samba - Apr 2003 - general question - help creating a login script to pass a RPC to create symblinks from win2k on linux

Hi,

I am new to samba and Linux and need some help coming up with a solution to
a nerve racking problem.



Here is what we are trying to do.



Users log into an NT environment (accessing shares via samba running on
Linux/Aix).

The user should only see and have access to the share(s) he/she has been
assigned to. Similar to Novell "map root" or symbolic links.



Our issue is try to figure out a way to pass a remote call from the NT login
script running on the PDC or BDC to the AIX/ Linux file system to make the
necessary symbolic links for the user that just logged in.

.

If someone out there has already accomplished what we are trying to do or
know of how we can go about getting this done any and all information would
be greatly appreciated.

Thanks in advance.
Lc

Begin forwarded message:
> From: maillist <maillist@qinternet.com>
> Date: Sun Apr 27, 2003  7:42:44  PM US/Eastern
> To: "dsomer" <dsomer@attbi.com>
> Subject: Re: [Samba] general question - help creating a login script 
> to pass a RPC to create symblinks from win2k on linux
> Content-Type: text/plain; charset=US-ASCII; format=flowed
> Mime-Version: 1.0 (Apple Message framework v552)
> Content-Transfer-Encoding: 7bit
> In-Reply-To: <002101c30cf2$c81f2890$7100a8c0@TICMLCCLAPTOP>
> Message-Id: <F1940900-7909-11D7-841D-0005023E4F7A@qinternet.com>
> X-Mailer: Apple Mail (2.552)
>
> Hello,
>
> While tinkering I came across a problem like yours, i am new to
"real"
> samba use, so don't get mad if I can't help...
>
> First...you want to make sure only select people can access a share...
> In the smb.conf where your shares are defined, use the valid user 
> option
>
> [share]
>
> 	valid users = joe mary mike ed
>
> I think! this will only allow those specified users to access the 
> share, even though they are logon though a PDC.
>
> The next item, not letting everyone see the share your trying to hide
>
> 	browsable = no
>
> Of course this makes it impossible for the "right" users to see
the
> share in Network Neighborhood, but this is all I know for now sorry!
>
> You can manually enter the share in the Explorer bar \\SERVER\SHARE 
> and get the share, auth though the PDC
>
> Logon scripts are available, but I don't know enough.
> Pick up "Using Samba" 2nd edition (Feb 2003 edition), it goes
over a
> little with scripting, otherwise it's a great book.
>
> hope this helped...?
>
> Steve O
>
>
> On Sunday, April 27, 2003, at 03:25  PM, dsomer wrote:
>
>> Hi,
>>
>> I am new to samba and Linux and need some help coming up with a 
>> solution to
>> a nerve racking problem.
>>
>>
>>
>> Here is what we are trying to do.
>>
>>
>>
>> Users log into an NT environment (accessing shares via samba running 
>> on
>> Linux/Aix).
>>
>> The user should only see and have access to the share(s) he/she has 
>> been
>> assigned to. Similar to Novell "map root" or symbolic links.
>>
>>
>>
>> Our issue is try to figure out a way to pass a remote call from the 
>> NT login
>> script running on the PDC or BDC to the AIX/ Linux file system to 
>> make the
>> necessary symbolic links for the user that just logged in.
>>
>> .
>>
>> If someone out there has already accomplished what we are trying to 
>> do or
>> know of how we can go about getting this done any and all information 
>> would
>> be greatly appreciated.
>>
>> Thanks in advance.
>> Lc
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
>

Yes.

Basically, a user will have a home dir and will also belong to certain
groups that have access to different shares. All of these share, including
their home dir/share will reside on Linux. (actual data store will be on a
emc san, file system will be Linux and samba servicing the shares to an
win2k users)


----- Original Message ----- 
From: "richard" <rcoates@bigpond.net.au>
To: "dsomer" <dsomer@attbi.com>
Sent: Monday, April 28, 2003 4:46 AM
Subject: Re: [Samba] general question - help creating a login script to pass
a RPC to create symblinks from win2k on linux

>
> On Mon, 2003-04-28 at 05:25, dsomer wrote:
>
> > The user should only see and have access to the share(s) he/she has
been
> > assigned to. Similar to Novell "map root" or symbolic links.
>
> do you mean the users linux home directory?
>
>
> >
> >
> > Our issue is try to figure out a way to pass a remote call from the NT
login
> > script running on the PDC or BDC to the AIX/ Linux file system to make
the
> > necessary symbolic links for the user that just logged in.
> >
> > .
> >
> > If someone out there has already accomplished what we are trying to do
or
> > know of how we can go about getting this done any and all information
would
> > be greatly appreciated.
> >
> > Thanks in advance.
> > Lc
>

Are you referring to books on samba/linux/aix or some docs on the web.
please give me some eg., that may point me in the right direction. Also, how
do you create the symbolic links on the linux/aix system? basically, when a
user logs into their account, the group membership is checked and
accordingly windows has to tell linux/aix to create these symbolic links for
this user. If the user gets added or removed from a group, the user logs out
and logs back in and automatically his/her mappings will change. keep in
mind the user should only see shares that he/she has access to. As you know,
the problem with windows and shares is that everyone can see other shares
(at least at the same level even though they may not have rights to those
shares. This is what we are trying to avoid from happening by using symbloic
links).

Thanks.

LC


----- Original Message ----- 
From: "richard" <rcoates@bigpond.net.au>
To: "dsomer" <dsomer@attbi.com>
Sent: Monday, April 28, 2003 10:18 PM
Subject: Re: [Samba] general question - help creating a login scriptto pass
a RPC to create symblinks from win2k on linux

> sounds straight forward...shares could be restricted based on group
> membership  "valid users = @groupname" in share definition. There
are
> many solutions, read up to get some ideas and problem work arounds.
> Richard Coates.
>
> On Mon, 2003-04-28 at 21:43, dsomer wrote:
> > Yes.
> >
> > Basically, a user will have a home dir and will also belong to certain
> > groups that have access to different shares. All of these share,
including
> > their home dir/share will reside on Linux. (actual data store will be
on
a
> > emc san, file system will be Linux and samba servicing the shares to
an
> > win2k users)
> >
> >
> > ----- Original Message ----- 
> > From: "richard" <rcoates@bigpond.net.au>
> > To: "dsomer" <dsomer@attbi.com>
> > Sent: Monday, April 28, 2003 4:46 AM
> > Subject: Re: [Samba] general question - help creating a login script
to
pass
> > a RPC to create symblinks from win2k on linux
> >
> >
> > >
> > > On Mon, 2003-04-28 at 05:25, dsomer wrote:
> > >
> > > > The user should only see and have access to the share(s)
he/she has
been
> > > > assigned to. Similar to Novell "map root" or
symbolic links.
> > >
> > > do you mean the users linux home directory?
> > >
> > >
> > > >
> > > >
> > > > Our issue is try to figure out a way to pass a remote call
from the
NT
> > login
> > > > script running on the PDC or BDC to the AIX/ Linux file
system to
make
> > the
> > > > necessary symbolic links for the user that just logged in.
> > > >
> > > > .
> > > >
> > > > If someone out there has already accomplished what we are
trying to
do
> > or
> > > > know of how we can go about getting this done any and all
information
> > would
> > > > be greatly appreciated.
> > > >
> > > > Thanks in advance.
> > > > Lc
> > >
>