Tw-logonscript

From SME Server
Revision as of 07:48, 29 November 2010 by Mdo (talk | contribs) (→‎Setup)
Jump to navigationJump to search



Maintainer

Christian Costa, Michael Doerner TechnologyWise

Version

Contrib 10:
Contrib 9:
smeserver-tw-logonscript
The latest version of smeserver-tw-logonscript is available in the SME repository, click on the version number(s) for more information.


Description

smeserver-tw-logonscript is a tool for easy, central administration of file server/Samba share drive mappings for Windows clients, either through a server-manager panel or via command-line

Requirements

  • SME Server 7.X (also tested on SME8.0 latest beta)

Installation

  • install the rpm
yum --enablerepo=smecontribs install smeserver-tw-logonscript
signal-event workgroup-update

Screenshots

(planned)

Features

  • Manage shared server drives (ibays) via server-manager panel.
  • Allocate drive mappings for Windows clients.
  • Define custom batch files on a user and/or group basis.
  • central logging for logons from Windows (and Linux) clients in "/var/log/netlogon.log' with time of logon, user, PC-name & IP, OS version. Here is an example:
Dec 5 13:44:55  admin logged into mdo005ts (WinXP) - 192.168.10.5
Dec 5 13:50:27  michael logged into mdo005ts (WinXP) - 192.168.10.5
Dec 8 19:19:59  admin logged into mdo027pc (WinXP) - 192.168.10.27
Jan 5 21:18:40  lena logged into mdo027pc (WinXP) - 192.168.10.27

Setup

After the installation you will find that there is a new item on the server-manager panel called I-bay letters. It takes the user to a page that will display the list of I-bay names, descriptions, associated groups and a 4th column with a drop down option that allows a Windows drive letter to be associated with that I-bay. Once the settings are saved, a computer currently joined to the domain will map that drive letter to the I-bay if the user belongs to the I-bay group. Right on the bottom of the list you can define the user's home folder (most likely H:). If you make any changes to the home drive you have to make sure you reload the Workgroup settings (which will restart Samba).


Further down, there is a list of all groups and descriptions followed by a column named "Custom Batch file". If the user clicks one of the links they can create a batch file that will be executed when a user belonging to that particular group logs in.

The file is created under the /home/e-smith/files/samba/netlogon/custom folder. If the group is called 'all-users' a file 'all-users.bat' will be created under /home/e-smith/files/samba/netlogon/custom.

In some situations it is required that a custom command is run for a particular user, in that case a file called 'username.bat' should be created under /home/e-smith/files/samba/netlogon/custom and it will be executed when that user logs in.

Linux client integration

In parallel with the Windows batch file generation, every time a user logs on, a custom .pam_mount.conf.xml is also freshly generated on the server. That is part of a (currently) Ubuntu client integration with SME Server (automatic home and shares mounting) to be similar to what Windows currently does for desktop domain membership. It uses a combination of pam_mount, pam_winbind and optionally NFS (roaming profiles-like functionality) on the client site.

The (per user) generated .pam_mount.conf.xml files are located in /home/e-smith/files/samba/netlogon/users/<username>

An example contents (the server name is crossed out):

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<volume user="*" fstype="cifs" server="XXXXX" path="%(DOMAIN_USER)" mountpoint="~/win_home" options="nodev,nosuid"></volume>
<volume user="*" fstype="cifs" server="XXXXX" path="all-rooms" mountpoint="~/all-rooms" options="nodev,nosuid"></volume>
<volume user="*" fstype="cifs" server="XXXXX" path="encarta" mountpoint="~/encarta" options="nodev,nosuid"></volume>
<volume user="*" fstype="cifs" server="XXXXX" path="hyperstudio" mountpoint="~/hyperstudio" options="nodev,nosuid"></volume>
</pam_mount>

The first <volume user> directive will mount the user's (Windows) home drive on the local Linux workstation under a folder "win_home". The others will mount just those server shares only that the user, due to his group memberships does have access to.

Because this file is created on the fly with each user logon, a change in membership will have the same, immediate impact on the client site as it has for the user when he logs on to a Windows machine.


Uninstall

If you want to remove the contrib, just run:

yum remove smeserver-tw-logonscript

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-tw-logonscript component or use this link