d *")
>
>
I believe if you use the /persistant:no flag on your mounts then they
won't come back when you log back in, but I could be wrong. That won't
solve the problem of the users adding mapped drives that you don't
want. For that reason I delete the drives first elsewhere in the
script. The pre/post exec lines execute on the server, not the client,
so they need to be unix scripts/commands, not windows batch executables.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba
mailing list