Port - Linux login script from AD netlogon share



  • I am working on a new end user infrastructure as the first project at my new job.

    Here is what it looks like thus far

    • two Samba4 DCs, one local and one in a colo. successfully syncing their databases and sysvols
    • a Samba4 file server, setup with xacls and all the good stuff to allow it to understand AD users and groups
    • two test machines, one linux (deb8) and one windows 7. both have been successfully joined to the domain and can log in as domain users.

    Here is where I am getting stuck

    I would like to write a cross platform login script which can be run on either linux or windows end user machine. I was thinking about doing this in python. Starting the script with an OS check, and then have two sections in the script, one for windows and one for linux.
    The problem is, I can't figure out how to have linux execute a script from the netlogon share on login. I was hoping it would be seemless, like windows, where you set the login script in the SMB.conf file at the global level, and on login it just gets executed. Doesn't appear to be that easy.

    I have considered the idea of having a script built into our linux image that will mount the netlogon share from one of our DCs on login and copy down the latest version of the login.py script and execute it locally, but I would prefer to not have to do that. For starters if I have to hard code the name of the DC it's going to download from it would decrease flexibility in the future (say if we had to retire one of our DCs).

    Any help you can provide would be EXTREMELY appreciated!

    TCS Taylor


  • Service Provider

    Why carry that Windows cruft over to Linux? What's the reason for that? And why one script for both instead of simpler ones for each?


  • Service Provider

    Part of the complexity is that Linux doesn't have a concept of a "login script". You have to kind of create this concept.


  • Service Provider

    Why do you want the Linux machines to pull from the Windows Netlogon location? That's a specifically Windows location. Why not put a Linux script in a more Linux-friendly location? You are trying to brute force a Windows tool onto Linux, but I don't see any "why".



  • Pinging for follow up.



  • @mlnews It looks as though he was able to find a solution on SW.


  • Service Provider

    Oh, I missed that you were cross posting :)



  • I ended up making my own solution. In case anyone is interested here is a link to the SW forum page.

    https://community.spiceworks.com/topic/1976560-linux-login-script-from-ad-netlogon-share?page=1

    @scottalanmiller - as for the "why", I wanted a lightweight, flexible, single point of management login script that was independent of OS.
    The single point of management is really the main reason.
    Also, keep in mind, I'm running Samba4. So the Netlogon share is actually on a linux box.

    Anywho, check out the link, it's actually a very simple setup and works very well :)

    TCS Taylor


  • Service Provider

    @TCSTaylor said in Port - Linux login script from AD netlogon share:

    The single point of management is really the main reason.
    Also, keep in mind, I'm running Samba4. So the Netlogon share is actually on a linux box.

    Works the same. So why use a very Windows-centric mechanism rather than a generic one? I want the same kinds of things for management, but that's why I used a neutral management system like Ansible or Salt for this rather than a Windows-only tool.

    Although for things that are unique to each OS, a single management tool is only so useful when things only apply to one thing or the other. When they are neutral there are tools meant specifically for that. Just not the netlogon scripts :)


  • Service Provider

    I guess my real question is... once you are detecting which OS is which, is it really a single point of management any longer? It might be all in one file, but it is just two different commands put into one text file. You still have to maintain both and verify functionality separate and so forth.



  • @scottalanmiller - Because the windows side works so simply, and I wanted to keep a single point of management. This is a very simple solution that works well for me, bully for you if you want to use a more complicated solution like Ansible.


  • Service Provider

    @TCSTaylor said in Port - Linux login script from AD netlogon share:

    ... bully for you if you want to use a more complicated solution like Ansible.

    Complicated? I'm using Salt so can't speak to Ansible. But I can tell you...complicated is the opposite of what it is. SO simple and easy. It's basically what you are trying to do here, but already done in a maintained way with broad support for lots of things you might want to do in the future.

    Avoiding the complications is exactly what I'm trying to do. I find it easier even only for Windows than things like Logon scripts most of the time. Getting cross-platform is just a bonus.



  • @scottalanmiller said in Port - Linux login script from AD netlogon share:

    Oh, I missed that you were cross posting :)

    Me too. I was about to congratulate @DustinB3403 on the new job. :-)


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.