[Samba] netlogon problems

Eric Hines eehines at comcast.net
Sat Dec 10 01:21:36 GMT 2005 

Michael,

This does help, but only when I get to that point.  As I gain further 
understanding of my problem, it's that I can't get my users logged on in 
the first place, so as to get to the point of needing to be able to run the 
script.

A better description of my problem is in the thread "[Samba] Share 
Connection Failure."  Can you offer any help there?

Thanks

Eric Hines

At 12/09/05 08:47, Michael Barnes wrote:
>I just went through all this with my set up.
>
>First, insure the users have the desired group as their PRIMARY group in 
>both NT groups and Unix groups.  You can verify this by checking the 
>/etc/passwd list and running 'pdbedit -Lv'.  Change your [NETLOGON] entry 
>to read 'path = /data/%g'.  In your /data/ folder, create a login  for 
>each group, i.e. /data/finsvcs/scripts/login.bat; 
>/data/accounts/scripts/login.bat; /data/others/scripts/login.bat; etc.
>Each login would reflect what you want for that group. For example:
>
>/data/finsvcs/scripts/login.bat:
>REM Login.bat for Financial Services Members
>net time \\lserver0 /set /yes
>net use m: \\lserver0\finsvcs
>net use x: /home
>
>HTH,
>Michael
>
>Eric Hines told me on 12/8/2005 19:43:
>>You have not misunderstood my post; I have mis-described my problem.
>>The logon script will not run until the user gets connected to his/her 
>>share on the samba server, and I cannot get the user connected in the 
>>first place.
>>I have a better description of my problem (finally) under the thread 
>>"[Samba] Share Connection Failure."  Your points are valid, though, and I 
>>will take them to heart when I get the point of getting connected so that 
>>the logon script has a chance to run.
>>Do you have any advice on the basic connection problem?
>>Thanks
>>Eric Hines
>>At 12/08/05 01:25, Matthew Easton wrote:
>>
>>>Pardon me if I misunderstand your post...
>>>I think you want to present a logon script to the user based on her/ his 
>>>group membership.
>>>In other words, ( I surmise ) currently Fred gets an invitation to
>>>logon to finsvcs, but it will necessarily fail unless he is a member
>>>of the finance group.  So you want him to have a logon script that
>>>DOES NOT mount finsvcs share if he is not a member of finance.
>>>
>>>I note that the "logon script" directive in you [global] settings has
>>>no value.  In a  small environment, you can make that
>>>         logon script = /some/path/%u.bat
>>>and give each user a unique logon script.  In a larger environment
>>>you want to control scripts by group membership---
>>>check out http://lists.samba.org/archive/samba/2002-March/040656.html
>>>as an example of ways to control logon by group.
>>>
>>>On Dec 4, 2005, at 12:19 PM, Eric Hines wrote:
>>>
>>>>Folks,
>>>>
>>>>I'm trying to achieve control over who logs into a share according
>>>>to the group to which that person belongs, but with no luck.  I'm
>>>>running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one
>>>>subnet and an XP laptop on another subnet.  In all cases, the user,
>>>>instead of getting into his share transparently, gets invited to
>>>>log in, and then the login is rejected.  I've run the login.bat
>>>>from the Windows machines, and that also only gets access denied.
>>>>Share valid users is set to %G (%U lets the user in just fine, but
>>>>that's inadequate security).  Users get into their home directories
>>>>just fine.
>>>>
>>>>My login.bat is
>>>>net time \\lserver0 /set /yes
>>>>net use \\lserver0\accounts
>>>>net use \\lserver0\finsvcs
>>>>net use x: /home
>>>>My [netlogon] share is
>>>>[netlogon]
>>>>         comment = Network logon service
>>>>         path = /data/%U
>>>>         valid users = %S
>>>>         read only = No
>>>>
>>>>My [global] is
>>>>[global]
>>>>         workgroup = ASTRA_ENT
>>>>         username map = /etc/samba/smbusers
>>>>         syslog = 0
>>>>         name resolve order = wins bcast hosts
>>>>         printcap name = CUPS
>>>>         show add printer wizard = No
>>>>         add user script = /usr/sbin/useradd -m '%u'
>>>>         delete user script = /usr/sbin/userdel -r '%u'
>>>>         add group script = /usr/sbin/groupadd '%g'
>>>>         delete group script = /usr/sbin/groupdel '%g'
>>>>         add user to group script = /usr/sbin/groupmod -G '%g' '%u'
>>>>         add machine script = /usr/sbin/useradd -s /bin/false -d / 
>>>> var/lib/nobody '%u'
>>>>         logon script = scripts\login.bat
>>>>         logon path =
>>>>         logon drive = X:
>>>>         domain logons = Yes
>>>>         preferred master = Yes
>>>>         wins support = Yes
>>>>         ldap ssl = no
>>>>
>>>>I've placed the login.bat file in the share accounts (\data \accounts 
>>>>and /data/financials in this case), and I've placed the
>>>>login.bat file in each user's home directory.  Nothing has worked.
>>>>
>>>>I've been through the TOSHARG2 with no luck, and Googleing hasn't
>>>>brought me anything I recognized, either.  Any help would be
>>>>greatly appreciated.
>>>>
>>>>Eric Hines
>>>
>>>There is no nonsense so errant that it cannot be made the creed of the 
>>>vast majority by adequate governmental action.
>>>         --Bertrand Russell

More information about the samba mailing list