[Samba] netlogon problems
Eric Hines
eehines at comcast.net
Fri Dec 9 01:43:02 GMT 2005
You have not misunderstood my post; I have mis-described my problem. The
logon script will not run until the user gets connected to his/her share on
the samba server, and I cannot get the user connected in the first place.
I have a better description of my problem (finally) under the thread
"[Samba] Share Connection Failure." Your points are valid, though, and I
will take them to heart when I get the point of getting connected so that
the logon script has a chance to run.
Do you have any advice on the basic connection problem?
Thanks
Eric Hines
At 12/08/05 01:25, Matthew Easton wrote:
>Pardon me if I misunderstand your post...
>I think you want to present a logon script to the user based on her/ his
>group membership.
>In other words, ( I surmise ) currently Fred gets an invitation to
>logon to finsvcs, but it will necessarily fail unless he is a member
>of the finance group. So you want him to have a logon script that
>DOES NOT mount finsvcs share if he is not a member of finance.
>
>I note that the "logon script" directive in you [global] settings has
>no value. In a small environment, you can make that
> logon script = /some/path/%u.bat
>and give each user a unique logon script. In a larger environment
>you want to control scripts by group membership---
>check out http://lists.samba.org/archive/samba/2002-March/040656.html
>as an example of ways to control logon by group.
>
>On Dec 4, 2005, at 12:19 PM, Eric Hines wrote:
>
>>Folks,
>>
>>I'm trying to achieve control over who logs into a share according
>>to the group to which that person belongs, but with no luck. I'm
>>running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one
>>subnet and an XP laptop on another subnet. In all cases, the user,
>>instead of getting into his share transparently, gets invited to
>>log in, and then the login is rejected. I've run the login.bat
>>from the Windows machines, and that also only gets access denied.
>>Share valid users is set to %G (%U lets the user in just fine, but
>>that's inadequate security). Users get into their home directories
>>just fine.
>>
>>My login.bat is
>>net time \\lserver0 /set /yes
>>net use \\lserver0\accounts
>>net use \\lserver0\finsvcs
>>net use x: /home
>>My [netlogon] share is
>>[netlogon]
>> comment = Network logon service
>> path = /data/%U
>> valid users = %S
>> read only = No
>>
>>My [global] is
>>[global]
>> workgroup = ASTRA_ENT
>> username map = /etc/samba/smbusers
>> syslog = 0
>> name resolve order = wins bcast hosts
>> printcap name = CUPS
>> show add printer wizard = No
>> add user script = /usr/sbin/useradd -m '%u'
>> delete user script = /usr/sbin/userdel -r '%u'
>> add group script = /usr/sbin/groupadd '%g'
>> delete group script = /usr/sbin/groupdel '%g'
>> add user to group script = /usr/sbin/groupmod -G '%g' '%u'
>> add machine script = /usr/sbin/useradd -s /bin/false -d /
>> var/lib/nobody '%u'
>> logon script = scripts\login.bat
>> logon path =
>> logon drive = X:
>> domain logons = Yes
>> preferred master = Yes
>> wins support = Yes
>> ldap ssl = no
>>
>>I've placed the login.bat file in the share accounts (\data \accounts and
>>/data/financials in this case), and I've placed the
>>login.bat file in each user's home directory. Nothing has worked.
>>
>>I've been through the TOSHARG2 with no luck, and Googleing hasn't
>>brought me anything I recognized, either. Any help would be
>>greatly appreciated.
>>
>>Eric Hines
>>
>>
>>
>>There is no nonsense so errant that it cannot be made the creed of
>>the vast majority by adequate governmental action.
>> --Bertrand Russell
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions: https://lists.samba.org/mailman/listinfo/samba
>>
There is no nonsense so errant that it cannot be made the creed of the vast
majority by adequate governmental action.
--Bertrand Russell
More information about the samba
mailing list