[Samba] Upgrade Novell 4.11 to Samba 3.0.7 wisdom needed

kent kent at mail.wareham.mec.edu
Wed Sep 22 09:04:25 GMT 2004

I ran into this problem in the past but have since resolved group issues. 
First of all I am currently using: 
RedHat 8.0 
OpenLDAP 2.1.30 
Berkeley DB 4.2.52 LDAP backend 
Samba 3.0.0 
(1) PDC (5) BDC many, (1) master OpenLDAP (6) slave OpenLDAP 
These reside in different buildings around town. 
All groups and users exist in the LDAP directory, there are only a few local 
user accounts. I used authconfig to move authentication to LDAP where each 
server has a copy of the directory. You should also add a line to system-auth: 
account     sufficient    /lib/security/pam_localuser.so 
This allows logon to a local account in the event LDAP is down. 
In smb.conf in the netlogon share I have: 
        comment = Netlogon share 
        root preexec = /usr/local/samba/netlogon/prelogon.pl %U 
        path = /usr/local/samba/netlogon 
        locking = no 
        browseable = no 
        read only = yes 
        hide files = /*.dll/*.rap/*.kix/*.bat/*.pl/ 
The prelogon.pl creates individual batch files for the user based on group 
membership. Here is some of prelogon.pl: 
$user = $ARGV[0]; 
$groups = `/usr/bin/groups $user`; 
chomp $groups; 
open (LOGON,">/usr/local/samba/netlogon/$user.bat"); 
# Cafeteria maps 
if ($groups =~ m/whs-cafe/ ) { 
print LOGON "net use q: \\\\whs1\\cafeteria /yes\r\n"; 
f ($groups =~ m/whsstaff/ ) { 
print LOGON "net use s: \\\\whs1\\staff /yes\r\n"; 
print LOGON "net use p: \\\\whs1\\common /yes\r\n"; 
close (LOGON); 
The first part of the logon process calls either an assigned script that is in 
LDAP or the default that is in smb.conf. Here is the default whs1.bat: 
net time \\whs1 /set /y 
rem \\whs1\pca\PCAnalyser.exe /ignore all 
net use H: /HOME /yes 
net use x: \\whs1\netlogon 
net use p: \\whs1\programs 
x:\wkix32.exe whs1.kix 
This calls a kixtart script processor script whs1.kix that does stuff based on 
CD \ 
If @PRODUCTTYPE = "Windows 95" 
        Shell "w9x.bat" 
        Shell "@USERID.bat" 
If @PRODUCTTYPE = "Windows 98" 
        Shell "w9x.bat" 
        Shell "@USERID.bat" 
If @PRODUCTTYPE = "Windows 2000 Professional" 
        Shell "@USERID.bat" 
        Shell "\\whs1\netlogon\runasp.exe whs1xp.rap" 
If @PRODUCTTYPE = "Windows XP Home Edition" 
        Shell "@USERID.bat" 
        Shell "\\whs1\netlogon\runasp.exe whs1xp.rap" 
If @PRODUCTTYPE = "Windows XP Professional" 
        Shell "@USERID.bat" 
        Shell "\\whs1\netlogon\runasp.exe whs1xp.rap" 
The USERID.bat was the batch file created by prelogon.pl. The additional batch 
file and runasp.exe are used to update virus definitions. 
Since everything is located in the netlogon directory I sync these at night 
with rsync. If a person from one building logons into the system in another 
building they get the correct drive mappings based on group membership. Their 
logon script exists in LDAP and group membership used by prelogon.pl comes 
from LDAP which is common to all servers. 
Hope this helps.  
Kent N 
iwrTech at iwr.ru.ac.za wrote:  
> On 21 Sep 2004 , Misty Stanley-Jones entreated about 
>  "[Samba] Upgrade Novell 4.11 to Samba 3.0.7 wisdom": 
> } Has anybody done such a thing as this?  I'm looking to make this 
> } transition as smooth as possible.  I have the new fileserver up and 
> I'm busy replacing a Netware 3.12 box.... with FreeBSD 5.2.1 and  
> Samba 3.0.7 
> } running, and I'm using rsync to keep the Novell data current on the 
> 3.12 won't do fancy stuff like that, and when I tried to use  
> mount_nwfs I rather successfully locked up the BSD box completely.   
> through several tries with different configs.  so I'll be  
> transferring data via a PC with mappings to both systems... 
> } Samba server.  Any words of advice on transferring the users and groups 
> } and permissions over to the new server in the least painful way 
> } possible?  I have some idea that Novell uses LDAP so that I should be 
> My system needs a makeover so I'm not transferring so much as re- 
> engineering, so can't help you much.   I'm creating new groups to  
> mirror some of the existing Novell groups, dropping some, and adding  
> others.  My big hurdle at the moment is figuring a way round the  
> sheer versatility I had on the Novell box.... 
> ie, have a volume named 'graf' 
> a folder on that is assigned to software pacakge X users 
> another folder is assigned to software package Y users 
> drive mappings to the relevant folder are done via group membership. 
> and I can't think of a way to do that with Samba in a way that allos  
> X users to see only X, and Y users to see only Y, yet retaining a  
> singel drive letter for those who are in both groups.... 
> } able do it somehow.  I don't want to screw this upgrade up, and any 
> } help would be appreciated.  I am hoping someone has already done it 
> } before and has written a Howto or something about it. 
> I'm thinking of putting it all down on paper when I've got it  
> working.... don't hold your breath, I suspect I'll be way too busy  
> for a while yet... 
> -- 
>        DA Fo rsyth            Network Supervisor 
> Principal Technical Officer  -- Institute for Water Research 
> http://www.ru.ac.za/institutes/iwr/ 
> --  
> To unsubscribe from this list go to the following URL and read the 
> instructions:  http://lists.samba.org/mailman/listinfo/samba 

More information about the samba mailing list