RE: [Samba] Problem listing group membership from Windows

2005-06-07 Thread Paul Gienger 

  I planned using ifmember.exe from Windows 2000 resource kit to map the
 right
  drive-mappings to the right shares with logon-scripts. Unfortunately it
 seems
  as ifmember simply doesnt report the right groups for the users.

snip

 Are there any workaround when I can't use ifmember? I might use preexe to
 create
 a logon-script for each and every user, but that seems very cumbersome and
 hard-to-maintain.
 
 I'll buy you a beer if anyone can help me on this one :)

I also looked at ifmember for the login script, but after not too long, my
batch file looked like badly cooked spaghetti.  The solution I came up with
was to write a pre-exec on the profiles share (you could use it on netlogon,
but I have reasons) that creates a user-specific login script every time
somebody logs in.  Here are the relevant portions of the smb.conf:

[global]
logon script = %U.bat

[profiles]
root preexec = /local/scripts/unifiedPrelogon.pl '%U' '%I'


and a snippit from the login script.  There are some various things in here
that probably don't add up, I've removed some functions to get the essence
of what I'm doing here, but I left in the part about the profile dir
creation, that's my reason for using the profiles directory for the
pre-exec, this keeps me from having to make each user's profile dir.

#!/usr/bin/perl

use Net::LDAP;

$user = $ARGV[0];
$fromHost = $ARGV[1];

my ($profiledir)= /export/profiles/$user;
my ($loginScriptPath)   = /local/samba/netlogon;
my ($groups)= `/usr/bin/groups $user`;

#
##  Start to create the logon script   ##
#

open (LOGON,$loginScriptPath/$user.bat);
print LOGON [EMAIL PROTECTED] OFF\r\n;
print LOGON rem Passed args were:\r\n;
print LOGON rem user: $user\r\n;
print LOGON rem host: $fromHost\r\n;

#
##   Make sure that the profile environment is sane##
#
if ( $userSite eq $thisSite )
{
  if ( !-d $profiledir )
  {
mkdir($profiledir, oct(700));
$uid = getpwnam($user);
chown($uid, -1, $profiledir);
  }
}

#
## Start global drive setup##
#
print LOGON REM Global setup:\r\n;
print LOGON REM Delete old drives that may be hanging around\r\n;
print LOGON IF EXIST B: NET USE B: /delete\r\n;

if ( $groups =~ m/engserv/ )
{
  print LOGON NET USE L: bisserv\\engserv\r\n;
}
print LOGON rundll32 printui.dll,PrintUIEntry /in /n
\bisserv\\hp4500\ /r \bisserv\\hp4500\ /m \HP C LaserJet
4500-PS\ /z /q\r\n;

# clean up so we can get out and let things finish
close LOGON;









Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem listing group membership from Windows

2005-06-06 Thread rolf 

I planned using ifmember.exe from Windows 2000 resource kit to map the right
drive-mappings to the right shares with logon-scripts. Unfortunately it seems
as ifmember simply doesnt report the right groups for the users.

Even tho id user1 shows the right groups;
uid=2082(user1) gid=1002(Group1)roups=1002(Group1),545(Users),1000(Group0),

User is a member of group Elev\users.
User is a member of group \Everyone.
User is a member of group BUILTIN\Users.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
User is a member of group \LOCAL.

As you can see, only the local groups and the domain group users is displayed.

# net groupmap list
Domain Admins (S-1-5-21-1650503604-3559415045-1985522256-512) - Domain Admins
Domain Users (S-1-5-21-1650503604-3559415045-1985522256-513) - Domain Users
Domain Guests (S-1-5-21-1650503604-3559415045-1985522256-514) - Domain Guests
Administrators (S-1-5-21-1650503604-3559415045-1985522256-544) - Administrators
users (S-1-5-21-1650503604-3559415045-1985522256-545) - Users
Guests (S-1-5-21-1650503604-3559415045-1985522256-546) - Guests
Power Users (S-1-5-21-1650503604-3559415045-1985522256-547) - Power Users
Account Operators (S-1-5-21-1650503604-3559415045-1985522256-548) - Account
Operators
Server Operators (S-1-5-21-1650503604-3559415045-1985522256-549) - Server
Operators
Print Operators (S-1-5-21-1650503604-3559415045-1985522256-550) - Print
Operators
Backup Operators (S-1-5-21-1650503604-3559415045-1985522256-551) - Backup
Operators
Replicator (S-1-5-21-1650503604-3559415045-1985522256-552) - Replicator
Domain Computers (S-1-5-21-1650503604-3559415045-1985522256-553) - Domain
Computers
Group0 (S-1-5-21-1650503604-3559415045-1985522256-3001) - Group0
Group1 (S-1-5-21-1650503604-3559415045-1985522256-3003) - Group1
Group2 (S-1-5-21-1650503604-3559415045-1985522256-3005) - Group2
Group3 (S-1-5-21-1650503604-3559415045-1985522256-3007) - Group3
Group4 (S-1-5-21-1650503604-3559415045-1985522256-3009) - Group4
Group5 (S-1-5-21-1650503604-3559415045-1985522256-3011) - Group5
Group6 (S-1-5-21-1650503604-3559415045-1985522256-3013) - Group6
Group7 (S-1-5-21-1650503604-3559415045-1985522256-3015) - Group7
Group8 (S-1-5-21-1650503604-3559415045-1985522256-3017) - Group8

Samba version 3.0.10-0.1-SUSE

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem listing group membership from Windows

2005-06-06 Thread rolf 
Siterer [EMAIL PROTECTED]:


 I planned using ifmember.exe from Windows 2000 resource kit to map the right
 drive-mappings to the right shares with logon-scripts. Unfortunately it seems
 as ifmember simply doesnt report the right groups for the users.

 Even tho id user1 shows the right groups;
 uid=2082(user1) gid=1002(Group1)roups=1002(Group1),545(Users),1000(Group0),

 User is a member of group Elev\users.
 User is a member of group \Everyone.
 User is a member of group BUILTIN\Users.
 User is a member of group NT AUTHORITY\INTERACTIVE.
 User is a member of group NT AUTHORITY\Authenticated Users.
 User is a member of group \LOCAL.

[...]
Additional info:

add user script = ldapsmb -a -u %u
delete user script = /ldap/deluser %u
add group script = ldapsmb -a -g %g
delete group script = ldapsmb -d -g %g
add user to group script = ldapsmb -j -u %u -g %g
delete user from group script = ldapsmb -j -u %u -g %g
set primary group script = ldapsmb -m -u %u -gid %g

This is a LDAP-setup with an remote LDAP-server.
Are there any workaround when I can't use ifmember? I might use preexe to create
a logon-script for each and every user, but that seems very cumbersome and
hard-to-maintain.

I'll buy you a beer if anyone can help me on this one :)

Cheers
Rolf
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba