On the mixed environment between Linux and Windows, sometimes we need to setup a Windows client Mapping Folder with the group member permission. Actually what is the logon script by group member used for ?
Logon script are a set of script, used for mapping folder or printer or to run certain application. It can be execute based on user name, group membership or without any permission and applicable for all user. Samba used a %u on the smb.conf configuration for user name permission membership and %g for group permission membership.
Setting up the mapping folder with Samba file server may need a few configuration changes but how if we need to make it on Samba PDC + OpenLDAP ? I found this problem while configuring Samba PDC + OpenLDAP on the mixed environment on a Windows-Linux migration project. The client-a company located at Jakarta-need a group membership permission to simplify their folder & printer mapping for each workstation, because all users divided into some department and each department has similar permissions
Below are the solution, using Samba PDC+OpenLDAP and Windows 2000 or Windows 2003 Resource Kit application : ifmember.
- Prepare a group entry for OpenLDAP database. Below is an example ldif file. I’m using vavai.ldif as ldif file name, don’t forget to adjust the SambaSID, domain name and group name with your setting. Accounting is an example group name, I used the last gid number as defined gid number
[code language=’cpp’]
dn: cn=accounting,ou=Groups,dc=vavai,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 517
cn: accounting
sambaSID: S-1-5-21-4205329590-3768540535-3414456912-517
sambaGroupType: 2
displayName: accounting
description: accounting
[/code]
If you would prefer to use smbldap tools, the above ldif file same as the command below
[code language=’cpp’]
smbldap-groupadd -a accounting
[/code] - Import the ldif file into OpenLDAP database
[code language=’cpp’]
slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf
[/code] - Create a user and join to the group
[code language=’cpp’]
smbldap-useradd -a -m vavai
smbldap-passwd vavai
smbldap-groupmod -m vavai accounting
[/code] - Change the smb.conf configuration, on the logon script field as below :
[code language=’cpp’]
logon script = logon.bat
[/code] - Check your share configuration where your logon script should be reside
[code language=’cpp’]
[netlogon]
comment = Network Logon Service
path = /data/samba/sysvol/vavai.com/scripts
writeable = yes
browseable = yes
read only = no
[/code]
The above configuration means that I must placed the logon script at the /data/samba/sysvol/vavai.com/scripts folder - Download Windows Resource Kit ifmember.exe, install it on each Windows client (or placed it on a share folder so we can access it without copying the executable file in each client)
- Create your logon.bat, something like a script as below  :
[code language=’cpp’]
echo Execute bat file…
ifmember.exe “vavai.comaccounting”
if errorlevel 1 call accounting.bat
ifmember.exe “vavai.compurchasing
if errorlevel 1 call purchasing.bat
ifmember.exe “vavai.comppic”
if errorlevel 1 call ppic.bat
[/code] - Don’t forget to create a  group name.bat (as an example : accounting.bat) with your preferred script. My script will looks like below :
[code language=’cpp’]
echo Mapping Network Drives to Samba Server…
net use s: \server-vavaiaccounting
net use p: \server-vavaipublic
net use o: \server-vavaihrd
[/code]
A long way to get a simple result ? If you have better solution, please share it on the comment form 🙂 . Anyway, the above script solved my problem successfully.
Salam kenal mas,
Jika kita migrasi ke samba, apakah kita bisa menjalankan sebuah script
VBS saat user login?
thanks
Yuan
Salam kenal mas,
Jika kita migrasi ke samba, apakah kita bisa menjalankan sebuah script
VBS saat user login?
thanks
Yuan