NetLogon Service

Phil Mayers p.mayers at ic.ac.uk
Fri Mar 3 08:55:02 GMT 2000 

The netlogon share must exist *on the domain controller* that you're
logging in at the time.

Cheers,
Phil

Brian Keats wrote:
> 
> Thanks for the reply Chris,
>         No, I don't have a netlogon share defined.  I was hoping I could
> get away without doing that.  Our organization has a very large
> distributed NT domain.  I was hoping I could get my Linux machine to
> validate users and pass along whatever logon batch file the NT domain
> admins have set up for each of their users, without me recreating or also
> storing their batch files on my linux machine.  So far, my linux machine
> will validate users on the win95 machines even though they don't have an
> entry in /etc/passwd on my linux machine !!! (Which suprised me). They can
> map shares and browse the network !!! I was also hoping the NT PDC/BDC
> would also pass along the name and location of a users logon batch
> file.  At one point, I copied all the hundreds of different batch files
> complete with correct directory structure to my linux machine in placed
> them in a netlogon path and also specified this root path in a netlogon
> service on my linux machine. Still didn't get the batch file passed along
> to the client.  This is why I am wondering if I should be trying a newer
> version.  I also tried with giving myself an /etc/passwd entry and
> smbpasswd entry. I can see one way of doing it which would be creating an
> 'account' for each of the thousands of accounts and place a copy of each
> batch file in a netlogon share (which would become a nightmare after a
> short period of time because I would have to constantly and manually
> syncronize my accounts with all the other PDC's in our enterprise). Not to
> mention how do I specify the correct batch if the NT domain guys are not
> using something that can be substituted by a samba variable.  Such as some
> NT admins using a one of many geographically abbrev. for a batch
> file. How would
> that be represented in an smb.conf file ?
> 
> Sorry for rambling on but I was curious if a newer samba version passes
> along the name of the batch file to the authenticating machine (i.e the
> Linux box) who in turn would check it's netlogon share and then pass along
> the appropriate batch file.
> 
> Anyone have any ideas ?
> 
> Regards
> On Thu, 2 Mar 2000, Christopher Kings-Lynne wrote:
> 
> > Do you definitely have a 'netlogon' share defined and the directive:
> >
> > logon script = %U.bat
> >
> > in your smb.conf?
> >
> > Chris
> >
> > --
> > Christopher Kings-Lynne
> > Family Health Network
> > chriskl at familyhealth.com.au
> >
> >
> > ----- Original Message -----
> > From: Brian Keats <bkeats at spiff.chin.gc.ca>
> > To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
> > Sent: Thursday, March 02, 2000 12:58 AM
> > Subject: NetLogon Service
> >
> >
> > > Hi,
> > > I realize this might not be the best place to post this message but it
> > > sure seems like there are a lot of knowledgable people on this list.  I am
> > > currently using 2.05 as a member of an NT domain, with security = domain,
> > to
> > > process domain logons for a handfull of Win95 machines.  The current setup
> > > works great for performing the logon service except that the NetLogon
> > service
> > > doesn't work the way I was expecting it to.  This is just my assumption on
> > the
> > > NT NetLogon service, but I assume during the process it passes along the
> > > netlogon batch file (for the sake of a better term) to the requesting
> > client to
> > > process. I.E. %u.bat, or whatever.  I also assume that the correct batch
> > file
> > > to pass along to the client is stored with username on the NT PDC/BDC's.
> > > Currently, users being validated by my samba server at not passed along
> > this
> > > batch file, but are validated on the domain. I can issue a 'net use'
> > command on
> > > the client with success.  Is this a limitation of ver 2.05 and is handled
> > by
> > > TNG or a later version of samba ?  Anyone have any further insight as to
> > how
> > > the netlogon service works, or any suggestions as to what I should try ?
> > >
> > >
> > > Regards in advance
> > > Brian Keats
> > >
> > >
> > > P.S. Good luck with your holiday and new job Luke !
> > >
> > >
> >
> >

More information about the samba-ntdom mailing list