samba - Jun 2008 - different logon scripts and mappings for individual users

i'm not sure how to create different logon scripts for different
users. right now i have one logon script called 'logon.bat' that maps
all users to a server share and syncs the time with the server. i need
to be able to map different users to different server shares. not all
users should be mapped to all server shares. these should be automatic
mappings.

for example:

user1 should only be automatically mapped to music/ share when he logs in.
user2 should only be automatically mapped to photos /share when he logs in.

in the global section:

        logon script = scripts\%U.bat

then have a script for each user by their username.bat

Leandro Tracchia wrote:
> i'm not sure how to create different logon scripts for different
> users. right now i have one logon script called 'logon.bat' that
maps
> all users to a server share and syncs the time with the server. i need
> to be able to map different users to different server shares. not all
> users should be mapped to all server shares. these should be automatic
> mappings.
>
> for example:
>
> user1 should only be automatically mapped to music/ share when he logs in.
> user2 should only be automatically mapped to photos /share when he logs in.
>

really? i'm glad i only have 18 users. what if there is a common set
of server shares that i would want everyone to map to, with exception
of a handful of users. would i still be forced to have a script for
each individual user???

On Tue, Jun 17, 2008 at 12:21 PM, Adam Williams
<awilliam@mdah.state.ms.us> wrote:
> in the global section:
>
>       logon script = scripts\%U.bat
>
> then have a script for each user by their username.bat
>
> Leandro Tracchia wrote:
>>
>> i'm not sure how to create different logon scripts for different
>> users. right now i have one logon script called 'logon.bat'
that maps
>> all users to a server share and syncs the time with the server. i need
>> to be able to map different users to different server shares. not all
>> users should be mapped to all server shares. these should be automatic
>> mappings.
>>
>> for example:
>>
>> user1 should only be automatically mapped to music/ share when he logs
in.
>> user2 should only be automatically mapped to photos /share when he logs
>> in.
>>
>
>

On 6/17/2008, Leandro Tracchia (ltracchia@gmail.com)
wrote:
> i'm not sure how to create different logon scripts for different
> users. right now i have one logon script called 'logon.bat' that
maps
> all users to a server share and syncs the time with the server. i need
> to be able to map different users to different server shares. not all
> users should be mapped to all server shares. these should be automatic
> mappings.
> 
> for example:
> 
> user1 should only be automatically mapped to music/ share when he logs in.
> user2 should only be automatically mapped to photos /share when he logs in.
Here's my Global Logon script:

**********************************

echo off
cls
net time \\mytimeserver /set /y

if exist C:\WINDOWS\system32\ISMEMBER.EXE goto map-all
if exist y: net use y: /del
net use y: \\mypdc\installers /persistent:no
copy y:\Free\ISMEMBER.EXE c:\WINDOWS\system32\
copy y:\Free\OSVER.EXE c:\WINDOWS\system32\

:map-all
call \\mypdc\netlogon\unmap-all.bat
call \\mypdc\netlogon\map-all.bat

if %username% == user1 net use f: \\myotherserver\Share1 /persistent:no

ISMEMBER "MyDomain\Group1"
if errorlevel 1 net use j: \\mypdc\Share1 /persistent:no

ISMEMBER "MyDomain\Group2"
if errorlevel 1 call \\mypdc\netlogon\Group2.bat

ISMEMBER "MyDomain\Group3"
if errorlevel 1 net use q: \\myotherserver\Share2 /persistent:no

ISMEMBER "MyDomain\Group4"
if errorlevel 1 net use s: \\mypdc\Share2 /persistent:no

:end

************************************

Then each Group and/or user can have their own - or not.

map-all maps drives that are common to everyone
unmap-all unmaps *all* mapped drives

ISMEMBER.EXE and OSVER.EXE (which I don't use anymore) are available 
free online from microsoft.

-- 

Best regards,

Charles

---------- Forwarded message ----------
From: Leandro Tracchia <ltracchia@gmail.com>
Date: Wed, Jun 18, 2008 at 8:26 AM
Subject: Re: [Samba] different logon scripts and mappings for individual users
To: Charlie <medievalist@gmail.com>


my company is nowhere near that type of need but its good to know that
capability exists. thanks!

