Processing Logon Scripts hosted on an NT PDC using Samba
jas88 at cam.ac.uk
Mon May 8 17:59:53 GMT 2000
On Tue, 9 May 2000, Brian Keats wrote:
> I have a question that I hope maybe someone on the technical list can
> help answer. I'll first start by describing a setup of an NT controlled LAN.
> Our NT lan is comprised of many sub-domains using WinNT as the PDC's and Win95
> as the workstation of choice, although there are probably WinNT workstations as
> well. The PDC's store the netlogon scripts for users according in file
> structures determined by the different administrators choice. I.E. one user in
> a different geographical location might have his netlogon script stored in
> "West/sales/start.bat" and another in say something like
> "Boston/West/marketing/market.bat". The point I'm trying to make here is that
> the location and name of the script are not easily recreated using some of
> samba's special variables (%u, %h ...). I have set up a samba server to serve
> some machines on a private sub net and also have an interface on the NT
> corporate LAN. The machines on the private lan are all WIN 95 machines. The
> linux/samba machine was added to the NT domain (I believe as a workstation).
> When users log on to machines on the private network, they are validated
> against the NT PDC corretctly, can map drives, can access printers, etc. but
> during the logon process I havent't been able to get the NT PDC to pass along
> the login script it has stored to the samba machine to pass along to the
> machines on the private LAN. My question is, is this possible ? If so, how
> could I do this ? I've tried with 2.05a and also with 2.06, I'm now trying
> with 2.07. I have tried with security=domain and also with security=server but
> all with the same effect. Any ideas ?
I'd suspect the simplest approach is to make the login scripts available
as local files on the Samba machine, of the form /(somewhere)/(username).
If you can get a simple listing of (username:script) path pairs out of the
NT PDC, and smbmount a suitable share so the Samba box can reexport the
scripts (are they world readable??), you can just run a Perl script to
create symlinks between /(somewhere)/(username) and the real script.
Better still, if you don't mind a delay between changes to the script on
the NT machine and the change being reflected in the scripts served up by
the Samba machine, you could just copy the scripts with a cron job. That
way, if you sync other things like passwords, the Samba machine could
allow logins even when the NT machine is offline.
More information about the samba-technical