Processing Logon Scripts hosted on an NT PDC using Samba

Brian Keats bkeats at spiff.chin.gc.ca
Mon May 8 19:17:23 GMT 2000 

On Mon, 08 May 2000, James Sutherland wrote:
> On Tue, 9 May 2000, Brian Keats wrote:
> 
> > Hi,
> > 	I have a question that I hope maybe someone on the technical list can
> > help answer.  I'll first start by describing a setup of an NT controlled LAN. 
> > Our NT lan is comprised of many sub-domains using WinNT as the PDC's and Win95
> > as the workstation of choice, although there are probably WinNT workstations as
> > well.  The PDC's store the netlogon scripts for users according in file
> > structures determined by the different administrators choice.  I.E. one user in
> > a different geographical location might have his netlogon script stored in
> > "West/sales/start.bat" and another in say something like
> > "Boston/West/marketing/market.bat".  The point I'm trying to make here is that
> > the location and name of the script are not easily recreated using some of
> > samba's special variables (%u, %h ...).  I have set up a samba server to serve
> > some machines on a private sub net and also have an interface on the NT
> > corporate LAN.  The machines on the private lan are all WIN 95 machines.  The
> > linux/samba machine was added to the NT domain (I believe as a workstation). 
> > When users log on to machines on the private network, they are validated
> > against the NT PDC corretctly, can map drives, can access printers, etc. but
> > during the logon process I havent't been able to get the NT PDC to pass along
> > the login script it has stored to the samba machine to pass along to the
> > machines on the private LAN.  My question is, is this possible ?  If so,  how
> > could I do this ?  I've tried with 2.05a and also with 2.06, I'm now trying
> > with 2.07. I have tried with security=domain and also with security=server but
> > all with the same effect.  Any ideas ?
> 
> I'd suspect the simplest approach is to make the login scripts available
> as local files on the Samba machine, of the form /(somewhere)/(username).
> If you can get a simple listing of (username:script) path pairs out of the
> NT PDC, and smbmount a suitable share so the Samba box can reexport the
> scripts (are they world readable??), you can just run a Perl script to
> create symlinks between /(somewhere)/(username) and the real script.
> 
> Better still, if you don't mind a delay between changes to the script on
> the NT machine and the change being reflected in the scripts served up by
> the Samba machine, you could just copy the scripts with a cron job. That
> way, if you sync other things like passwords, the Samba machine could
> allow logins even when the NT machine is offline.
> 
> 
> James.


Thanks for your reply James,
	This appears to be a stumbling block, getting an up to date list of
(username:script) path pairs.  I was hoping that somehow NT could pass this information along when it validates a username and
password (is it part of the validation structure ?).  Once again, if NT would
pass along this info than I could do as you suggest, smbmount the netlogon
share on the PDC ! Of course, it would be nice if NT passes the script during
validation, maybe it does if the samba machine is playing the proper role (BDC,
WORKSTATION ????)

More information about the samba-technical mailing list