Marco Müller wrote:
> Hi i want to use my E-Smith Gateway as Domain Server for my
> Windows network and i have a question if i could make an login
> script as in WinNT where the clients get speciefied pathes for
> the Networkhdd´s?
>
> Thx
>
> Marco
In short, "yes". E-smith is (Brilliantly) designed to only accept SMB (Windows networking) requests on the inside network. Thus it is on its way to being the FIRST server of its kind where it is safe to put an SMB machine as a gateway machine. In it's out-of-the-box form it is somewhat vulnerable to packet spoofing but is easily modified to plug that hole. Whatever you do, DON'T put a REAL NT server Domain Controller as a gateway. ALL NT Domain Controllers in a multi-homed configuration can be breached!
E-smith uses SAMBA which does not have these weaknesses and can actually do MORE in a login script than NT can.
The place to put your scripts is in /home/netlogon and the default login script name is netlogon.bat. That's the basic way....
ADVANCED logon scripts (I know...gratuitous, but I hate on-line replies that raise more questions than they answer):
Synching Workstation Clocks
Things ALWAYS run smoother when your network hosts all have the same system time, so that is the first thing I place in the login script. This will work for both NT workstations and Win9x Workstations. E-Smith has an NTP server and an option to set your server's time with an internet time server. USE IT! It will avoid strange dates showing up on stored files saved by windows machines. Since e-smith is set to a precise time you can do the same to your workstations by adding the line,
NET TIME \
/SET /YES
to your login script, where "" is the name you chose for your server in the WORKGROUP panel in your e-smith manager.
Since I use e-smith EVERYWHERE on my development networks i really don’t have time to waste writing and RE-Writing login scripts to meet the needs of my users. so since you posted this in ADVANCED forum, i will show you how to make an "On The Fly" login script generator. THIS IS NOT endorsed by e-smith!!!! This is what I do and is just a suggestion....however I won't object if Charlie and company chose to use this in a future release.
First in the e-smith templates, edit the file “etce-smith emplatesetcsmb.conf60netlogonshare” so it looks like this:
[netlogon]
comment = On the fly creation of Logon script
root preexec = /usr/local/netlogon/logonscript.pl %U %M %m
root postexec = /usr/local/netlogon/logoutscript.pl %U %M %m
path = /usr/local/netlogon
guest ok = no
read only = no
locking = no
Yes…I know…it’s NOT pointing to “/home/netlogon”…this is because I take advantage of the PERL installation that comes with e-smith. So…yes…you guessed it…you have to create the directory on your e-smith server called “/usr/local/netlogon”
Now edit the file ““etce-smith emplatesetcsmb.conf50homes” and add the following lines to it:
; The following shares give all users access to the Server's CD drive,
; assuming it is mounted under /mnt/cdrom, and an ADMIN share like NT
[C$]
comment = Admin Share
path = /
read only = yes
oplocks = True
[cdrom]
comment = Linux CD-ROM
root preexec = /usr/local/netlogon/mountcd
root postexec = /usr/local/netlogon/umountcd
path = /mnt/cdrom
locking = no
Next we create the pair of shell scripts referred to in the [cdrom] section. Place these shell scripts (CHMOD them!) in the /usr/local/netlogon/ directory.
The mountcd script
#!/bin/sh
if test ! -e /usr/local/netlogon/cdmounted; then
mount /dev/cdrom /mnt/cdrom
touch /usr/local/netlogon/cdmounted
fi
The umountcd script
#!/bin/sh
if test -e /usr/local/netlogon/cdmounted ; then
umount /dev/cdrom
rm /usr/local/netlogon/cdmounted
fi
Who needs automounting?
Next we create the PERL Scripts in those directories. The first will be the LOGONSCRIPT. I have commented this, so you SHOULD (In theory) be able to just cut and paste it to a file…don’t forget to CHMOD it! In this example I use the server name E-SMITH, which is how it is set as default when you first install the e-smith server. I am using the made-up I-BAY names ARCHIVE and PROJECTS in this example and the made-up groups STAROFFICE and CDROM (With the cool shell script that mounts a cd!). Alter to suit your needs. I also update the DNS server with the REAL identity of the workstation as opposed to the “PC000x.e-smith…” format that the e-smith server uses… NOTE: you have to edit other files for this to work on a full time basis… I will not be covering that here, but it does not harm anything if the e-smith DHCP files remain intact.
