RE: [Samba] Problem listing group membership from Windows
I planned using ifmember.exe from Windows 2000 resource kit to map the right drive-mappings to the right shares with logon-scripts. Unfortunately it seems as ifmember simply doesnt report the right groups for the users. snip Are there any workaround when I can't use ifmember? I might use preexe to create a logon-script for each and every user, but that seems very cumbersome and hard-to-maintain. I'll buy you a beer if anyone can help me on this one :) I also looked at ifmember for the login script, but after not too long, my batch file looked like badly cooked spaghetti. The solution I came up with was to write a pre-exec on the profiles share (you could use it on netlogon, but I have reasons) that creates a user-specific login script every time somebody logs in. Here are the relevant portions of the smb.conf: [global] logon script = %U.bat [profiles] root preexec = /local/scripts/unifiedPrelogon.pl '%U' '%I' and a snippit from the login script. There are some various things in here that probably don't add up, I've removed some functions to get the essence of what I'm doing here, but I left in the part about the profile dir creation, that's my reason for using the profiles directory for the pre-exec, this keeps me from having to make each user's profile dir. #!/usr/bin/perl use Net::LDAP; $user = $ARGV[0]; $fromHost = $ARGV[1]; my ($profiledir)= /export/profiles/$user; my ($loginScriptPath) = /local/samba/netlogon; my ($groups)= `/usr/bin/groups $user`; # ## Start to create the logon script ## # open (LOGON,$loginScriptPath/$user.bat); print LOGON [EMAIL PROTECTED] OFF\r\n; print LOGON rem Passed args were:\r\n; print LOGON rem user: $user\r\n; print LOGON rem host: $fromHost\r\n; # ## Make sure that the profile environment is sane## # if ( $userSite eq $thisSite ) { if ( !-d $profiledir ) { mkdir($profiledir, oct(700)); $uid = getpwnam($user); chown($uid, -1, $profiledir); } } # ## Start global drive setup## # print LOGON REM Global setup:\r\n; print LOGON REM Delete old drives that may be hanging around\r\n; print LOGON IF EXIST B: NET USE B: /delete\r\n; if ( $groups =~ m/engserv/ ) { print LOGON NET USE L: bisserv\\engserv\r\n; } print LOGON rundll32 printui.dll,PrintUIEntry /in /n \bisserv\\hp4500\ /r \bisserv\\hp4500\ /m \HP C LaserJet 4500-PS\ /z /q\r\n; # clean up so we can get out and let things finish close LOGON; Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem listing group membership from Windows
I planned using ifmember.exe from Windows 2000 resource kit to map the right drive-mappings to the right shares with logon-scripts. Unfortunately it seems as ifmember simply doesnt report the right groups for the users. Even tho id user1 shows the right groups; uid=2082(user1) gid=1002(Group1)roups=1002(Group1),545(Users),1000(Group0), User is a member of group Elev\users. User is a member of group \Everyone. User is a member of group BUILTIN\Users. User is a member of group NT AUTHORITY\INTERACTIVE. User is a member of group NT AUTHORITY\Authenticated Users. User is a member of group \LOCAL. As you can see, only the local groups and the domain group users is displayed. # net groupmap list Domain Admins (S-1-5-21-1650503604-3559415045-1985522256-512) - Domain Admins Domain Users (S-1-5-21-1650503604-3559415045-1985522256-513) - Domain Users Domain Guests (S-1-5-21-1650503604-3559415045-1985522256-514) - Domain Guests Administrators (S-1-5-21-1650503604-3559415045-1985522256-544) - Administrators users (S-1-5-21-1650503604-3559415045-1985522256-545) - Users Guests (S-1-5-21-1650503604-3559415045-1985522256-546) - Guests Power Users (S-1-5-21-1650503604-3559415045-1985522256-547) - Power Users Account Operators (S-1-5-21-1650503604-3559415045-1985522256-548) - Account Operators Server Operators (S-1-5-21-1650503604-3559415045-1985522256-549) - Server Operators Print Operators (S-1-5-21-1650503604-3559415045-1985522256-550) - Print Operators Backup Operators (S-1-5-21-1650503604-3559415045-1985522256-551) - Backup Operators Replicator (S-1-5-21-1650503604-3559415045-1985522256-552) - Replicator Domain Computers (S-1-5-21-1650503604-3559415045-1985522256-553) - Domain Computers Group0 (S-1-5-21-1650503604-3559415045-1985522256-3001) - Group0 Group1 (S-1-5-21-1650503604-3559415045-1985522256-3003) - Group1 Group2 (S-1-5-21-1650503604-3559415045-1985522256-3005) - Group2 Group3 (S-1-5-21-1650503604-3559415045-1985522256-3007) - Group3 Group4 (S-1-5-21-1650503604-3559415045-1985522256-3009) - Group4 Group5 (S-1-5-21-1650503604-3559415045-1985522256-3011) - Group5 Group6 (S-1-5-21-1650503604-3559415045-1985522256-3013) - Group6 Group7 (S-1-5-21-1650503604-3559415045-1985522256-3015) - Group7 Group8 (S-1-5-21-1650503604-3559415045-1985522256-3017) - Group8 Samba version 3.0.10-0.1-SUSE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem listing group membership from Windows
Siterer [EMAIL PROTECTED]: I planned using ifmember.exe from Windows 2000 resource kit to map the right drive-mappings to the right shares with logon-scripts. Unfortunately it seems as ifmember simply doesnt report the right groups for the users. Even tho id user1 shows the right groups; uid=2082(user1) gid=1002(Group1)roups=1002(Group1),545(Users),1000(Group0), User is a member of group Elev\users. User is a member of group \Everyone. User is a member of group BUILTIN\Users. User is a member of group NT AUTHORITY\INTERACTIVE. User is a member of group NT AUTHORITY\Authenticated Users. User is a member of group \LOCAL. [...] Additional info: add user script = ldapsmb -a -u %u delete user script = /ldap/deluser %u add group script = ldapsmb -a -g %g delete group script = ldapsmb -d -g %g add user to group script = ldapsmb -j -u %u -g %g delete user from group script = ldapsmb -j -u %u -g %g set primary group script = ldapsmb -m -u %u -gid %g This is a LDAP-setup with an remote LDAP-server. Are there any workaround when I can't use ifmember? I might use preexe to create a logon-script for each and every user, but that seems very cumbersome and hard-to-maintain. I'll buy you a beer if anyone can help me on this one :) Cheers Rolf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba