[Samba] tattooing of tdbsam backend with logon script value

Pat Emblen samba at talbragar.com.au
Mon Oct 17 20:31:23 MDT 2011 

On 18/10/11 02:29, Harry Jede wrote:
> On 15:21:48 wrote Pat Emblen:
>> On 15/10/11 19:15, Harry Jede wrote:
>>> pdbedit -S ""<user>
>>
>> Not here, it just sets an empty logon script, it doesn't default back
>> to the one in smb.conf.
>>
>> root at sheldon:/home/smb/netlogon# pdbedit -S "" talcom
>> Unix username:        talcom
>> NT username:
.
>> Profile Path:         \\sheldon\profiles\talcom
>> Domain:               SHELDON
> I can see two differences between your acoounts and my:
> 1. You dont have a "NT Username"

I'm not sure about this, I checked another couple of machines and they 
dont show them either, but they all work.

> 2. Your "Home Directory" and your "Profile Path" points to the netbios
> server name "sheldon", which is identical to your netbios domain name
> "SHELDON".

I've been using this machine as a bit of a test box for some scripts. 
Maybe I added 'talcom' before I set the domain up in smb.conf.That 
probably explains the Domain matching the the machine netbios name.
None of the other accounts are like this.

> Try to create a new account with:
> pdbedit -a newuser
>
> and check it again. Is your Server Name really equal to your workgroup
> name?
>

It didn't change anything ...

#cat /etc/samba/smb.conf |grep 'logon script'
	# Not mandatory with new pylogon script
     logon script = scripts\%U.cmd

# cat scripts/fred.cmd
ECHO hi fred
PAUSE

root at sheldon:/home/smb/netlogon# adduser fred
Adding user `fred' ...
Adding new group `fred' (1014) ...
Adding new user `fred' (1007) with group `fred' ...
Creating home directory `/home/fred' ...
Copying files from `/etc/skel' ...
snip

root at sheldon:/home/smb/netlogon# smbpasswd -a fred
New SMB password:
Retype new SMB password:
Added user fred.

root at sheldon:/home/smb/netlogon# pdbedit -Lvu fred
Unix username:        fred
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-3019205139-2287944265-981039286-1018
Primary Group SID:    S-1-5-21-3019205139-2287944265-981039286-513
Full Name:            Fred Flintstone
Home Directory:       \\sheldon\fred
HomeDir Drive:
Logon Script:         scripts\fred.cmd
Profile Path:         \\sheldon\profiles\fred
Domain:               TALBYCOM
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          9223372036854775807 seconds since the Epoch
Kickoff time:         9223372036854775807 seconds since the Epoch
Password last set:    Tue, 18 Oct 2011 10:22:40 EST
Password can change:  Tue, 18 Oct 2011 10:22:40 EST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Set a script manually
root at sheldon:/home/smb/netlogon# pdbedit -S "scripts\fred.vbs" -u fred
snip
Home Directory:       \\sheldon\fred
HomeDir Drive:
Logon Script:         scripts\fred.vbs
snip

Try to null it back to default
root at sheldon:/home/smb/netlogon# pdbedit -S "" fred
snip
Home Directory:       \\sheldon\fred
HomeDir Drive:
Logon Script:                         << No good
snip

Tested the account and the logon script does not run
It does run after resetting the account, as I previously described

And FYI....
A new user record from passdb.tdb - gets the default Logon Script

key 12 bytes
USER_zaphod
data 194 bytes
[000] 00 00 00 00 FF FF FF 7F  FF FF FF 7F 00 00 00 00  ........ .......
[010] 36 DC 9C 4E 00 00 00 00  FF FF FF 7F 07 00 00 00  6..N... .......
[020] 7A 61 70 68 6F 64 00 09  00 00 00 54 41 4C 42 59  zaphod.. ...TALBY
[030] 43 4F 4D 00 01 00 00 00  00 07 00 00 00 7A 61 70  COM.... .....zap
[040] 68 6F 64 00 00 00 00 00  00 00 00 00 00 00 00 00  hod.... .......
[050] 00 00 00 00 01 00 00 00  00 01 00 00 00 00 01 00  ....... .......
[060] 00 00 00 01 00 00 00 00  FE 03 00 00 01 02 00 00  ....... .......
[070] 00 00 00 00 10 00 00 00  A2 AC 52 67 41 D3 CB 37  ....... ..RgA..7
[080] EE F2 2A C6 25 1D E4 95  00 00 00 00 10 00 00 00  ..*.%... .......
[090] A8 00 15 00 00 00 20 00  00 00 FF FF FF FF FF FF  ......  ........
[0A0] FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF 00  ........ .......
[0B0] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 EC 04  ....... ........
[0C0] 00 00                                             .

after pdbedit -S "" -u zaphod

key 12 bytes
USER_zaphod
data 195 bytes
[000] 00 00 00 00 FF FF FF 7F  FF FF FF 7F 00 00 00 00  ........ .......
[010] 36 DC 9C 4E 00 00 00 00  FF FF FF 7F 07 00 00 00  6..N... .......
[020] 7A 61 70 68 6F 64 00 09  00 00 00 54 41 4C 42 59  zaphod.. ...TALBY
[030] 43 4F 4D 00 01 00 00 00  00 07 00 00 00 7A 61 70  COM.... .....zap
[040] 68 6F 64 00 00 00 00 00  00 00 00 00 01 00 00 00  hod.... .......
[050] 00 00 00 00 00 01 00 00  00 00 01 00 00 00 00 01  ....... ........
[060] 00 00 00 00 01 00 00 00  00 FE 03 00 00 01 02 00  ....... .......
[070] 00 00 00 00 00 10 00 00  00 A2 AC 52 67 41 D3 CB  ....... ...RgA..
[080] 37 EE F2 2A C6 25 1D E4  95 00 00 00 00 10 00 00  7..*.%.. .......
[090] 00 A8 00 15 00 00 00 20  00 00 00 FF FF FF FF FF  .......  ........
[0A0] FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ........ ........
[0B0] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 EC  ....... ........
[0C0] 04 00 00                                          ..

See the 01 inserted at 04C. That's the only difference.
I suppose they need a way to record:
1. Default Logon Script
2. Specific Logon Script
3. No logon script

I've never used LDAP, so I don't no how it handles the 3 possibilities?

Pat

More information about the samba mailing list