On the mixed environment between Linux and Windows, sometimes we need to setup a Windows client Mapping Folder with the group member permission. Actually what is the logon script by group member used for ?
Logon script are a set of script, used for mapping folder or printer or to run certain application. It can be execute based on user name, group membership or without any permission and applicable for all user. Samba used a %u on the smb.conf configuration for user name permission membership and %g for group permission membership.
Setting up the mapping folder with Samba file server may need a few configuration changes but how if we need to make it on Samba PDC + OpenLDAP ? I found this problem while configuring Samba PDC + OpenLDAP on the mixed environment on a Windows-Linux migration project. The client-a company located at Jakarta-need a group membership permission to simplify their folder & printer mapping for each workstation, because all users divided into some department and each department has similar permissions
Below are the solution, using Samba PDC+OpenLDAP and Windows 2000 or Windows 2003 Resource Kit application : ifmember.
- Prepare a group entry for OpenLDAP database. Below is an example ldif file. I’m using vavai.ldif as ldif file name, don’t forget to adjust the SambaSID, domain name and group name with your setting. Accounting is an example group name, I used the last gid number as defined gid number
dn: cn=accounting,ou=Groups,dc=vavai,dc=com objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 517 cn: accounting sambaSID: S-1-5-21-4205329590-3768540535-3414456912-517 sambaGroupType: 2 displayName: accounting description: accounting
If you would prefer to use smbldap tools, the above ldif file same as the command below
smbldap-groupadd -a accounting
- Import the ldif file into OpenLDAP database
slapadd -v -l vavai.ldif -f /etc/openldap/slapd.conf
- Create a user and join to the group
smbldap-useradd -a -m vavai smbldap-passwd vavai smbldap-groupmod -m vavai accounting
- Change the smb.conf configuration, on the logon script field as below :
logon script = logon.bat
- Check your share configuration where your logon script should be reside
[netlogon] comment = Network Logon Service path = /data/samba/sysvol/vavai.com/scripts writeable = yes browseable = yes read only = no
The above configuration means that I must placed the logon script at the /data/samba/sysvol/vavai.com/scripts folder
- Download Windows Resource Kit ifmember.exe, install it on each Windows client (or placed it on a share folder so we can access it without copying the executable file in each client)
- Create your logon.bat, something like a script as below :
echo Execute bat file... ifmember.exe "vavai.com\accounting" if errorlevel 1 call accounting.bat ifmember.exe "vavai.com\purchasing if errorlevel 1 call purchasing.bat ifmember.exe "vavai.com\ppic" if errorlevel 1 call ppic.bat
- Don’t forget to create a group name.bat (as an example : accounting.bat) with your preferred script. My script will looks like below :
echo Mapping Network Drives to Samba Server... net use s: \\server-vavai\accounting net use p: \\server-vavai\public net use o: \\server-vavai\hrd
A long way to get a simple result ? If you have better solution, please share it on the comment form 
. Anyway, the above script solved my problem successfully.
Related Entries
