Netlogon Service for Win 9x Clients
Brian_Keats at pch.gc.ca
Brian_Keats at pch.gc.ca
Mon Feb 14 19:30:19 GMT 2000
Hi,
I currently have a few Win 95 machines residing on a private network being
routed to a non-private network by a linux 2.2.12 kernel with IP_MASQ and
IP_FORWARDING. Initially, I couldn't get NT DOMAIN logons to work through the
masqueraded linux box so I decided to try using Samba. After alot of reading
and configuring I've managed to have users validated on the NT DOMAIN whilst
they are behind this 'firewall' ! (At this point, you might ask yourself why am
I doing this ? The reason in a nutshell is these machines all belong in a
separate group which from time to time change between being on the internal NT
DOMAIN Lan and being on our external Public Internet connection) As I stated
earlier, I can get users validated (i.e. can logon) but the problem is I can't
get the Linux/Samba box to deliver the users logon batch file which resides on
the domain PDC/BDC's. My Linux box has been added to the domain successfully
and processes logon attempts correctly. The users batch files are administered
by the NT administrator for each workgroup and there trying to use something
like "logon path = \\%L\%U" or any other variable substitution will not work as
the naming schemes are different for each person, possibly ! (In other words
there is no standard being used to specifiy a path and batch file name to be
passed to the client and executed upon logon) I believe the path and batch
file name are entered on the NT side by adminstrator using User Manager for
Domains, or whatever. I am wondering if there is a way I can get the Samba
Server to look at the path and batch file name stored on the server and then
pass them along to the client. I did manage to create a NETLOGON share and copy
all the different batch files from the PDC to the Samba box but, short of
finding out what the path and batch file name is for each user and then creating
a local Samba account and then adding an smbpasswd entry to process the netlogon
request and also keeping this up to date, I'm curious as to if this can be done
?
I am using Samba ver. 2.05a and the smb.conf file is listed below, with network
numbers and such changed to protect the innocent ;-} .
Can anybody shed some light on how I can point the clients to use the
[netlogon] service provided by the PDC and not involve Samba except in the role
of say something like a proxy netlogon server ? If you feel like responding to
this could you also send a copy to my e-mail address as well as I've not
subscribed to the ntdom mailing list.
Regards in advance
Brian Keats
# Samba config file created using SWAT
# Date: 2000/02/14 09:42:13
# Global parameters
[global]
workgroup = ORG1
netbios name = MASQ-SERVER
server string = Samba Server
interfaces = 192.168.1.1/255.255.255.0
security = DOMAIN
encrypt passwords = Yes
password server = ORG1-INFO ORG1-INFO-01 ORG1-INFO-02
username map = /usr/lib/samba/private/usermap
log level = 3
log file = /var/log/samba.%m
max log size = 50
socket options = TCP_NODELAY
logon path =
logon home =
domain logons = Yes
os level = 55
preferred master = Yes
wins proxy = Yes
wins server = 129.15.60.62
remote announce = 129.15.45.255/ORG1
socket address = 192.168.1.1
guest ok = Yes
hosts allow = 192.168.1. 129.15.
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
print ok = Yes
browseable = No
[CDROM]
comment = Slow SCSI CDROM
path = /cdrom
#[NETLOGON]
# comment = Netlogon Path
# path = /usr/lib/samba/netlogon
# I initially added this to test the determine if the path and filename info was
being passed
# along and the client was trying to find the netlogon batch file on the Samba
server.
More information about the samba-ntdom
mailing list