On Tue, Jun 17, 2008 at 6:22 PM, Charlie <medievalist@gmail.com>
wrote:
> We use a perl script that accesses our LDAP directory and dynamically
> constructs the login script based on the IP address of the user (which
> gives us the physical location) and the user groups the person belongs
> to.  It gets invoked from smb.conf like this:
>
> [global]
>       logon script = %U.bat
>
> [netlogon]
>        path = /var/lib/samba/netlogon
>        root preexec = perl /var/lib/samba/scripts/logonscript.pl %U %M %m
%a %I
>        root postexec = perl /var/lib/samba/scripts/logoutscript.pl %U %M %m
%a
>
> The dynamically generated %U.bat file is used to install software,
> tweak the registry, map drives, etc. etc. and basically serves the
> same purpose as Windows group policies.  I can't show you ours
> (sorry!) but you can get the general idea from
> http://freshmeat.net/projects/exampleadvancedsambaloginscript/ which
> is the script that inspired us to build our own (thanks Raymond!)
>
> We've been doing this successfully since around 2001.  The perl script
> has grown to integrate our RADIUS and websense stuff, so that
> adjusting a person's internet access is as simple as modifying their
> LDAP attributes in ldapadmin or any similar tool.  It's wonderfully
> efficient, hundreds of users on each logon server without incurring
> the high licensing costs of Microsoft PDCs.
>
> --Charlie
>
> On Tue, Jun 17, 2008 at 3:32 PM, Leandro Tracchia
<ltracchia@gmail.com> wrote:
>> wow thats very helpful (i didn't realize the logon script could be
>> that complicated). thanks!!
>>
>> On Tue, Jun 17, 2008 at 2:00 PM, Charles Marcus
>> <CMarcus@media-brokers.com> wrote:
>>> On 6/17/2008, Leandro Tracchia (ltracchia@gmail.com) wrote:
>>>>
>>>> i'm not sure how to create different logon scripts for
different
>>>> users. right now i have one logon script called
'logon.bat' that maps
>>>> all users to a server share and syncs the time with the server.
i need
>>>> to be able to map different users to different server shares.
not all
>>>> users should be mapped to all server shares. these should be
automatic
>>>> mappings.
>>>>
>>>> for example:
>>>>
>>>> user1 should only be automatically mapped to music/ share when
he logs in.
>>>> user2 should only be automatically mapped to photos /share when
he logs
>>>> in.
>>>
>>> Here's my Global Logon script:
>>>
>>> **********************************
>>>
>>> echo off
>>> cls
>>> net time \\mytimeserver /set /y
>>>
>>> if exist C:\WINDOWS\system32\ISMEMBER.EXE goto map-all
>>> if exist y: net use y: /del
>>> net use y: \\mypdc\installers /persistent:no
>>> copy y:\Free\ISMEMBER.EXE c:\WINDOWS\system32\
>>> copy y:\Free\OSVER.EXE c:\WINDOWS\system32\
>>>
>>> :map-all
>>> call \\mypdc\netlogon\unmap-all.bat
>>> call \\mypdc\netlogon\map-all.bat
>>>
>>> if %username% == user1 net use f: \\myotherserver\Share1
/persistent:no
>>>
>>> ISMEMBER "MyDomain\Group1"
>>> if errorlevel 1 net use j: \\mypdc\Share1 /persistent:no
>>>
>>> ISMEMBER "MyDomain\Group2"
>>> if errorlevel 1 call \\mypdc\netlogon\Group2.bat
>>>
>>> ISMEMBER "MyDomain\Group3"
>>> if errorlevel 1 net use q: \\myotherserver\Share2 /persistent:no
>>>
>>> ISMEMBER "MyDomain\Group4"
>>> if errorlevel 1 net use s: \\mypdc\Share2 /persistent:no
>>>
>>> :end
>>>
>>> ************************************
>>>
>>> Then each Group and/or user can have their own - or not.
>>>
>>> map-all maps drives that are common to everyone
>>> unmap-all unmaps *all* mapped drives
>>>
>>> ISMEMBER.EXE and OSVER.EXE (which I don't use anymore) are
available free
>>> online from microsoft.
>>>
>>> --
>>>
>>> Best regards,
>>>
>>> Charles
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>