Line 1: |
Line 1: |
| {{Languages}} | | {{Languages}} |
| + | <!-- here we define the contrib name variable --> |
| + | <!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--> |
| + | {{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }} |
| + | {{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }} |
| + | <!-- we define the language --> |
| + | {{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }} |
| + | {{Infobox contribs |
| + | |name={{#var:contribname}} |
| + | |image={{#var:contribname}}.jpg |
| + | |description_image= {{#var:contribname}} logo |
| + | |maintainer= Michael Doerner |
| + | |licence= GPL |
| + | |url= https://wiki.koozali.org |
| + | |category= Administration:File and Directory Access |
| + | |tags=logon,loginscript,samba |
| + | }} |
| + | |
| + | {{Note box| Please also see [[Loginscript]] }} |
| | | |
| | | |
Line 5: |
Line 23: |
| Christian Costa, Michael Doerner | | Christian Costa, Michael Doerner |
| [http://www.technologywise.co.nz TechnologyWise]<br> | | [http://www.technologywise.co.nz TechnologyWise]<br> |
| + | [mailto:stephdl@de-labrusse.fr stephdl] Stéphane de Labrusse AKA [[User:stephdl|Stephdl]]<br /> |
| | | |
| === Version === | | === Version === |
Line 15: |
Line 34: |
| | | |
| === Requirements === | | === Requirements === |
− | *SME Server 7.X (also tested on SME8.0 latest beta) | + | *SME Server 8.X, 9.X |
| | | |
| === Installation === | | === Installation === |
Line 37: |
Line 56: |
| Dec 8 19:19:59 admin logged into mdo027pc (WinXP) - 192.168.10.27 | | Dec 8 19:19:59 admin logged into mdo027pc (WinXP) - 192.168.10.27 |
| Jan 5 21:18:40 lena logged into mdo027pc (WinXP) - 192.168.10.27 | | Jan 5 21:18:40 lena logged into mdo027pc (WinXP) - 192.168.10.27 |
| + | |
| + | === Setup === |
| + | |
| + | After the installation you will find that there is a new item on the server-manager panel called I-bay letters. |
| + | It takes the user to a page that will display the list of I-bay names, descriptions, associated groups and a 4th column with a drop down option that allows a Windows drive letter to be associated with that I-bay. Once the settings are saved, a computer currently joined to the domain will map that drive letter to the I-bay if the user belongs to the I-bay group. |
| + | Right on the bottom of the list you can define the user's home folder (most likely H:). If you make any changes to the home drive you have to make sure you reload the Workgroup settings (which will restart Samba). |
| + | |
| + | |
| + | Further down, there is a list of all groups and descriptions followed by a column named "Custom Batch file". If the user clicks one of the links they can create a batch file that will be executed when a user belonging to that particular group logs in. |
| + | |
| + | The file is created under the /home/e-smith/files/samba/netlogon/custom folder. If the group is called 'all-users' a file 'all-users.bat' will be created under /home/e-smith/files/samba/netlogon/custom. |
| + | |
| + | In some situations it is required that a custom command is run for a particular user, in that case a file called 'username.bat' should be created under /home/e-smith/files/samba/netlogon/custom and it will be executed when that user logs in. |
| + | |
| + | === Linux client integration === |
| + | |
| + | In parallel with the Windows batch file generation, every time a user logs on, a custom .pam_mount.conf.xml is also freshly generated on the server. That is part of a (currently) Ubuntu client integration with SME Server (automatic home and shares mounting) to be similar to what Windows currently does for desktop domain membership. It uses a combination of pam_mount, pam_winbind and optionally NFS (roaming profiles-like functionality) on the client site. |
| + | |
| + | The (per user) generated .pam_mount.conf.xml files are located in /home/e-smith/files/samba/netlogon/users/<username> |
| + | |
| + | An example contents (the server name is crossed out): |
