5,576
edits
Changes
From SME Server
Jump to navigationJump to search→Maintainer
Christian Costa, Michael Doerner
Christian Costa, Michael Doerner
[http://www.technologywise.co.nz TechnologyWise]<br>
[http://www.technologywise.co.nz TechnologyWise]<br>
[mailto:stephdl@de-labrusse.fr stephdl] Stéphane de Labrusse AKA [[User:stephdl|Stephdl]]<br />
=== Version ===
=== Version ===
=== Requirements ===
=== Requirements ===
*SME Server 7.X (also tested on SME8.0 latest beta)
*SME Server 8.X, 9.X
=== Installation ===
=== Installation ===
=== Features ===
=== Features ===
*Manage shared server drives (ibays) via server-manager panel.
*Allocate drive mappings for Windows clients.
*Define custom batch files on a user and/or group basis.
*central logging for logons from Windows (and Linux) clients in "/var/log/netlogon.log' with time of logon, user, PC-name & IP, OS version. Here is an example:
Dec 5 13:44:55 admin logged into mdo005ts (WinXP) - 192.168.10.5
Dec 5 13:50:27 michael logged into mdo005ts (WinXP) - 192.168.10.5
Dec 8 19:19:59 admin logged into mdo027pc (WinXP) - 192.168.10.27
Jan 5 21:18:40 lena logged into mdo027pc (WinXP) - 192.168.10.27
=== Setup ===
After the installation you will find that there is a new item on the server-manager panel called I-bay letters.
It takes the user to a page that will display the list of I-bay names, descriptions, associated groups and a 4th column with a drop down option that allows a Windows drive letter to be associated with that I-bay. Once the settings are saved, a computer currently joined to the domain will map that drive letter to the I-bay if the user belongs to the I-bay group.
Right on the bottom of the list you can define the user's home folder (most likely H:). If you make any changes to the home drive you have to make sure you reload the Workgroup settings (which will restart Samba).
Further down, there is a list of all groups and descriptions followed by a column named "Custom Batch file". If the user clicks one of the links they can create a batch file that will be executed when a user belonging to that particular group logs in.
The file is created under the /home/e-smith/files/samba/netlogon/custom folder. If the group is called 'all-users' a file 'all-users.bat' will be created under /home/e-smith/files/samba/netlogon/custom.
In some situations it is required that a custom command is run for a particular user, in that case a file called 'username.bat' should be created under /home/e-smith/files/samba/netlogon/custom and it will be executed when that user logs in.
=== Linux client integration ===
In parallel with the Windows batch file generation, every time a user logs on, a custom .pam_mount.conf.xml is also freshly generated on the server. That is part of a (currently) Ubuntu client integration with SME Server (automatic home and shares mounting) to be similar to what Windows currently does for desktop domain membership. It uses a combination of pam_mount, pam_winbind and optionally NFS (roaming profiles-like functionality) on the client site.
The (per user) generated .pam_mount.conf.xml files are located in /home/e-smith/files/samba/netlogon/users/<username>
An example contents (the server name is crossed out):
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<volume user="*" fstype="cifs" server="XXXXX" path="%(DOMAIN_USER)" mountpoint="~/win_home" options="nodev,nosuid"></volume>
<volume user="*" fstype="cifs" server="XXXXX" path="all-rooms" mountpoint="~/all-rooms" options="nodev,nosuid"></volume>
<volume user="*" fstype="cifs" server="XXXXX" path="encarta" mountpoint="~/encarta" options="nodev,nosuid"></volume>
<volume user="*" fstype="cifs" server="XXXXX" path="hyperstudio" mountpoint="~/hyperstudio" options="nodev,nosuid"></volume>
</pam_mount>
The first <volume user> directive will mount the user's (Windows) home drive on the local Linux workstation under a folder "win_home". The others will mount just those server shares only that the user, due to his group memberships does have access to.
Because this file is created on the fly with each user logon, a change in membership will have the same, immediate impact on the client site as it has for the user when he logs on to a Windows machine.
At the Linux client (only tested for Ubuntu yet):
(from our internal Wiki):
.. snip ..
Setting up pam_mount
pam_mount is a PAM module that can mount volumes for a user session. We're going to use it to mount the user's home drive and shares when he logs in. As for SME server, install the tw-logonscript package and things should work transparently.
As a superuser, create a file /etc/security/pam_mount.conf.xml with the following contents (be careful with line wraps!):
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="0" />
<msg-authpw>Password:</msg-authpw>
<volume user="*" fstype="cifs" server="XXXXX" path="netlogon/users/%(DOMAIN_USER)" mountpoint="~/.netlogon" options="uid=%(DOMAIN_USER),workgroup=WNAME"></volume>
<luserconf name=".netlogon/.pam_mount.conf.xml" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="false" />
</pam_mount>
You need to replace the server name (XXXX) and workgroup (WNAME) with your details.
=== Linux client mount point configuration ===
Configuration database settings are in:
config show twlogonscript
with the default settings as follows:
twlogonscript=configuration
MountPointsPath=/mnt
UserHomeMountPointName=user_data
To change the default mount for the various ibays to say a ''''network'''' directory in the users home directory, use:
config setprop twlogonscript MountPointsPath '~/network'
Similarly, configure a user '''home''' directory as follows:
config setprop twlogonscript UserHomeMountPointName home
Note that this home directory is mounted in the indicated '''MountPointsPath''' like in ''''~/network/home''''
=== Uninstall ===
=== Uninstall ===
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
and select the smeserver-tw-logonscript component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-tw-logonscript|title=this link}}
and select the smeserver-tw-logonscript component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-tw-logonscript|title=this link}}
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-tw-logonscript |noresultsmessage="No open bugs found."}}
----
----
[[Category:Contrib]]
[[Category:Contrib]]
[[Category:Administration]]
[[Category:Administration:File and Directory Access]]
