[Samba] Upgrade Novell 4.11 to Samba 3.0.7 wisdom needed

John H Terpstra jht at samba.org
Wed Sep 22 15:58:51 GMT 2004 

Kent,

Thank you for documenting this for the benefit of samba users. I am wondering, 
would you mind documenting your configuration further for inclusion as a 
chapter, or addition to a chapter, in the Samba-Guide? I'd encourage you to 
do so as it adds significantly to the knowledge bank for those who want to 
deploy samba in large environments.

Cheers,
John T.

On Wednesday 22 September 2004 03:04, kent wrote:
> Hello,
> I ran into this problem in the past but have since resolved group issues.
> First of all I am currently using:
> RedHat 8.0
> OpenLDAP 2.1.30
> Berkeley DB 4.2.52 LDAP backend
> Samba 3.0.0
> (1) PDC (5) BDC many, (1) master OpenLDAP (6) slave OpenLDAP
> These reside in different buildings around town.
>
> All groups and users exist in the LDAP directory, there are only a few
> local user accounts. I used authconfig to move authentication to LDAP where
> each server has a copy of the directory. You should also add a line to
> system-auth: account     sufficient    /lib/security/pam_localuser.so
>
> This allows logon to a local account in the event LDAP is down.
>
> In smb.conf in the netlogon share I have:
>
> [netlogon]
>         comment = Netlogon share
>         root preexec = /usr/local/samba/netlogon/prelogon.pl %U
>         path = /usr/local/samba/netlogon
>         locking = no
>         browseable = no
>         read only = yes
>         hide files = /*.dll/*.rap/*.kix/*.bat/*.pl/
>
> The prelogon.pl creates individual batch files for the user based on group
> membership. Here is some of prelogon.pl:
>
> #!/usr/bin/perl
> $user = $ARGV[0];
> $groups = `/usr/bin/groups $user`;
> chomp $groups;
> open (LOGON,">/usr/local/samba/netlogon/$user.bat");
> #
> # Cafeteria maps
> #
> if ($groups =~ m/whs-cafe/ ) {
> print LOGON "net use q: \\\\whs1\\cafeteria /yes\r\n";
> }
> f ($groups =~ m/whsstaff/ ) {
> print LOGON "net use s: \\\\whs1\\staff /yes\r\n";
> print LOGON "net use p: \\\\whs1\\common /yes\r\n";
> }
> close (LOGON);
>
> The first part of the logon process calls either an assigned script that is
> in LDAP or the default that is in smb.conf. Here is the default whs1.bat:
>
> net time \\whs1 /set /y
> rem \\whs1\pca\PCAnalyser.exe /ignore all
> NNN0XXXXXX1PNN535495%apppath%\netdiscover\%computername%.pca
> net use H: /HOME /yes
> net use x: \\whs1\netlogon
> net use p: \\whs1\programs
> x:
> x:\wkix32.exe whs1.kix
>
> This calls a kixtart script processor script whs1.kix that does stuff based
> on OS:
>
> CLS
> x:
> CD \
> If @PRODUCTTYPE = "Windows 95"
>         Shell "w9x.bat"
>         Shell "@USERID.bat"
> EndIf
> If @PRODUCTTYPE = "Windows 98"
>         Shell "w9x.bat"
>         Shell "@USERID.bat"
> EndIf
> If @PRODUCTTYPE = "Windows 2000 Professional"
>         Shell "@USERID.bat"
>         Shell "\\whs1\netlogon\runasp.exe whs1xp.rap"
> EndIf
> If @PRODUCTTYPE = "Windows XP Home Edition"
>         Shell "@USERID.bat"
>         Shell "\\whs1\netlogon\runasp.exe whs1xp.rap"
> EndIf
> If @PRODUCTTYPE = "Windows XP Professional"
>         Shell "@USERID.bat"
>         Shell "\\whs1\netlogon\runasp.exe whs1xp.rap"
> EndIf
> EXIT
>
> The USERID.bat was the batch file created by prelogon.pl. The additional
> batch file and runasp.exe are used to update virus definitions.
>
> Since everything is located in the netlogon directory I sync these at night
> with rsync. If a person from one building logons into the system in another
> building they get the correct drive mappings based on group membership.
> Their logon script exists in LDAP and group membership used by prelogon.pl
> comes from LDAP which is common to all servers.
>
> Hope this helps.
>
>
> Kent N
>
> iwrTech at iwr.ru.ac.za wrote:
> > On 21 Sep 2004 , Misty Stanley-Jones entreated about
> >  "[Samba] Upgrade Novell 4.11 to Samba 3.0.7 wisdom":
> >
> > } Has anybody done such a thing as this?  I'm looking to make this
> > } transition as smooth as possible.  I have the new fileserver up and
> >
> > I'm busy replacing a Netware 3.12 box.... with FreeBSD 5.2.1 and
> > Samba 3.0.7
> >
> > } running, and I'm using rsync to keep the Novell data current on the
> >
> > 3.12 won't do fancy stuff like that, and when I tried to use
> > mount_nwfs I rather successfully locked up the BSD box completely.
> > through several tries with different configs.  so I'll be
> > transferring data via a PC with mappings to both systems...
> >
> > } Samba server.  Any words of advice on transferring the users and groups
> > } and permissions over to the new server in the least painful way
> > } possible?  I have some idea that Novell uses LDAP so that I should be
> >
> > My system needs a makeover so I'm not transferring so much as re-
> > engineering, so can't help you much.   I'm creating new groups to
> > mirror some of the existing Novell groups, dropping some, and adding
> > others.  My big hurdle at the moment is figuring a way round the
> > sheer versatility I had on the Novell box....
> > ie, have a volume named 'graf'
> > a folder on that is assigned to software pacakge X users
> > another folder is assigned to software package Y users
> > drive mappings to the relevant folder are done via group membership.
> >
> > and I can't think of a way to do that with Samba in a way that allos
> > X users to see only X, and Y users to see only Y, yet retaining a
> > singel drive letter for those who are in both groups....
> >
> > } able do it somehow.  I don't want to screw this upgrade up, and any
> > } help would be appreciated.  I am hoping someone has already done it
> > } before and has written a Howto or something about it.
> >
> > I'm thinking of putting it all down on paper when I've got it
> > working.... don't hold your breath, I suspect I'll be way too busy
> > for a while yet...
> >
> >
> > --
> >        DA Fo rsyth            Network Supervisor
> > Principal Technical Officer  -- Institute for Water Research
> > http://www.ru.ac.za/institutes/iwr/
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.

More information about the samba mailing list