[Samba] SAMBA-LDAP and variable substition

werner maes werner.maes at cc.kuleuven.ac.be
Wed Jun 26 07:47:02 GMT 2002


At 15:37 26/06/2002, you wrote:
>Hi,
>
>werner maes wrote:
> >
> > >Have you looked into the logfiles ?
> > >Are you sure, that samba does variable substition
> > >on the value it gets from LDAP ?
> >
> > samba gets this (as found in the logfile):
> >
> > [2002/06/26 12:37:15, 2] passdb/pdb_ldap.c:get_single_attribute(360)
> >    get_single_attribute: [scriptPath] = [scripts\%m.bat]
>
>Yes, and it seems not to be substituted.
>Has it ever been substituded or is it a behaviour
>you'd like to have ?

I would it to be substituted to scripts\pc498.bat for example.

>
> > >Why don't you use logon script = scripts\%m\pc.bat ?
> > >
> > >This will do it too ...
> > >
> > >You can do anything with the "logon script"-entry ,
> > >specifying per user and per machine and per OS !!!
> > >
> > >example :
> > >
> > >logon script scripts\%m\%u\%a\pc.bat
> > >
> > >If xou're using Winxp, user is werner, machine is mymachine
> > >it would be :
> > >
> > >logon script scripts\mymachine\werner\win2K\pc.bat
> > Because %m is NOT translated to a machinename when this variable is stored
> > in the scriptPath variable in LDAP. That's the whole problem !
>
>Why not forgetting scriptpath in LDAP and letting samba do
>the
>whole substitution ?
>
> > And for Win2000-WinXP you must use this variable.
>
>You mean scriptpath in LDAP ?
>I'm using W2k without an it works.
>
>Another solution is to use
>"root preexec" in netlogon.
>The script called there has access to all %-Variables and
>can generate a suitable logon-script ..
>That's what i do ...
>
> > Or are you having a configuration with Samba and LDAP authentication where
> > the Win2000 clients use the "logon script" parameter?
>
>Yes i have.
>You should give it the whole path of the script.

Well, I'm quite willing to forget scriptPath in LDAP as long as it works. 
But for now it doesn't work for my WinXP Pro client.

[netlogon]
         path = /home/netlogon
         browseable = No
logon script = scripts\%m.bat (relative path to the [netlogon] share)

What do you mean with "the whole path" of the script? The path for the 
logon script must be relative to the netlogon share.
So you have no scriptPath in LDAP defined for any user or computer account.

Well, EUREKA, I deleted the scriptPath attribute and it seems to work :) 
Further tests will follow. Will keep you informed.

So, problem stays that this attribute is not variable substituted.

Werner





More information about the samba mailing list