[Samba] Upgrade Novell 4.11 to Samba 3.0.7 wisdom needed
kent
kent at mail.wareham.mec.edu
Wed Sep 22 09:04:25 GMT 2004
Hello,
I ran into this problem in the past but have since resolved group issues.
First of all I am currently using:
RedHat 8.0
OpenLDAP 2.1.30
Berkeley DB 4.2.52 LDAP backend
Samba 3.0.0
(1) PDC (5) BDC many, (1) master OpenLDAP (6) slave OpenLDAP
These reside in different buildings around town.
All groups and users exist in the LDAP directory, there are only a few local
user accounts. I used authconfig to move authentication to LDAP where each
server has a copy of the directory. You should also add a line to system-auth:
account sufficient /lib/security/pam_localuser.so
This allows logon to a local account in the event LDAP is down.
In smb.conf in the netlogon share I have:
[netlogon]
comment = Netlogon share
root preexec = /usr/local/samba/netlogon/prelogon.pl %U
path = /usr/local/samba/netlogon
locking = no
browseable = no
read only = yes
hide files = /*.dll/*.rap/*.kix/*.bat/*.pl/
The prelogon.pl creates individual batch files for the user based on group
membership. Here is some of prelogon.pl:
#!/usr/bin/perl
$user = $ARGV[0];
$groups = `/usr/bin/groups $user`;
chomp $groups;
open (LOGON,">/usr/local/samba/netlogon/$user.bat");
#
# Cafeteria maps
#
if ($groups =~ m/whs-cafe/ ) {
print LOGON "net use q: \\\\whs1\\cafeteria /yes\r\n";
}
f ($groups =~ m/whsstaff/ ) {
print LOGON "net use s: \\\\whs1\\staff /yes\r\n";
print LOGON "net use p: \\\\whs1\\common /yes\r\n";
}
close (LOGON);
The first part of the logon process calls either an assigned script that is in
LDAP or the default that is in smb.conf. Here is the default whs1.bat:
net time \\whs1 /set /y
rem \\whs1\pca\PCAnalyser.exe /ignore all
NNN0XXXXXX1PNN535495%apppath%\netdiscover\%computername%.pca
net use H: /HOME /yes
net use x: \\whs1\netlogon
net use p: \\whs1\programs
x:
x:\wkix32.exe whs1.kix
This calls a kixtart script processor script whs1.kix that does stuff based on
OS:
CLS
x:
CD \
If @PRODUCTTYPE = "Windows 95"
Shell "w9x.bat"
Shell "@USERID.bat"
EndIf
If @PRODUCTTYPE = "Windows 98"
Shell "w9x.bat"
Shell "@USERID.bat"
EndIf
If @PRODUCTTYPE = "Windows 2000 Professional"
Shell "@USERID.bat"
Shell "\\whs1\netlogon\runasp.exe whs1xp.rap"
EndIf
If @PRODUCTTYPE = "Windows XP Home Edition"
Shell "@USERID.bat"
Shell "\\whs1\netlogon\runasp.exe whs1xp.rap"
EndIf
If @PRODUCTTYPE = "Windows XP Professional"
Shell "@USERID.bat"
Shell "\\whs1\netlogon\runasp.exe whs1xp.rap"
EndIf
EXIT
The USERID.bat was the batch file created by prelogon.pl. The additional batch
file and runasp.exe are used to update virus definitions.
Since everything is located in the netlogon directory I sync these at night
with rsync. If a person from one building logons into the system in another
building they get the correct drive mappings based on group membership. Their
logon script exists in LDAP and group membership used by prelogon.pl comes
from LDAP which is common to all servers.
Hope this helps.
Kent N
iwrTech at iwr.ru.ac.za wrote:
> On 21 Sep 2004 , Misty Stanley-Jones entreated about
> "[Samba] Upgrade Novell 4.11 to Samba 3.0.7 wisdom":
>
> } Has anybody done such a thing as this? I'm looking to make this
> } transition as smooth as possible. I have the new fileserver up and
>
> I'm busy replacing a Netware 3.12 box.... with FreeBSD 5.2.1 and
> Samba 3.0.7
>
> } running, and I'm using rsync to keep the Novell data current on the
>
> 3.12 won't do fancy stuff like that, and when I tried to use
> mount_nwfs I rather successfully locked up the BSD box completely.
> through several tries with different configs. so I'll be
> transferring data via a PC with mappings to both systems...
>
> } Samba server. Any words of advice on transferring the users and groups
> } and permissions over to the new server in the least painful way
> } possible? I have some idea that Novell uses LDAP so that I should be
>
> My system needs a makeover so I'm not transferring so much as re-
> engineering, so can't help you much. I'm creating new groups to
> mirror some of the existing Novell groups, dropping some, and adding
> others. My big hurdle at the moment is figuring a way round the
> sheer versatility I had on the Novell box....
> ie, have a volume named 'graf'
> a folder on that is assigned to software pacakge X users
> another folder is assigned to software package Y users
> drive mappings to the relevant folder are done via group membership.
>
> and I can't think of a way to do that with Samba in a way that allos
> X users to see only X, and Y users to see only Y, yet retaining a
> singel drive letter for those who are in both groups....
>
> } able do it somehow. I don't want to screw this upgrade up, and any
> } help would be appreciated. I am hoping someone has already done it
> } before and has written a Howto or something about it.
>
> I'm thinking of putting it all down on paper when I've got it
> working.... don't hold your breath, I suspect I'll be way too busy
> for a while yet...
>
>
> --
> DA Fo rsyth Network Supervisor
> Principal Technical Officer -- Institute for Water Research
> http://www.ru.ac.za/institutes/iwr/
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list