Re: [Samba] logon scripts by group

2004-10-06 Thread rruegner 
Misty Stanley-Jones schrieb:
Hi,
I am having a hard time figuring out how to have logon scripts that only 
execute if the user is a member of a certain group.  I had the smart idea of 
putting the supplemental logon script in a share only available to the group, 
and then calling it from the normal logon script using "CALL 
"path_to_script".  However it looks like it always executes that CALL even if 
the user is not part of a group, and I don't want to confuse my users by the 
text that goes into the DOS window that pops up to run the logon scripts.  
Also, somehow I feel like there must be a better way to do this, some way to 
query Samba for group membership as the user logs in.

Also, is there a such thing as a logoff script?  Or do I need to put those 
things in postexec scripts?  (things like "net use /d *")

Thanks for your assistance to this non-Windows user!
Misty
hi,
the simpelst way is to use to create one default script for every user
default.bat and write a ifmember statement ( ifmember.exe is in the win 
resource kit) which leads then to a "group.bat".
there is also a tool called hidecmd to make the popup at logon unvisible
and cpau ( with crypt ) to give admin rights if you desire to implement
higher access statements.
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] logon scripts by group

2004-10-06 Thread Lee Baker 
Step 1: 
Create a NETLOGON share with a group variable in the path
e.g. /domain_data/netlogon_shares/%g

Step 2:
In the [globals] section of your conf file enter the name of your script
for 'logon script' (e.g. login.bat)

Step 3:
On your samba PDC create folders for each group name in
/domain_data/netlogon/ (or whatever location you have chosen)
make sure that users will have read only access.

Step 4:
Put your login.bat scripts in each folder (you may want to use symbolic
links if many groups use the same script - it will make it easier to
edit in future).

Hope this helps,

Lee Baker

-Original Message-
Sent: 06 October 2004 16:33
To: [EMAIL PROTECTED]
Subject: [Samba] logon scripts by group

Hi,

I am having a hard time figuring out how to have logon scripts that only

execute if the user is a member of a certain group.  I had the smart
idea of 
putting the supplemental logon script in a share only available to the
group, 
and then calling it from the normal logon script using "CALL 
"path_to_script".  However it looks like it always executes that CALL
even if 
the user is not part of a group, and I don't want to confuse my users by
the 
text that goes into the DOS window that pops up to run the logon
scripts.  
Also, somehow I feel like there must be a better way to do this, some
way to 
query Samba for group membership as the user logs in.

Also, is there a such thing as a logoff script?  Or do I need to put
those 
things in postexec scripts?  (things like "net use /d *")

Thanks for your assistance to this non-Windows user!

Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] logon scripts by group

2004-10-06 Thread Paul Gienger 

I am having a hard time figuring out how to have logon scripts that only 
execute if the user is a member of a certain group.  
 

We got around a problem like that here initially by using the ifmember 
tool, however that only returned the primary group, at the time that was 
under 2.2.x. 

To get around THAT problem I started writing pre-exec scripts attached 
to the netlogon share.  What I do is define this as netlogon:

[netlogon]
   path = /opt/samba/share/netlogon
   browseable = No
   root preexec = /local/scripts/prelogon.pl '%U'
Which then generates a script for the user with their name that has the 
commands that they need to run according to this global line:
logon script = %U.bat

In the script I do something like this:
$groups = `/usr/bin/groups $user`;
open (LOGON,">/opt/samba/share/netlogon/$user.bat");
if ( $groups =~ m/itadmin/ )
{
   print LOGON "NET USE Q: fgoserv\\itadmin\r\n";
}
That's perl in case you aren't fluent, but I imagine you could use any 
scripting language and probably do fun stuff like direct ldap queries if 
that's where you store your posix data, but this works well for us.

things in postexec scripts?  (things like "net use /d *")
 

I believe if you use the /persistant:no flag on your mounts then they 
won't come back when you log back in, but I could be wrong.  That won't 
solve the problem of the users adding mapped drives that you don't 
want.  For that reason I delete the drives first elsewhere in the 
script.  The pre/post exec lines execute on the server, not the client, 
so they need to be unix scripts/commands, not windows batch executables.

--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. 
Information Systems Consultant   Fax:701-281-1322
URL: www.ae-solutions.commailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba