[Samba] netlogon problems

Matthew Easton v-vi at trugschluss.org
Thu Dec 8 07:25:29 GMT 2005


Pardon me if I misunderstand your post...
I think you want to present a logon script to the user based on her/ 
his group membership.
In other words, ( I surmise ) currently Fred gets an invitation to  
logon to finsvcs, but it will necessarily fail unless he is a member  
of the finance group.  So you want him to have a logon script that  
DOES NOT mount finsvcs share if he is not a member of finance.

I note that the "logon script" directive in you [global] settings has  
no value.  In a  small environment, you can make that
	logon script = /some/path/%u.bat
and give each user a unique logon script.  In a larger environment  
you want to control scripts by group membership---
check out http://lists.samba.org/archive/samba/2002-March/040656.html  
as an example of ways to control logon by group.

On Dec 4, 2005, at 12:19 PM, Eric Hines wrote:

> Folks,
>
> I'm trying to achieve control over who logs into a share according  
> to the group to which that person belongs, but with no luck.  I'm  
> running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one  
> subnet and an XP laptop on another subnet.  In all cases, the user,  
> instead of getting into his share transparently, gets invited to  
> log in, and then the login is rejected.  I've run the login.bat  
> from the Windows machines, and that also only gets access denied.   
> Share valid users is set to %G (%U lets the user in just fine, but  
> that's inadequate security).  Users get into their home directories  
> just fine.
>
> My login.bat is
> net time \\lserver0 /set /yes
> net use \\lserver0\accounts
> net use \\lserver0\finsvcs
> net use x: /home
> My [netlogon] share is
> [netlogon]
>         comment = Network logon service
>         path = /data/%U
>         valid users = %S
>         read only = No
>
> My [global] is
> [global]
>         workgroup = ASTRA_ENT
>         username map = /etc/samba/smbusers
>         syslog = 0
>         name resolve order = wins bcast hosts
>         printcap name = CUPS
>         show add printer wizard = No
>         add user script = /usr/sbin/useradd -m '%u'
>         delete user script = /usr/sbin/userdel -r '%u'
>         add group script = /usr/sbin/groupadd '%g'
>         delete group script = /usr/sbin/groupdel '%g'
>         add user to group script = /usr/sbin/groupmod -G '%g' '%u'
>         add machine script = /usr/sbin/useradd -s /bin/false -d / 
> var/lib/nobody '%u'
>         logon script = scripts\login.bat
>         logon path =
>         logon drive = X:
>         domain logons = Yes
>         preferred master = Yes
>         wins support = Yes
>         ldap ssl = no
>
> I've placed the login.bat file in the share accounts (\data 
> \accounts and /data/financials in this case), and I've placed the  
> login.bat file in each user's home directory.  Nothing has worked.
>
> I've been through the TOSHARG2 with no luck, and Googleing hasn't  
> brought me anything I recognized, either.  Any help would be  
> greatly appreciated.
>
> Eric Hines
>
>
>
> There is no nonsense so errant that it cannot be made the creed of  
> the vast majority by adequate governmental action.
>         --Bertrand Russell
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>



More information about the samba mailing list