Kristyan Osborne
2002-Mar-25 00:27 UTC
[Samba] group based login scripts other thatn primary(wasifmember.exe)
Try Kixtart, it does all you want and more. Cheers ------------- Kristyan Osborne IT Assistant Manager Longhill High School -----Original Message----- From: John Benedetto [mailto:jbenedet@unm.edu] Sent: 22 March 2002 15:07 To: samba@lists.samba.org Cc: Barry Smoke Subject: Re: [Samba] group based login scripts other thatn primary(wasifmember.exe) --On Thursday, March 21, 2002 4:36 PM -0600 Barry Smoke <barry@arhosting.com> wrote:> has anyone poked around with ifmember.exe from the nt resource kits?Nope.> could another DOS program be written to ask samba about what groups a > user belongs to?I don't think so, since Samba isn't really tied to the group membership like you are thinking... (though I would want a Samba team member to verify that for me to be sure :-) - john -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Barry Smoke
2002-Mar-26 16:51 UTC
[Samba] group based login scripts other thatn primary(wasifmember.exe)
This below is from another thread, but sounds like it is exactly what I was looking for.... My question is, couldn't the linux groups file be used , or smbgroups be implemented into samba, where we have some native support for this.... I think simplifying this is really needed for SAMBA. -----Original Message----- From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org] On Behalf Of Richard Smart Sent: Monday, February 25, 2002 3:10 AM To: K. Hawkes Cc: samba@lists.samba.org Subject: Re: [Samba] Group Login Scripts in Samba 2.2.3? I used a slightly different approach to solve this problem using a single login script. The solution is in two parts On the Linux/Samba side use a pre-exec script in the netlogon share to create a text file of the groups the user is in i.e groups > /home/%u/grouplist.txt and a post-exec script in the netlogon share to delete this file on logout i.e rm -f /home/%u/grouplist.txt On the windows side I created a small program in C that read the file (grouplist.txt) (accessable via the 'homes' share) and used an exit vale of 0 or 1 to confirm if a particular group was included in the list. I used this program from within the login script and the DOS ERRORLEVEL command to branch depending on wether the user was a member of the requested group. The command line parameters to the program where the group being checked, and the name of the text with the group listing in it. The login script used lines like this (my prog was called member.exe) Z:\member \\servername\homes\grouplist.txt staff IF NOT ERRORLEVEL 1 goto (next part of login script) do stuff here for members of staff group I stored the member.exe prog in the netlogon share hence the Z: reference. We use this approach on a school lan with about 150 users and no problems to date (after 15 months of use). If this is of any use I can supply the executable and C source code on request. Richard Smart On 24 Mar 2002 at 21:16, K. Hawkes wrote:> > It would be much easier to just set the variable in the login.batfile and> > do what you need inside of the script. You can't send command line > > switches to the logon script from this directive. You could usemultiple> > logon scripts like '%U.bat'. This would mean that each user hadthere own> > script. You could then make this script call another script like > 'login.bat > > %username%' or something. But, by far the easiest method is to usea> single > > script that will handle multiple users and groups. > > > > -- > > Brian > > Brian, > > It would be easier yes, but on the Windows' side of things, it doesnot have> access to /etc/passwd or /etc/group, > so how can I use the single login script to determine what group auser is> in? That's why I wrote the C program for, which will > search for the given username etc... Windows doesn't have this, I canport> it to Win32 but I'd rather not as I'd then need to > copy the /etc/group and /etc/passwd files. Each user having their own > script is a problem, we have 1500+ users and we don't have > time to setup 1500+ login scripts, we thought it would be easy toimplement> group-based logins. > > Seems that's not the case and never was, anyone out there with anyother> suggestions as to enable the use of group logins? > > Thanks > > Kris > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -----Original Message----- From: Brian Whitehead [mailto:bwhitehd@earthlink.net] Sent: Monday, March 25, 2002 6:45 AM To: Barry Smoke Subject: Re: [Samba] group based login scripts other thatn primary(wasifmember.exe) I have been using ifmember.exe for several years. It works great for NT/2k clients, but will not work with 9x clients. Major drawback. A perl or kixtart script would work much better in handling this if you need to support Win9x clients. -- Brian ----- Original Message ----- From: "Barry Smoke" <barry@arhosting.com> To: "John Benedetto" <jbenedet@unm.edu> Cc: <samba@lists.samba.org> Sent: Thursday, March 21, 2002 4:36 PM Subject: Re: [Samba] group based login scripts other thatn primary(wasifmember.exe)> Thanks everyone for the responses, but this seems like a very > complicated solution, where samba could simply answer a ifmember.exe > with every unix group that user belongs to... > > has anyone poked around with ifmember.exe from the nt resource kits? > > could another DOS program be written to ask samba about what groups a > user belongs to? > > We have customized our smb.conf files, and login scripts to a point to > where I really would rather stay away from dynamically generated ones. > > > > On Thu, 2002-03-21 at 11:38, John Benedetto wrote: > > --On Thursday, March 21, 2002 9:18 AM -0600 Barry Smoke > > <barry@arhosting.com> wrote: > > > > > This is one of the only drawbacks I've found so far, is that youcan't> > > do log-in scripts based on a person's membership to group otherthan> > > their primary group. > > > > > > Or did I miss something? > > > > Yes. > > > > There are a number of resources detailing how to do this... here isone> > online: http://www.phonax.com/fileservers/index.shtml and RichardSharpe's> > Que Special Edition Using Samba book also has details. > > > > In a nutshell: do a root pre-exec to execute a script - be it Perl,or> > shell, or whatever your preference. That script dynamically buildsa logon> > script, on the fly, for the user. One of the things you can do ishave the> > script walk through the /etc/group file, and pull 'secondary'memberships,> > for logging in. That batch file is then sent down to the clientduring> > logon, and executed on the client side. > > > > - john > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >