NetLogon Service

Fri Mar 3 14:18:05 GMT 2000

Is it necessary to have the netlogon share be local, or would it be
permissible to mount (smbfs?) to another share that contains the login
scripts? Are there any inherent problems with this (besides the issue of not
being a true backup)?

Seth Thornberry
http://chaos.greeny.org/~deadpan
----- Original Message -----
From: Phil Mayers <p.mayers at ic.ac.uk>
To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
Sent: Friday, March 03, 2000 2:47 AM
Subject: Re: NetLogon Service

> The netlogon share must exist *on the domain controller* that you're
> logging in at the time.
>
> Cheers,
> Phil
>
> Brian Keats wrote:
> >
> > Thanks for the reply Chris,
> >         No, I don't have a netlogon share defined.  I was hoping I could
> > get away without doing that.  Our organization has a very large
> > distributed NT domain.  I was hoping I could get my Linux machine to
> > validate users and pass along whatever logon batch file the NT domain
> > admins have set up for each of their users, without me recreating or
also
> > storing their batch files on my linux machine.  So far, my linux machine
> > will validate users on the win95 machines even though they don't have an
> > entry in /etc/passwd on my linux machine !!! (Which suprised me). They
can
> > map shares and browse the network !!! I was also hoping the NT PDC/BDC
> > would also pass along the name and location of a users logon batch
> > file.  At one point, I copied all the hundreds of different batch files
> > complete with correct directory structure to my linux machine in placed
> > them in a netlogon path and also specified this root path in a netlogon
> > service on my linux machine. Still didn't get the batch file passed
along
> > to the client.  This is why I am wondering if I should be trying a newer
> > version.  I also tried with giving myself an /etc/passwd entry and
> > smbpasswd entry. I can see one way of doing it which would be creating
an
> > 'account' for each of the thousands of accounts and place a copy of each
> > batch file in a netlogon share (which would become a nightmare after a
> > short period of time because I would have to constantly and manually
> > syncronize my accounts with all the other PDC's in our enterprise). Not
to
> > mention how do I specify the correct batch if the NT domain guys are not
> > using something that can be substituted by a samba variable.  Such as
some
> > NT admins using a one of many geographically abbrev. for a batch
> > file. How would
> > that be represented in an smb.conf file ?
> >
> > Sorry for rambling on but I was curious if a newer samba version passes
> > along the name of the batch file to the authenticating machine (i.e the
> > Linux box) who in turn would check it's netlogon share and then pass
along
> > the appropriate batch file.
> >
> > Anyone have any ideas ?
> >
> > Regards
> > On Thu, 2 Mar 2000, Christopher Kings-Lynne wrote:
> >
> > > Do you definitely have a 'netlogon' share defined and the directive:
> > >
> > > logon script = %U.bat
> > >
> > > in your smb.conf?
> > >
> > > Chris
> > >
> > > --
> > > Christopher Kings-Lynne
> > > Family Health Network
> > > chriskl at familyhealth.com.au
> > >
> > >
> > > ----- Original Message -----
> > > From: Brian Keats <bkeats at spiff.chin.gc.ca>
> > > To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
> > > Sent: Thursday, March 02, 2000 12:58 AM
> > > Subject: NetLogon Service
> > >
> > >
> > > > Hi,
> > > > I realize this might not be the best place to post this message but
it
> > > > sure seems like there are a lot of knowledgable people on this list.
I am
> > > > currently using 2.05 as a member of an NT domain, with security =
domain,
> > > to
> > > > process domain logons for a handfull of Win95 machines.  The current
setup
> > > > works great for performing the logon service except that the
NetLogon
> > > service
> > > > doesn't work the way I was expecting it to.  This is just my
assumption on
> > > the
> > > > NT NetLogon service, but I assume during the process it passes along
the
> > > > netlogon batch file (for the sake of a better term) to the
requesting
> > > client to
> > > > process. I.E. %u.bat, or whatever.  I also assume that the correct
batch
> > > file
> > > > to pass along to the client is stored with username on the NT
PDC/BDC's.
> > > > Currently, users being validated by my samba server at not passed
along
> > > this
> > > > batch file, but are validated on the domain. I can issue a 'net use'
> > > command on
> > > > the client with success.  Is this a limitation of ver 2.05 and is
handled
> > > by
> > > > TNG or a later version of samba ?  Anyone have any further insight
as to
> > > how
> > > > the netlogon service works, or any suggestions as to what I should
try ?
> > > >
> > > >
> > > > Regards in advance
> > > > Brian Keats
> > > >
> > > >
> > > > P.S. Good luck with your holiday and new job Luke !
> > > >
> > > >
> > >
> > >