Processing Logon Scripts hosted on an NT PDC using Samba
Brian Keats
bkeats at spiff.chin.gc.ca
Mon May 8 19:17:23 GMT 2000
On Mon, 08 May 2000, James Sutherland wrote:
> On Tue, 9 May 2000, Brian Keats wrote:
>
> > Hi,
> > I have a question that I hope maybe someone on the technical list can
> > help answer. I'll first start by describing a setup of an NT controlled LAN.
> > Our NT lan is comprised of many sub-domains using WinNT as the PDC's and Win95
> > as the workstation of choice, although there are probably WinNT workstations as
> > well. The PDC's store the netlogon scripts for users according in file
> > structures determined by the different administrators choice. I.E. one user in
> > a different geographical location might have his netlogon script stored in
> > "West/sales/start.bat" and another in say something like
> > "Boston/West/marketing/market.bat". The point I'm trying to make here is that
> > the location and name of the script are not easily recreated using some of
> > samba's special variables (%u, %h ...). I have set up a samba server to serve
> > some machines on a private sub net and also have an interface on the NT
> > corporate LAN. The machines on the private lan are all WIN 95 machines. The
> > linux/samba machine was added to the NT domain (I believe as a workstation).
> > When users log on to machines on the private network, they are validated
> > against the NT PDC corretctly, can map drives, can access printers, etc. but
> > during the logon process I havent't been able to get the NT PDC to pass along
> > the login script it has stored to the samba machine to pass along to the
> > machines on the private LAN. My question is, is this possible ? If so, how
> > could I do this ? I've tried with 2.05a and also with 2.06, I'm now trying
> > with 2.07. I have tried with security=domain and also with security=server but
> > all with the same effect. Any ideas ?
>
> I'd suspect the simplest approach is to make the login scripts available
> as local files on the Samba machine, of the form /(somewhere)/(username).
> If you can get a simple listing of (username:script) path pairs out of the
> NT PDC, and smbmount a suitable share so the Samba box can reexport the
> scripts (are they world readable??), you can just run a Perl script to
> create symlinks between /(somewhere)/(username) and the real script.
>
> Better still, if you don't mind a delay between changes to the script on
> the NT machine and the change being reflected in the scripts served up by
> the Samba machine, you could just copy the scripts with a cron job. That
> way, if you sync other things like passwords, the Samba machine could
> allow logins even when the NT machine is offline.
>
>
> James.
Thanks for your reply James,
This appears to be a stumbling block, getting an up to date list of
(username:script) path pairs. I was hoping that somehow NT could pass this information along when it validates a username and
password (is it part of the validation structure ?). Once again, if NT would
pass along this info than I could do as you suggest, smbmount the netlogon
share on the PDC ! Of course, it would be nice if NT passes the script during
validation, maybe it does if the samba machine is playing the proper role (BDC,
WORKSTATION ????)
More information about the samba-technical
mailing list