We're almost at the stage of rolling out our new RH6.1/Samba server - one last item. We have some 60 users and 7 departments. Can I use/how do I use a logon script to log groups onto the server. I currently have 1 logon script per user, but a small change in 1 share means updating every script. Can I log them on by group ID but still map their personal shares with the %U flag so I then only have 7 scrpits? ----------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------- Unless otherwise agreed expressly in writing by Fesa UK Limited, this communication should be treated as confidential and the information contained therein may not be used or disclosed except for the purpose for which it was sent. If you are not the intended recipient of this communication, please contact the sender immediately. WARNING: Computer viruses can be transmitted by e-mail. The recipient should check this e-mail and any attachments for the presence of viruses. Fesa UK Limited accepts no liability for any damage caused by any virus transmitted by this e-mail. This e-mail and any attachments may not be copied or forwarded without the written permission of Fesa UK Limited. In the event of any copying or forwarding, the recipient will be required to indemnify Fesa UK Limited against any claim for loss or damage caused by any viruses or otherwise.
I use the following script in the root preexec field for the netlogon
share,called by tthis command:
perl /home/netlogon/logon_script %u %m %g
Then the logon script is set to :%u.bat
It works great with the only problem being with users belonging to
multiple groups, this will only select the users primary group to
create a logon script.
I am also including my root postexec script for the netlogon share.
#!/usr/bin/perl
#
# log when a user "logs into the network"
# and generate a custom logon script
#
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
$month = ('Jan', 'Feb', 'Mar', 'Apr',
'May', 'Jun', 'Jul', 'Sep', 'Oct',
'Nov', 'Dec')[$mon];
open LOG, ">>/var/log/samba/netlogon.log";
print LOG "$month $mday $hour:$min:$sec\t$ARGV[0] logged into
$ARGV[1]\n";
close LOG;
$command = "rm /home/netlogon/$ARGV[0].bat";
open (COMMAND, "|bash");
print COMMAND $command;
close (COMMAND);
open LOGON, ">>/home/netlogon/$ARGV[0].bat";
print LOGON "\@echo off\r\n";
print LOGON "set pml=h:\\pmail\r\n";
print LOGON "set pmr=h:\\pmail\r\n";
print LOGON "NET USE X: \\\\titan\\$ARGV[0]\r\n";
print LOGON "NET USE H: \\\\titan\\H\r\n";
print LOGON "NET USE I: \\\\titan\\I\r\n";
print LOGON "NET USE V: \\\\titan\\V\r\n";
if ($ARGV[2] eq 'engineering') {
print LOGON "NET USE J: \\\\titan\\J\r\n";
}
if ($ARGV[2] eq 'electrical') {
print LOGON "NET USE G: \\\\titan\\G\r\n";
}
if ($ARGV[2] eq 'imaging') {
print LOGON "NET USE S: \\\\roo\\smartcd\r\n";
print LOGON "NET USE T: \\\\roo\\image_vol\r\n";
print LOGON "NET USE U: \\\\roo\\sybase\r\n";
}
print LOGON "NET TIME \\\\titan /SET /YES\r\n";
close LOGON;
--------------------------------------------------------------------------------------------------
#!/usr/bin/perl
#
# log when a user "logs out of the network"
# and delete their logon script
#
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
$month = ('Jan', 'Feb', 'Mar', 'Apr',
'May', 'Jun', 'Jul', 'Sep', 'Oct',
'Nov', 'Dec')[$mon];
open LOG, ">>/var/log/samba/netlogon.log";
print LOG "$month $mday $hour:$min:$sec\t$ARGV[0] logged out.\n";
close LOG;
$command = "rm /home/netlogon/$ARGV[0].bat";
open (COMMAND, "|bash");
print COMMAND $command;
close (COMMAND);
On 8 Jan 00, at 2:16, Matthew Halliday wrote:
> We're almost at the stage of rolling out our new RH6.1/Samba server -
> one last item. We have some 60 users and 7 departments. Can I use/how
> do I use a logon script to log groups onto the server. I currently have
> 1 logon script per user, but a small change in 1 share means updating
> every script. Can I log them on by group ID but still map
> their personal shares with the %U flag so I then only have 7 scrpits?
>
>
-----------------------------------------------------------------------------------------------------------
>
-----------------------------------------------------------------------------------------------------------
> Unless otherwise agreed expressly in writing by Fesa UK Limited, this
> communication should be treated as confidential and the information
> contained therein may not be used or disclosed except for the purpose
> for which it was sent. If you are not the intended recipient of this
> communication, please contact the sender immediately.
> WARNING: Computer viruses can be transmitted by e-mail. The recipient
> should check this e-mail and any attachments for the presence of
> viruses. Fesa UK Limited accepts no liability for any damage caused
> by any virus transmitted by this e-mail. This e-mail and any
> attachments may not be copied or forwarded without the written
> permission of Fesa UK Limited. In the event of any copying or
> forwarding, the recipient will be required to indemnify Fesa UK
> Limited against any claim for loss or damage caused by any viruses or
> otherwise.
