Difference between revisions of "Tw-logonscript"
Unnilennium (talk | contribs) m (Unnilennium moved page Smeserver-tw-logonscript to Tw-logonscript) |
Unnilennium (talk | contribs) |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Languages}} | {{Languages}} | ||
+ | <!-- here we define the contrib name variable --> | ||
+ | <!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--> | ||
+ | {{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }} | ||
+ | {{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }} | ||
+ | <!-- we define the language --> | ||
+ | {{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }} | ||
+ | {{Infobox contribs | ||
+ | |name={{#var:contribname}} | ||
+ | |image={{#var:contribname}}.jpg | ||
+ | |description_image= {{#var:contribname}} logo | ||
+ | |maintainer= Michael Doerner | ||
+ | |licence= GPL | ||
+ | |url= https://wiki.koozali.org | ||
+ | |category= Administration:File and Directory Access | ||
+ | |tags=logon,loginscript,samba | ||
+ | }} | ||
+ | |||
+ | {{Note box| Please also see [[Loginscript]] }} | ||
Line 128: | Line 146: | ||
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] | ||
and select the smeserver-tw-logonscript component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-tw-logonscript|title=this link}} | and select the smeserver-tw-logonscript component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-tw-logonscript|title=this link}} | ||
− | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-tw- | + | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-tw-logonscript |noresultsmessage="No open bugs found."}} |
---- | ---- | ||
[[Category:Contrib]] | [[Category:Contrib]] | ||
[[Category:Administration:File and Directory Access]] | [[Category:Administration:File and Directory Access]] |
Latest revision as of 21:42, 23 September 2022
tw-logonscript logo | |
Maintainer | Michael Doerner |
---|---|
Url | https://wiki.koozali.org |
Licence | GPL |
Category | |
Tags | logon, loginscript, samba |
Maintainer
Christian Costa, Michael Doerner
TechnologyWise
stephdl Stéphane de Labrusse AKA Stephdl
Version
Description
smeserver-tw-logonscript is a tool for easy, central administration of file server/Samba share drive mappings for Windows clients, either through a server-manager panel or via command-line
Requirements
- SME Server 8.X, 9.X
Installation
- install the rpm
yum --enablerepo=smecontribs install smeserver-tw-logonscript signal-event workgroup-update
Screenshots
(planned)
Features
- Manage shared server drives (ibays) via server-manager panel.
- Allocate drive mappings for Windows clients.
- Define custom batch files on a user and/or group basis.
- central logging for logons from Windows (and Linux) clients in "/var/log/netlogon.log' with time of logon, user, PC-name & IP, OS version. Here is an example:
Dec 5 13:44:55 admin logged into mdo005ts (WinXP) - 192.168.10.5 Dec 5 13:50:27 michael logged into mdo005ts (WinXP) - 192.168.10.5 Dec 8 19:19:59 admin logged into mdo027pc (WinXP) - 192.168.10.27 Jan 5 21:18:40 lena logged into mdo027pc (WinXP) - 192.168.10.27
Setup
After the installation you will find that there is a new item on the server-manager panel called I-bay letters. It takes the user to a page that will display the list of I-bay names, descriptions, associated groups and a 4th column with a drop down option that allows a Windows drive letter to be associated with that I-bay. Once the settings are saved, a computer currently joined to the domain will map that drive letter to the I-bay if the user belongs to the I-bay group. Right on the bottom of the list you can define the user's home folder (most likely H:). If you make any changes to the home drive you have to make sure you reload the Workgroup settings (which will restart Samba).
Further down, there is a list of all groups and descriptions followed by a column named "Custom Batch file". If the user clicks one of the links they can create a batch file that will be executed when a user belonging to that particular group logs in.
The file is created under the /home/e-smith/files/samba/netlogon/custom folder. If the group is called 'all-users' a file 'all-users.bat' will be created under /home/e-smith/files/samba/netlogon/custom.
In some situations it is required that a custom command is run for a particular user, in that case a file called 'username.bat' should be created under /home/e-smith/files/samba/netlogon/custom and it will be executed when that user logs in.
Linux client integration
In parallel with the Windows batch file generation, every time a user logs on, a custom .pam_mount.conf.xml is also freshly generated on the server. That is part of a (currently) Ubuntu client integration with SME Server (automatic home and shares mounting) to be similar to what Windows currently does for desktop domain membership. It uses a combination of pam_mount, pam_winbind and optionally NFS (roaming profiles-like functionality) on the client site.
The (per user) generated .pam_mount.conf.xml files are located in /home/e-smith/files/samba/netlogon/users/<username>
An example contents (the server name is crossed out):
<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> <pam_mount> <volume user="*" fstype="cifs" server="XXXXX" path="%(DOMAIN_USER)" mountpoint="~/win_home" options="nodev,nosuid"></volume> <volume user="*" fstype="cifs" server="XXXXX" path="all-rooms" mountpoint="~/all-rooms" options="nodev,nosuid"></volume> <volume user="*" fstype="cifs" server="XXXXX" path="encarta" mountpoint="~/encarta" options="nodev,nosuid"></volume> <volume user="*" fstype="cifs" server="XXXXX" path="hyperstudio" mountpoint="~/hyperstudio" options="nodev,nosuid"></volume> </pam_mount>
The first <volume user> directive will mount the user's (Windows) home drive on the local Linux workstation under a folder "win_home". The others will mount just those server shares only that the user, due to his group memberships does have access to.
Because this file is created on the fly with each user logon, a change in membership will have the same, immediate impact on the client site as it has for the user when he logs on to a Windows machine.
At the Linux client (only tested for Ubuntu yet):
(from our internal Wiki):
.. snip ..
Setting up pam_mount
pam_mount is a PAM module that can mount volumes for a user session. We're going to use it to mount the user's home drive and shares when he logs in. As for SME server, install the tw-logonscript package and things should work transparently.
As a superuser, create a file /etc/security/pam_mount.conf.xml with the following contents (be careful with line wraps!):
<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> <pam_mount> <debug enable="0" /> <msg-authpw>Password:</msg-authpw> <volume user="*" fstype="cifs" server="XXXXX" path="netlogon/users/%(DOMAIN_USER)" mountpoint="~/.netlogon" options="uid=%(DOMAIN_USER),workgroup=WNAME"></volume> <luserconf name=".netlogon/.pam_mount.conf.xml" /> <logout wait="0" hup="0" term="0" kill="0" /> <mkmountpoint enable="1" remove="false" /> </pam_mount>
You need to replace the server name (XXXX) and workgroup (WNAME) with your details.
Linux client mount point configuration
Configuration database settings are in:
config show twlogonscript
with the default settings as follows:
twlogonscript=configuration MountPointsPath=/mnt UserHomeMountPointName=user_data
To change the default mount for the various ibays to say a 'network' directory in the users home directory, use:
config setprop twlogonscript MountPointsPath '~/network'
Similarly, configure a user home directory as follows:
config setprop twlogonscript UserHomeMountPointName home
Note that this home directory is mounted in the indicated MountPointsPath like in '~/network/home'
Uninstall
If you want to remove the contrib, just run:
yum remove smeserver-tw-logonscript
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-tw-logonscript component or use this link
ID | Product | Version | Status | Summary |
---|---|---|---|---|
6006 | SME Contribs | 7.4 | CONFIRMED | Problem with defining the user's home folder. |