Topic: [ANNOUNCE] tw-logonscript

[chriscosta]

tw-logonscript is a contrib that will make it easier to integrate Windows/Linux clients to SME Server via logon script.

The list of features include:

- Custom perl logon script generator that will dynamically generate logon scripts based on the user's group permissions
- Server manager panel (I-bay letters) to control the I-bay and drive letter association
- Possibility to create additional per group or per user custom batch files
- Automatic per user .pam_mount.conf.xml generation. We've been successfully running a couple of Ubuntu workstations that automatically map shares that are consistent with what it would be on a Windows workstation. The setup is not trivial, at some stage I will publish further documentation explaining how to set up this integration. It won't affect the Windows part of the logon script.
- Log file at /var/log/netlogon.log that shows login times

Sep 15 11:3:53  user logged into computername (Win2K) - 192.168.2.10




So, in a nutshell, for each I-bay you can define the drive letter you want it to have under Windows. Let's suppose you have chosen the drive letter M: for the I-bay management and you have the management-group as the group allowed to read/write to it. All the users belonging to the management-group will automatically have that drive mapping when they log in.
If the group is set to Everyone, it will create that drive mapping for all users.

If you need the custom batch files, let's suppose you have a user called john and john needs to copy a set of files from another location.
- cd /home/e-smith/files/samba/netlogon/custom
- Create a file called john.bat, write it using the Windows batch syntax eg: copy M:\template.xls C:\%USERPROFILE%\Desktop
- run unix2dos john.bat
- Although the previous step is not mandatory I would still advise it

Next time user john logs in, this john.bat file will be executed. It will be run after all the other drive mappings are in place.
The same works for a particular group if you need it to, for example, have a special drive mapping (eg: net use M: \\anotherserver\someshare)

At some stage I plan to bring this whole process into the server manager as well. Since it's not required to often I've probably been too lazy to do so

If you are interested to test it you can download it from:

http://mail.tw.co.nz/contribs/tw-logonscript-1.3-1.noarch.rpm
http://mail.tw.co.nz/contribs/tw-logonscript-1.3-1.src.rpm

We've been developing and using it in production for several customers for more than 2 years now and it's been doing a pretty good job.

If you have any questions don't hesitate to ask me. Feedback will be highly appreciated.
At this stage, this RPM is only available in English but I'm keen to develop it further and make it  multi language.

Enjoy!

[Stefano]

Hi

sounds good but, just a curiosity, in what your contrib is different from smeserver-loginscript one?

anyway, please subscribe to dev's ML and to bugzilla.. IMHO your work is worth to be added to official contribs list.

I'm interested too in Ubuntu client integration so, please, share asap an howto

Thank you

Stefano

[chriscosta]

I've just installed smeserver-loginscript and had a look at it. At a first look it seems that it requires a little bit more of knowledge to set up than the one I've developed.
tw-logonscript will create a new item on the server manager called "I-bay Letters", where you have a table with I-bay name, group associated with it and the chance to choose the drive letter you want to associate with it.
smeserver-loginscript will be more flexible since you can also operate with machine names. But I would say that for the average user tw-logonscript would be easier to use; if you stick to the basics. There's also the Linux part. I still intend to make it smarter so that you can generate different "logon scripts" according to your needs (Linux, Macs...)

I will for sure subscribe to the dev's list and to bugzilla.

As for the Ubuntu integration I just need to tidy up the documentation and make it even more friendly. At the moment it's purely a set of steps but I would really like to add technical information as well so that people can understand what is actually happening. The solution we're using uses pam_winbind and pam_mount at the clients end. We also have a variation with "live" profiles, using NFS mounted home folders under it all.

I will try to get it out soon, I think there're lots of people interested in that.

[idp_qbn]

Has there been any progress with this? Any documentation?
I don't see it in the list of Contribs.
Looks very useful!
Cheers
Ian

[byte]

I don't see it in the list of Contribs.

Its now in the smecontribs repo as smeserver-tw-loginscript

[mdo]

Its now in the smecontribs repo as smeserver-tw-loginscript

It's actually named smeserver-tw-logonscript.

The latest version 1.3-13 is currently in smetest repository and that is the version that I would like to get into smecontribs repository. Christian, the author is on vacation for a few weeks. I will try to start on a Wiki document in the next few days.
Michael

[johannes.eichel]

Hallo,

I found this RPM on the contribs website. I was reading the documentation (http://wiki.contribs.org/Smeserver-tw-logonscript) and I would like more information about the pam_mount part.
I've been running a combination of SME 8 and Ubuntu desktops (about 20 in one site and 50 in another site) for about 3 months. In the beginning, I struggled a bit with the domain integration but now it seems things have settled. I would love to have a solution for mounting user shares and if you help me with that I would be most grateful.

Thanks,

Johannes

[mdo]

Hi Johannes

If you use the rpm (we use it for each installation), I will definitely improve the documentation. It might take a few days.
In return I would be curious to learn more details about your Linux client integrations

Michael

[fpausp]

Code: [Select]

In return I would be curious to learn more details about your Linux client integrations

Yes, I am also very interested about that. Johannes do you speak german ?

Best

[mdo]

If a discussion about this in German is easier, I am happy to do so but all suitable outcome (e.g. "Wiki worth") should be translated.
 
Michael

[mdo]

Johannes, fpausp

I have added more details in the Wiki as discussed.

If you have installed the rpm on your server(s), you already should see the generated .pam_mount.conf.xml files under
/home/e-smith/files/samba/netlogon/users/<username>

Because the name starts with a "." (dot), they are (intentionally) hidden files on the SME server and you need e.g.
ll -a /home/e-smith/files/samba/netlogon/users/<username> to show them.

If you look into these files on your server and watch for content changes when you change a user's group membership and after his next logon (even to a Windows desktop), that should give you some idea.

This hopefully helps for a start, otherwise come back here.
Michael