Re: [Samba] Samba4 - mapping Network Drives based on Group membership
hi, sorry, but I didn't read the script. I asked myself:Why so complicated?. We also have a group based Security with ACLs, but we have one share and in it are the group-folders. So, all I have to do is, to tell samba not showing objects where the current process (user) have no permission to read/write. That works great, also I have the ability to map one drive per GPO. PS: at least this possibility is given also to you: a GPO per Group. Just my 2 cents of input. Greetings Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - mapping Network Drives based on Group membership
On Wed, 2013-03-20 at 11:16 -0700, Varoujan Avanessians wrote: Hi All I have a problem running a logon script to map network drives based on Group Membership. The script is a VBScript that resides in the netlogon share. It Works just fine when the logged in user is a Domain Admin but fails to get the Group information when logged in as a regular user. For example when I login as administrator who is a member of every Group (For test only all the requested Drives are mapped. When I login as testuser1 who is a member of HR Group say, only a Public drive is mapped and nothing else. This seems to be a permission issue querying Active Directory, and I have no idea on how to give users the permission to Query the AD in Samba4. Can anyone help? Are you running a domain provisioned with Samba 4.0.3 or later? If you are running a version earlier than Samba 4.0.3 then a bug in our ACL implementation would cause exactly this behaviour. We also corrected some default ACLs in the provision script provided with Samba 4.0.3. Also, you could evaluate group membership based on the user's tokenGroups attribute on the rootdse entry. This will catch recursive group memberships, and would not be subject to any ACL restrictions. (The downside for simple scripting is that binary SIDs are returned). Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - mapping Network Drives based on Group membership
Hi All I have a problem running a logon script to map network drives based on Group Membership. The script is a VBScript that resides in the netlogon share. It Works just fine when the logged in user is a Domain Admin but fails to get the Group information when logged in as a regular user. For example when I login as administrator who is a member of every Group (For test only all the requested Drives are mapped. When I login as testuser1 who is a member of HR Group say, only a Public drive is mapped and nothing else. This seems to be a permission issue querying Active Directory, and I have no idea on how to give users the permission to Query the AD in Samba4. Can anyone help? for reference here is the VBScript I use: On Error Resume Next Set objSysInfo = CreateObject(ADSystemInfo) Set objNetwork = CreateObject(Wscript.Network) strUserPath = LDAP:// objSysInfo.UserName Set objUser = GetObject(strUserPath) objNetwork.MapNetworkDrive Z:, \\10.100.1.128\Public For Each strGroup in objUser.MemberOf strGroupPath = LDAP:// strGroup Set objGroup = GetObject(strGroupPath) strGroupName = objGroup.CN Select Case strGroupName Case HR objNetwork.MapNetworkDrive N:, \\10.100.1.128\HR Case Engineering objNetwork.MapNetworkDrive y:, \\10.100.1.128\Engineering Case Payroll objNetwork.MapNetworkDrive M:, \\10.100.1.128\Payroll Case IT objNetwork.MapNetworkDrive O:, \\10.100.1.128\Data objNetwork.MapNetworkDrive X:, \\10.100.1.128\IT-APS End Select Next Thanks -- *Varouj (V.J.) Avanessians | Sr. Linux Sys Administrator | ACCO Engineered Systems* 6265 San Fernando Rd | Glendale, California | 91201- 2214 (818)-730-5846 Mobile | (818)-244-6571 Main* * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
