[Samba] Netlogon

Melvin Wong melvin at muvee.com
Wed Nov 3 08:21:10 GMT 2004

I've just configure my Samba 3.0.7 as a PDC with an LDAP-based backend. Everthing seems fine except that my logon.bat is unable to execute when my users login to their XP. If I manually run //bilbo/netlogon/logon.bat on XP, the script will run without any problems. Is this purely a samba problem or it is due to my ldap configuration? Do I need to include ntconfig.POL in the netlogon directory? If only someone can help as I cannot seem to find any solution. Below is my smb.conf file:

        workgroup = test
        netbios name = BILBO
        #interfaces =
        #username map = /etc/samba/smbusers
        #admin users= @"Domain Admins"
        server string = Samba Server %v
        security = user
        encrypt passwords = Yes
        min passwd length = 3
        obey pam restrictions = No
        ldap passwd sync = Yes
        #unix password sync = Yes
        passwd program = /usr/local/sbin/smbldap-passwd -u %u
        #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
        passwd chat = "Changing password for*\nNew password*" %n\n *success*
        passwd chat debug = Yes
        #ldap passwd sync = Yes
        log level = 2
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 100000
        name resolve order = wins bcast hosts
        time server = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        #mangling method = hash2
        Dos charset = 850
        Unix charset = ISO8859-1

        logon script = logon.bat
        logon drive = H:
        logon home =
        #logon path =
        logon path = \\%L\profiles\%u

        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        passdb backend = ldapsam:ldap://
        # passdb backend = ldapsam:"ldap:// ldap://slave.idealx.com"
        # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
        ldap admin dn = cn=Manager,dc=muvee,dc=com
        ldap suffix = dc=muvee,dc=com
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        #ldap idmap suffix = ou=Users
        ldap idmap suffix = ou=Idmap
        idmap backend = ldap:ldap://
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        map acl inherit = Yes
        #ldap ssl = start tls
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        ldap delete dn = Yes
        delete user script = /usr/local/sbin/smbldap-userdel "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/local/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
#locking = No

comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
nt acl support = Yes
hidden files=desktop.ini
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
hide files = /desktop.ini/
hide files = /var/lib/samba/profiles/*/Start\ Menu/Programs/Startup/desktop.ini

More information about the samba mailing list