Hi to all, I have recently set up a new linux serveur with SAMBA 3.0.4 + Openldap The server is PDC , users and groups are stored into LDAP All is working fine for the moment, I can join the domain without Pb on a W2k machine. but, Here is my problem : I've some users members of differents groups and not only the "main" group. Like user "joe" First Group : "admin" and secondary groups : "software" + "development" + "docs" Now, in the "netlogon" global login script that I've made : SARTUP.BAT I would like, to affect a drive letter for the user "joe" depending on his "groups membership" so : net use D: \\servershare\docs (joe is group membership of "docs") net use F: \\servershare\software (joe is group membership of "software" too) ... But I've noticed in the example script of source distrib. of SAMBA (genlogon.pl) that there is the use of %G witch is the main group of the user. looking in the man page of smb.conf , I didn' t see a parameter identifying a list of group membership for the user : %U My question now is : Has anyone had the same problem for groups membership into the login script, and how to solve this, perhaps doing some ldap searching into the login script ? Have a nice day Xavier -- Xavier mailto: x.poirier@free.fr
>I've some users members of differents groups and not only the "main" group. >Like user "joe" First Group : "admin" and secondary groups : "software" + >"development" + "docs" > > ><snip> <>My question now is : > > Has anyone had the same problem for groups membership into the login > script, and > how to solve this, perhaps doing some ldap searching into the login > script ?We do this exact thing in our login scripts, in a bit of a different way. What we do is have a perl script generate the login script on the fly for each user.<> To set this up, we used the 'root preexec' option on the netlogon share: [netlogon] path = /opt/samba/share/netlogon browseable = No root preexec = /opt/samba/bin/prelogon.pl %U This calls the script with the username as a parameter. Now in the script the first few lines do something like this: #!/usr/bin/perl $user = $ARGV[0]; $groups = `/usr/bin/groups $user`; chomp $groups; open (LOGON,">/opt/samba/share/netlogon/$user.bat"); This section of code gets the user from the command line and uses the system 'groups' command to get the groups the user is a member of. It also opens the logon script file. Later I do this: if ( $groups =~ m/itadmin/ ) { print LOGON "NET USE Q: \\\\fgoserv\\itadmin\r\n"; } You can do all sorts of other fun stuff in here, like auto-create the profile directories, etc. if you're so inclined. We were using the ifmember program that comes with the windows server (I think) disks, but that caused problems with secondary group membership. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:pgienger@ae-solutions.com
>Now, in the "netlogon" global login script that I've made : SARTUP.BAT >I would like, to affect a drive letter for the user "joe" depending on his >"groups membership" so : > >net use D: \\servershare\docs (joe is group membership of "docs") >net use F: \\servershare\software (joe is group membership of "software"too)>...I got by this using the ifmember.exe distributed my Microsoft. By using the following syntax in the .bat I was able to map drives based on group @echo off ifmember docs if not errorlevel 1 goto group2 net use D: \\servershare\docs group2: ifmember software if not errorlevel 1 goto group2 net use F: \\servershare\software :quit If you do a search of ifmember.exe you'll find the install from MS, once you've installed it (default is something like c:\Program Files\Resource Kit) Copy the ifmember.exe to your windows directory... This was the easiest solution. takes a few seconds to install on a machine. _____________________________________________________________________________ Matthew Koster Customer Support Technician International Datacasting Corporation http://www.intldata.ca 613-596-4120 ext 254 This message, and the documents attached hereto, is intended only for the addressee and may contain privileged or confidential information. Any unauthorized disclosure is strictly prohibited. If you have received this message in error, please notify us immediately so that we may correct our internal records. Please then delete the original message. Thank you.