Brian Ginter
brian.ginter@southern-air.com
(804) 385-1277
Southern Air, Inc.
http://www.southern-air.com
> I use the following script in the root preexec field for the netlogon > share,called by tthis command: > perl /home/netlogon/logon_script %u %m %gAccording to smb.conf(1), %g only returns the primary group of the user (as you've noted below). If you want to retreive all the groups, you could forget about %g altogether and use perl's getgr routines and such to get all the groups that a user belongs to. This way, if a user belongs to, say, 2 groups, you could set up separate net use's, for example, that are appropriate for each group. If user A belongs to group 1 and user B belongs to group 2, you have different settings for each. What about user C who belongs to both groups 1 and 2 and needs both groups' settings? My take on it: You could set up an array of all the groups that a user belongs to like this: $username=$ARGV[0]; setgrent(); while (@grline=getgrent()) { (@users)=split(' ',$grline[3]); if (grep(/^$username$/,@users)) { push(@groups,$grline[0]); } } # Uncomment to debug #print "$username belongs to:\n"; #foreach $group (@groups) { # print "$group\n"; #} So, @groups is a list that contains all the group names that the user belongs to. See changes to your code below.> > Then the logon script is set to :%u.bat > > It works great with the only problem being with users belonging to > multiple groups, this will only select the users primary group to > create a logon script. >See above.> I am also including my root postexec script for the netlogon share. > > > #!/usr/bin/perl > # > # log when a user "logs into the network" > # and generate a custom logon script > # > ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = > localtime(time); > $month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', > 'Sep', 'Oct', 'Nov', 'Dec')[$mon]; > open LOG, ">>/var/log/samba/netlogon.log"; > print LOG "$month $mday $hour:$min:$sec\t$ARGV[0] logged into > $ARGV[1]\n"; > close LOG;That is really a great idea. Wish I'd thought of it. But don't Samba's log files give you this info already?> > $command = "rm /home/netlogon/$ARGV[0].bat"; > open (COMMAND, "|bash"); > print COMMAND $command; > close (COMMAND);Instead of all that, just use: unlink("/home/netlogon/$ARGV[0].bat"); (better check if that is syntactically correct, tho' ;) )> open LOGON, ">>/home/netlogon/$ARGV[0].bat"; > print LOGON "\@echo off\r\n"; > print LOGON "set pml=h:\\pmail\r\n"; > print LOGON "set pmr=h:\\pmail\r\n"; > print LOGON "NET USE X: \\\\titan\\$ARGV[0]\r\n"; > print LOGON "NET USE H: \\\\titan\\H\r\n"; > print LOGON "NET USE I: \\\\titan\\I\r\n"; > print LOGON "NET USE V: \\\\titan\\V\r\n"; >[snip]> > if ($ARGV[2] eq 'imaging') { > print LOGON "NET USE S: \\\\roo\\smartcd\r\n"; > print LOGON "NET USE T: \\\\roo\\image_vol\r\n"; > print LOGON "NET USE U: \\\\roo\\sybase\r\n"; > }Ok, now instead of using if ($ARGV[2])..., use grep: if (grep(/^imaging$/,@groups)) { print LOGON "net use .......\r\n" ... }> print LOGON "NET TIME \\\\titan /SET /YES\r\n"; > > close LOGON; > > -------------------------------------------------------------- > ------------------------------------ > > > #!/usr/bin/perl > # > # log when a user "logs out of the network" > # and delete their logon script > # > ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = > localtime(time); > $month = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', > 'Sep', 'Oct', 'Nov', 'Dec')[$mon]; > open LOG, ">>/var/log/samba/netlogon.log"; > print LOG "$month $mday $hour:$min:$sec\t$ARGV[0] logged out.\n"; > close LOG; > > $command = "rm /home/netlogon/$ARGV[0].bat"; > open (COMMAND, "|bash"); > print COMMAND $command; > close (COMMAND);Again, unlink("$ARGV[0].bat"); Just my $0.02... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3672 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20000107/acc38a2f/attachment.bin
[...]>> every script. Can I log them on by group ID but still map >> their personal shares with the %U flag so I then only have 7 scrpits?[...]> I use the following script in the root preexec field for the netlogon > share,called by tthis command: > perl /home/netlogon/logon_script %u %m %g[...] A "quick and dirty" solution could be to write 7 group logon batch scripts and call them in the users logon scripts, which would then look like this: NET USE X : /HOME NET USE Y: \\SERVER\SHARE CALL Y:\GROUP.BAT NET USE Y: /DELETE ... so you would only have to change the individual skript if the users changes his department. However, the perl / prexec solution is really sophisticated. stefan