Name this one logonscript.pl
#!/usr/bin/perl
##Constant that identifies the servername (saves alot of typing )
$server="E-SMITH";
$dns_domain="E-SMITH.Yourdomain.com";
##Open /etc/groups walk through until we find a line that matches our group name
##then check that line if it contains the username for which the script is being run
sub ingroup($)
{
my $group=shift;
my $result=0;
my $lcuser=lc($ARGV[0]);
open (FD," while ()
{
my $data=$_;
if ($data =~ /$group/)
{
if ($data =~ /$lcuser/)
{
$result=1;
last;
}
}
}
close FD;
return $result;
}
#Dynamic updates work only with BIND8!
sub add_dns_entry($$)
{
my ($ip, $name)=@_;
my @parray=split('.', $ip);
my $revip="$parray[3].$parray[2].$parray[1].$parray[0]";
open (FILE, ">/usr/local/netlogon/$ARGV[0].dns");
print FILE "update add $name.$dns_domain. 3600 IN A $ip
";
print FILE "update add $revip.in-addr.arpa. 3600 IN PTR $name.$dns_domain.
";
##This blank line is needed for nsupdate!!!
print FILE "
";
close FILE;
system("nsupdate /usr/local/netlogon/$ARGV[0].dns");
}
#################################################################
## Start to create the logon script ##
#################################################################
open (LOGON,">/usr/local/netlogon/$ARGV[0].bat");
##Map default drives that are used by everyone
##The double slashes are needed since perl interprets a single is a
##control character. So this leaves us with a syntax that is common with the
##smbclient as well
print LOGON "@ECHO OFF
";
#This is the time synching I discussed above
print LOGON "NET TIME \$server /SET /YES
";
#Mandatory map to keep netlogon connected during the whole session
print LOGON "NET USE Y: \$server\NETLOGON
";
print LOGON "NET USE H: /HOME
";
print LOGON "NET USE J: \$server\PROJECTS
";
print LOGON "NET USE G: \$server\ARCHIVE
";
##Map drives based upon group memberships
##The double slashes are needed since perl interprets a single as a
##control character
if (&ingroup("STAROFFICE")) {print LOGON "NET USE I: \$server\STAROFFICE
"};
if (&ingroup("cdrom")) {print LOGON "NET USE F: \$server\CDROM
"};
print LOGON "ECHO #################################################
";
print LOGON "ECHO Now seting up a dynamic DNS record with nsupdate
";
print LOGON "ECHO Machine ip = $ARGV[1]
";
print LOGON "ECHO Machine name = $ARGV[2]
";
print LOGON "ECHO -> Username = $ARGV[0]
<-";
print LOGON "ECHO #################################################
";
add_dns_entry($ARGV[1], $ARGV[0]);
close LOGON;
…and now our LOGOUT script! Name this one logoutscript.pl
#!/usr/bin/perl
my $dns_domain="E-SMITH.Yourdomain.com";
sub remove_dns_entry($$)
{
my ($ip, $name)=@_;
open (FILE, ">/usr/local/netlogon/$ARGV[0].dns");
my @parray=split('.', $ip);
my $revip="$parray[3].$parray[2].$parray[1].$parray[0]";
print FILE "update delete $name.$dns_domain A
";
print FILE "update delete $revip.in-addr.arpa. 3600 IN PTR $name.$dns_domain
";
##This blank line is needed for nsupdate!!!
print FILE "
";
close FILE;
system("nsupdate /usr/local/netlogon/$ARGV[0].dns");
}
##Remove old loginscript
system("rm /usr/local/netlogon/$ARGV[0].bat");
##remove dns entry
remove_dns_entry($ARGV[1], $ARGV[0]);
…and save them in /usr/local/netlogon/
You can also use the windows POLEDIT to place a CONFIG.POL file in this share too…this allows you to prevent cancelling the login screen and such.
Hope this was of use…I was bored and needed something to do…so I did this long-winded essay
E-mail me if you need any more help
-scott.