[Samba] netlogon problems
Eric Hines
eehines at comcast.net
Sat Dec 10 01:21:36 GMT 2005
Michael,
This does help, but only when I get to that point. As I gain further
understanding of my problem, it's that I can't get my users logged on in
the first place, so as to get to the point of needing to be able to run the
script.
A better description of my problem is in the thread "[Samba] Share
Connection Failure." Can you offer any help there?
Thanks
Eric Hines
At 12/09/05 08:47, Michael Barnes wrote:
>I just went through all this with my set up.
>
>First, insure the users have the desired group as their PRIMARY group in
>both NT groups and Unix groups. You can verify this by checking the
>/etc/passwd list and running 'pdbedit -Lv'. Change your [NETLOGON] entry
>to read 'path = /data/%g'. In your /data/ folder, create a login for
>each group, i.e. /data/finsvcs/scripts/login.bat;
>/data/accounts/scripts/login.bat; /data/others/scripts/login.bat; etc.
>Each login would reflect what you want for that group. For example:
>
>/data/finsvcs/scripts/login.bat:
>REM Login.bat for Financial Services Members
>net time \\lserver0 /set /yes
>net use m: \\lserver0\finsvcs
>net use x: /home
>
>HTH,
>Michael
>
>Eric Hines told me on 12/8/2005 19:43:
>>You have not misunderstood my post; I have mis-described my problem.
>>The logon script will not run until the user gets connected to his/her
>>share on the samba server, and I cannot get the user connected in the
>>first place.
>>I have a better description of my problem (finally) under the thread
>>"[Samba] Share Connection Failure." Your points are valid, though, and I
>>will take them to heart when I get the point of getting connected so that
>>the logon script has a chance to run.
>>Do you have any advice on the basic connection problem?
>>Thanks
>>Eric Hines
>>At 12/08/05 01:25, Matthew Easton wrote:
>>
>>>Pardon me if I misunderstand your post...
>>>I think you want to present a logon script to the user based on her/ his
>>>group membership.
>>>In other words, ( I surmise ) currently Fred gets an invitation to
>>>logon to finsvcs, but it will necessarily fail unless he is a member
>>>of the finance group. So you want him to have a logon script that
>>>DOES NOT mount finsvcs share if he is not a member of finance.
>>>
>>>I note that the "logon script" directive in you [global] settings has
>>>no value. In a small environment, you can make that
>>> logon script = /some/path/%u.bat
>>>and give each user a unique logon script. In a larger environment
>>>you want to control scripts by group membership---
>>>check out http://lists.samba.org/archive/samba/2002-March/040656.html
>>>as an example of ways to control logon by group.
>>>
>>>On Dec 4, 2005, at 12:19 PM, Eric Hines wrote:
>>>
>>>>Folks,
>>>>
>>>>I'm trying to achieve control over who logs into a share according
>>>>to the group to which that person belongs, but with no luck. I'm
>>>>running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one
>>>>subnet and an XP laptop on another subnet. In all cases, the user,
>>>>instead of getting into his share transparently, gets invited to
>>>>log in, and then the login is rejected. I've run the login.bat
>>>>from the Windows machines, and that also only gets access denied.
>>>>Share valid users is set to %G (%U lets the user in just fine, but
>>>>that's inadequate security). Users get into their home directories
>>>>just fine.
>>>>
>>>>My login.bat is
>>>>net time \\lserver0 /set /yes
>>>>net use \\lserver0\accounts
>>>>net use \\lserver0\finsvcs
>>>>net use x: /home
>>>>My [netlogon] share is
>>>>[netlogon]
>>>> comment = Network logon service
>>>> path = /data/%U
>>>> valid users = %S
>>>> read only = No
>>>>
>>>>My [global] is
>>>>[global]
>>>> workgroup = ASTRA_ENT
>>>> username map = /etc/samba/smbusers
>>>> syslog = 0
>>>> name resolve order = wins bcast hosts
>>>> printcap name = CUPS
>>>> show add printer wizard = No
>>>> add user script = /usr/sbin/useradd -m '%u'
>>>> delete user script = /usr/sbin/userdel -r '%u'
>>>> add group script = /usr/sbin/groupadd '%g'
>>>> delete group script = /usr/sbin/groupdel '%g'
>>>> add user to group script = /usr/sbin/groupmod -G '%g' '%u'
>>>> add machine script = /usr/sbin/useradd -s /bin/false -d /
>>>> var/lib/nobody '%u'
>>>> logon script = scripts\login.bat
>>>> logon path =
>>>> logon drive = X:
>>>> domain logons = Yes
>>>> preferred master = Yes
>>>> wins support = Yes
>>>> ldap ssl = no
>>>>
>>>>I've placed the login.bat file in the share accounts (\data \accounts
>>>>and /data/financials in this case), and I've placed the
>>>>login.bat file in each user's home directory. Nothing has worked.
>>>>
>>>>I've been through the TOSHARG2 with no luck, and Googleing hasn't
>>>>brought me anything I recognized, either. Any help would be
>>>>greatly appreciated.
>>>>
>>>>Eric Hines
>>>
>>>There is no nonsense so errant that it cannot be made the creed of the
>>>vast majority by adequate governmental action.
>>> --Bertrand Russell
More information about the samba
mailing list