I am having a hard time figuring out how to have logon scripts that only execute if the user is a member of a certain group.We got around a problem like that here initially by using the ifmember tool, however that only returned the primary group, at the time that was under 2.2.x.
To get around THAT problem I started writing pre-exec scripts attached to the netlogon share. What I do is define this as netlogon:
[netlogon]
path = /opt/samba/share/netlogon
browseable = No
root preexec = /local/scripts/prelogon.pl '%U'Which then generates a script for the user with their name that has the commands that they need to run according to this global line:
logon script = %U.bat
In the script I do something like this:
$groups = `/usr/bin/groups $user`;
open (LOGON,">/opt/samba/share/netlogon/$user.bat");
if ( $groups =~ m/itadmin/ )
{
print LOGON "NET USE Q: \\\\fgoserv\\itadmin\r\n";
}That's perl in case you aren't fluent, but I imagine you could use any scripting language and probably do fun stuff like direct ldap queries if that's where you store your posix data, but this works well for us.
things in postexec scripts? (things like "net use /d *")I believe if you use the /persistant:no flag on your mounts then they won't come back when you log back in, but I could be wrong. That won't solve the problem of the users adding mapped drives that you don't want. For that reason I delete the drives first elsewhere in the script. The pre/post exec lines execute on the server, not the client, so they need to be unix scripts/commands, not windows batch executables.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