| + | |
| + | <?xml version="1.0" encoding="utf-8" ?> |
| + | <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> |
| + | <pam_mount> |
| + | <volume user="*" fstype="cifs" server="XXXXX" path="%(DOMAIN_USER)" mountpoint="~/win_home" options="nodev,nosuid"></volume> |
| + | <volume user="*" fstype="cifs" server="XXXXX" path="all-rooms" mountpoint="~/all-rooms" options="nodev,nosuid"></volume> |
| + | <volume user="*" fstype="cifs" server="XXXXX" path="encarta" mountpoint="~/encarta" options="nodev,nosuid"></volume> |
| + | <volume user="*" fstype="cifs" server="XXXXX" path="hyperstudio" mountpoint="~/hyperstudio" options="nodev,nosuid"></volume> |
| + | </pam_mount> |
| + | |
| + | The first <volume user> directive will mount the user's (Windows) home drive on the local Linux workstation under a folder "win_home". The others will mount just those server shares only that the user, due to his group memberships does have access to. |
| + | |
| + | Because this file is created on the fly with each user logon, a change in membership will have the same, immediate impact on the client site as it has for the user when he logs on to a Windows machine. |
| + | |
| + | |
| + | At the Linux client (only tested for Ubuntu yet): |
| + | |
| + | (from our internal Wiki): |
| + | |
| + | .. snip .. |
| + | |
| + | Setting up pam_mount |
| + | |
| + | pam_mount is a PAM module that can mount volumes for a user session. We're going to use it to mount the user's home drive and shares when he logs in. As for SME server, install the tw-logonscript package and things should work transparently. |
| + | |
| + | As a superuser, create a file /etc/security/pam_mount.conf.xml with the following contents (be careful with line wraps!): |
| + | |
| + | <?xml version="1.0" encoding="utf-8" ?> |
| + | <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> |
| + | <pam_mount> |
| + | <debug enable="0" /> |
| + | <msg-authpw>Password:</msg-authpw> |
| + | <volume user="*" fstype="cifs" server="XXXXX" path="netlogon/users/%(DOMAIN_USER)" mountpoint="~/.netlogon" options="uid=%(DOMAIN_USER),workgroup=WNAME"></volume> |
| + | <luserconf name=".netlogon/.pam_mount.conf.xml" /> |
| + | <logout wait="0" hup="0" term="0" kill="0" /> |
| + | <mkmountpoint enable="1" remove="false" /> |
| + | </pam_mount> |
| + | |
| + | You need to replace the server name (XXXX) and workgroup (WNAME) with your details. |
| + | |
| + | === Linux client mount point configuration === |
| + | |
| + | Configuration database settings are in: |
| + | |
| + | config show twlogonscript |
| + | |
| + | with the default settings as follows: |
| + | |
| + | twlogonscript=configuration |
| + | MountPointsPath=/mnt |
| + | UserHomeMountPointName=user_data |
| + | |
| + | To change the default mount for the various ibays to say a ''''network'''' directory in the users home directory, use: |
| + | |
| + | config setprop twlogonscript MountPointsPath '~/network' |
| + | |
| + | Similarly, configure a user '''home''' directory as follows: |
| + | |
| + | config setprop twlogonscript UserHomeMountPointName home |
| + | |
| + | Note that this home directory is mounted in the indicated '''MountPointsPath''' like in ''''~/network/home'''' |
| | | |
| === Uninstall === | | === Uninstall === |
Line 45: |
Line 146: |
| Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] | | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] |
| and select the smeserver-tw-logonscript component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-tw-logonscript|title=this link}} | | and select the smeserver-tw-logonscript component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-tw-logonscript|title=this link}} |
− | | + | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-tw-logonscript |noresultsmessage="No open bugs found."}} |
| ---- | | ---- |
| [[Category:Contrib]] | | [[Category:Contrib]] |
− | [[Category:Administration]] | + | [[Category:Administration:File and Directory Access]] |