Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Mounting smb shares via novell login script.

71 views
Skip to first unread message

a...@novell.com

unread,
Nov 30, 2009, 5:25:32 PM11/30/09
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First, this is probably something better-handled in a forum for the client.

Second, this is may be best-handled by something like Novell SecureLogin.
It is a tool to provide single sign-on capabilities on a per-user bases
on workstations setup with the client and set to authenticate to eDirectory.

Third, keeping credentials in sync is the domain of Novell Identity
Manager and doing so should be able to keep your life nice and simple.

Good luck.

lagern wrote:
> I wasnt sure where to put this question.... This seems at least slightly
> related..
>
> I have the need to mount smb shares via a novell login script. This
> can be done via #net use ... in the login script. This works well, but
> in some cases, such as, cases where the local user's login credentials
> are not the same as what is stored in the smb server, the user is
> prompted for their password a second time. I'd like to avoid this.
>
> The server hosting smb is running samba, and it authenticates to LDAP,
> which replicates login credentials from eDirectory on our novell tree.
> So the login credentials for novell match what samba is expecting. The
> biggest problem is when it comes to a shared machine, or a machine
> running the mobile novell client.
>
> Is there a better way, or at least a way to pass the password entered
> at the novell login prompt to the net use command?
>
> Thanks!
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLFEZcAAoJEF+XTK08PnB5dQwQAKPUyIuTcDibrapsgxFxedfq
/YMAANSlaeLm5Ylm55C5AOGaHTOWqW/ezE7uKxMXBGqPys/oqsCK7WQqdM4bXQVI
wRxxM/sdgXJ8G6pSGx7PIQJNPj4xfJgZidCSHJfeUzI7ZdaXjJL76dzWY6q3wIaS
dzbSdMyuhvSE/Zb2bnrT0fJrlCAspGH3ujlartmTyzva/eGz5XKYWJyuJwpxa97K
ocaUmkfnM1vVejK8xZRd/YYMQoVemc0Co9GtGF/qcoWvp/+y4g7M0a2eRECRcGlF
90t5kYiPxyqJS2yGd1JX+EroZJ9DOCYQ4gJdr/zgg9itDEg76NZbzN7TVvM3/7KO
fSW52A+hpY6+F0yDmvtvxsfCeTetY9Uk04AgcVNnW5urstpbDif0rQxG/15qOJCK
MWcR95B0geMgbdHrNDXA4WX3Rnj7VYU4mQSI7TX8Xnjw1IfJRR2QzI2KheGa1a5q
WVRCae+fcZ7pbkHYzMJi1k9DcQajflF3QmVSpGtUZkCBdzVa9ycwuRTw//wn6s2v
LzTdlQZF100ZMzk7W+ZNdgdrSh3UGhrmrXHVblyLsDxz+JJcbDXnkHRJFXrDr1Ip
a6yRBxy0FBaYrBwGe0Lk5DSePnVMulc59CmcUx5g1MHHSMmcHEUW2eL3RhxyAaEt
3hHudLtyIE/vohA8BX8y
=WgpU
-----END PGP SIGNATURE-----

Ron Neilly

unread,
Dec 3, 2009, 4:13:13 PM12/3/09
to
lagern wrote:

>
> I wasnt sure where to put this question.... This seems at least slightly
> related..

I'd say it is mostly client related :-)


>
> I have the need to mount smb shares via a novell login script. This
> can be done via #net use ... in the login script. This works well, but
> in some cases, such as, cases where the local user's login credentials

"The local user"? So are you trying to say that the account that is used to
login to the local workstation is NOT the same as the account used to login
eDirectory? If that is the case then that would explain why the net use
command does not work. "Net use" is of course a Windows command and it knows
nothing of eDirectory accounts so there is no way that I know of to pass the
credentials from the eDir login to the "net use" command.

> are not the same as what is stored in the smb server, the user is
> prompted for their password a second time. I'd like to avoid this.
>
> The server hosting smb is running samba, and it authenticates to LDAP,
> which replicates login credentials from eDirectory on our novell tree.

"Replicates"? You mean that the samba server is using your eDir tree for
authentication via LDAP, right? Anyways it is a good thing to use LDAP to
access the eDir tree for authentication information. That means that we only
need to get the right info (username and password) from the client running
the 'net use' command. So we must focus our efforts on the client.

> So the login credentials for novell match what samba is expecting. The
> biggest problem is when it comes to a shared machine, or a machine
> running the mobile novell client.

So on a shared machine you have a mismatch between the logged in Windows
user account information and the eDirectory user account information - ie
the usernames are not the same. And again the problem is that the 'net use'
command uses the Windows credentials (username) and not the eDirectory
credentials.

>
> Is there a better way, or at least a way to pass the password entered
> at the novell login prompt to the net use command?
>

There are a few ways you can deal with this, and Identity Manager is not one
of them (sorry ab!).

1. Get Zenworks Desktop Management 7 so you can have Dynamic Local Users
(usually abbreviated to DLU). Then train your users to logout of the both
eDirectory and the Windows workstation. Then the next user of the shared
machine will login using the Novell Client (not the Windows Login client).
This will, via a properly setup DLU policy, ensure that the Windows account
and the eDirectory account are the same. This solution may require more of
your organization than it is worth in terms of the financial, operational
and training costs. Besides, users never do what you want....

2. Find some way of passing the eDirectory account info (username and
password) to the 'net use' command. Getting the username is easy as it is
one of the many % variables available for use in login script processing.
Search the Novell docs for 'login script variables'. I believe the one you
want (from memory) is %CN, or it may be %LOGIN. Of course the 'net use'
command accepts the -u: parameter to specify the username. Now the real
challenge would be to automagically get and pass on the user's eDir
password... That I do NOT have an answer for...maybe as ab says that would
be solved by the SecureLogin product.

Cheers,

Ron

> Thanks!
>
>

0 new messages