Hello!
I am using Samba (2.2.7a) as PDC on Mandrake 9.1 and the clients are Windows 95 & 98 machines.
I have created 3 groups in Linux: "students", "teachers" and "smbadmin". When user logs on with his username and password (everyone has his individual user. and pass.), then according to the group to which he belongs to, logon script is being executed. (logon script = %g.bat)
Is it possible, to limit user permissions, what can they do and what cant, on the basis of groups, to which they belong to? "Students" and "teachers" for example would have disabled Control Panel, modifyed Start menu etc., while the users in "smbadmin" could use the system normaly if any changes (installing new programs & such) would be necessiry.
Any help would be very much appreciated
and i will post the whole thing in a ZIP file, when it will be finished and ready for use.
Here is also my smb.conf file (just global, netlogon, homes) and one logon script:
smb.conf
[global]
workgroup = dssl
server string = server
interfaces = 192.168.0.2/32
hosts allow = 192.168. 127.
client code page = 852
character set = ISO8859-2
security = user
os level = 256
domain logons = yes
local master = yes
domain master = yes
preferred master = yes
wins support = yes
dns proxy = yes
encrypt passwords = yes
passwd program = /usr/bin/passwd %u
smb passwd file = /etc/samba/smbpasswd
passwd chat = *new password* %n\n *new password* %n\n *success*
unix password sync = yes
logon script = %g.bat
logon home = \\%L\%U\.profile9x
logon path = \\%L\%U\.profilent
log level = 0
log file = /var/log/samba/%m.samba.log
max log size = 1000
debug timestamp = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
locking = no
hide dot files = yes
case sensitive = no
keepalive = 150
username level = 8
time server = yes
dos filetime resolution = yes
dos filetimes = yes
[netlogon]
comment = The domain logon service
path = /etc/samba/netlogon
public = no
writable = no
browsable = no
read only = no
create mask = 0777
admin users = @smbadmin
[homes]
comment = Od %u domac direktorij
browsable = no
valid users = %S
writable = yes
create mask = 0644
directory mask = 0775
valid users = @students @teachers @smbadmin
admin users = @smbadmin
Logon script (students.bat)
net time \\server /set /yes
net use m: /home
net use n: \\server\students
net use o: \\server\everyone