Re: [Samba] logon scripts by group
Misty Stanley-Jones schrieb: Hi, I am having a hard time figuring out how to have logon scripts that only execute if the user is a member of a certain group. I had the smart idea of putting the supplemental logon script in a share only available to the group, and then calling it from the normal logon script using "CALL "path_to_script". However it looks like it always executes that CALL even if the user is not part of a group, and I don't want to confuse my users by the text that goes into the DOS window that pops up to run the logon scripts. Also, somehow I feel like there must be a better way to do this, some way to query Samba for group membership as the user logs in. Also, is there a such thing as a logoff script? Or do I need to put those things in postexec scripts? (things like "net use /d *") Thanks for your assistance to this non-Windows user! Misty hi, the simpelst way is to use to create one default script for every user default.bat and write a ifmember statement ( ifmember.exe is in the win resource kit) which leads then to a "group.bat". there is also a tool called hidecmd to make the popup at logon unvisible and cpau ( with crypt ) to give admin rights if you desire to implement higher access statements. Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] logon scripts by group
Step 1: Create a NETLOGON share with a group variable in the path e.g. /domain_data/netlogon_shares/%g Step 2: In the [globals] section of your conf file enter the name of your script for 'logon script' (e.g. login.bat) Step 3: On your samba PDC create folders for each group name in /domain_data/netlogon/ (or whatever location you have chosen) make sure that users will have read only access. Step 4: Put your login.bat scripts in each folder (you may want to use symbolic links if many groups use the same script - it will make it easier to edit in future). Hope this helps, Lee Baker -Original Message- Sent: 06 October 2004 16:33 To: [EMAIL PROTECTED] Subject: [Samba] logon scripts by group Hi, I am having a hard time figuring out how to have logon scripts that only execute if the user is a member of a certain group. I had the smart idea of putting the supplemental logon script in a share only available to the group, and then calling it from the normal logon script using "CALL "path_to_script". However it looks like it always executes that CALL even if the user is not part of a group, and I don't want to confuse my users by the text that goes into the DOS window that pops up to run the logon scripts. Also, somehow I feel like there must be a better way to do this, some way to query Samba for group membership as the user logs in. Also, is there a such thing as a logoff script? Or do I need to put those things in postexec scripts? (things like "net use /d *") Thanks for your assistance to this non-Windows user! Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] logon scripts by group
I am having a hard time figuring out how to have logon scripts that only execute if the user is a member of a certain group. We got around a problem like that here initially by using the ifmember tool, however that only returned the primary group, at the time that was under 2.2.x. To get around THAT problem I started writing pre-exec scripts attached to the netlogon share. What I do is define this as netlogon: [netlogon] path = /opt/samba/share/netlogon browseable = No root preexec = /local/scripts/prelogon.pl '%U' Which then generates a script for the user with their name that has the commands that they need to run according to this global line: logon script = %U.bat In the script I do something like this: $groups = `/usr/bin/groups $user`; open (LOGON,">/opt/samba/share/netlogon/$user.bat"); if ( $groups =~ m/itadmin/ ) { print LOGON "NET USE Q: fgoserv\\itadmin\r\n"; } That's perl in case you aren't fluent, but I imagine you could use any scripting language and probably do fun stuff like direct ldap queries if that's where you store your posix data, but this works well for us. things in postexec scripts? (things like "net use /d *") I believe if you use the /persistant:no flag on your mounts then they won't come back when you log back in, but I could be wrong. That won't solve the problem of the users adding mapped drives that you don't want. For that reason I delete the drives first elsewhere in the script. The pre/post exec lines execute on the server, not the client, so they need to be unix scripts/commands, not windows batch executables. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba