[Samba] Win7 login script not running

samba1 at nym.hush.com samba1 at nym.hush.com
Mon Jan 27 12:34:00 MST 2014 

I’ve had to leave it for today, but I just tried something else.

The login scripts are created ‘on-the-fly’ using a perl script I 
got over 10 years ago.  When a user logs in it creates a new batch 
file for them using an open command, and then writes out the 
appropriate login script commands based on the user’s group 
membership.

The login scripts are created with rw-rw-rw permissions, and owner 
and group are both set to ‘root’.  

I stopped Samba from running the perl script, made sure the Win7 
user’s script was in the netlogon folder, and set its permissions 
to rwxrwxrwx.  This resulted in the script being executed in 
Windows 7.

I’ve changed that many things I’m not really sure what needs to be 
done!

I’d appreciate it if someone could confirm the correct permissions 
for the login scripts (they’ve been working fine this way in 
Windows XP, and they were also running from the Windows 7 command 
prompt).  If they need to be different, what’s the best way to 
force them to have execute permission?  Perhaps I could do it in 
perl as part of the open command, or add a perl command to change 
them once they’ve been created.

Thanks again.




On Mon, 27 Jan 2014 17:08:42 +0000 samba1 at nym.hush.com wrote:
>Thanks for that.
>
>I tried typing \\<samba-ip>\netlogon in the Windows ‘run’ box.  It 
>
>opened the netlogon share.  When I double-clicked on the user’s 
>login script (<user>.bat) Windows popped up a warning saying ‘Open 
>
>File – Security Warning.  We can’t verify who created this file. 
>Are you sure you want to run this file?’
>
>However, if I run \\<samba-ip>\netlogon\<user>.bat from the 
>command 
>prompt it executes without warning.
>
>I started to look at some solutions, but thought I’d better report 
>
>back!
>
>I added <samba-ip> to the intranet zone in IE security and added 
>‘bat’ to the inclusion list of low risk files.  I also disabled 
>User Account Control.  Now when I try to run the file \\<samba-
>ip>\netlogon\<user>.bat Windows says I don’t have permission to 
>access it.  
>
>
>
>On Mon, 27 Jan 2014 15:50:18 +0000 "Ricky Nance" 
><ricky.nance at gmail.com> wrote:
>>On Mon, Jan 27, 2014 at 9:38 AM, <samba1 at nym.hush.com> wrote:
>>
>>> Thanks for that.
>>>
>>> I’ve tried it on another Windows7 PC with a new machine name 
>and
>>> username, and that does the same thing.
>>>
>>> I set the option to show login scripts in the foreground, and 
>>some
>>> other related parameters (Run Synchronously, Allow scripts if
>>> NetBios/DNS disabled, Always wait for network at computer 
>>startup,
>>> Run legacy scripts unhidden).  However, still no joy, and it
>>> doesn’t open a command window when loading which seems to 
>>indicate
>>> it’s making no attempt to run the script.
>>>
>>> I’m not sure if it’s relevant but the [homes] share is working 
>>okay
>>> – drive G: is mapped to the user’s home directory.
>>>
>>> I wondered if it was a timing issue – noticed that after 
>>entering
>>> the password and Windows was displaying the ‘Welcome’ screen 
>>that
>>> the user’s login script wasn’t on the Samba server.  It appears 
>
>>to
>>> be created as the user’s Windows desktop loads.  However, I
>>> configured Samba to not delete/create login scripts, so that 
>the
>>> user’s login script was always available, and that made no
>>> difference.
>>>
>>> I was only using the %username% environment variable to 
>>explicitly
>>> call the login script from the user’s Startup Group in Windows 
>>>> not an ideal solution, and I’d really like to have the login 
>>script
>>> launching automatically.  %username% is correctly set to the 
>>user’s
>>> login name.
>>>
>>> It’s really strange… I must be missing something really simple!
>>>
>>>
>>>
>>>
>>>
>>> On Mon, 27 Jan 2014 13:39:50 +0000 "Gaiseric Vandal"
>>> <gaiseric.vandal at gmail.com> wrote:
>>> >I am not sure if the "logon script" parameter is smb.conf 
>>trumps
>>> >the
>>> >"logon script" parameter set for a user (i.e. the one you see 
>>in
>>> >pdbedit.)
>>> >
>>> >I don't set a "logon script" in smb.conf.  Instead, each user 
>>has
>>> >a
>>> >"logon script" parameter set.   I also don't use the 
>%username% 
>>or
>>> >other
>>> >variables in the "logon script" parameter.   I am not using a
>>> >different
>>> >logon script for each user.   The script itself does have a 
>>line
>>> >for
>>> >"net use x: %homeshare%"   to map each user's individual home
>>> >directory.
>>> >
>>> >
>>> >I suspect the issue may be the %username% variable is not 
>being
>>> >resolve
>>> >correctly.   After you log in, does the "set" command from a
>>> >command
>>> >prompt show you the environmental variables that you expect?
>>> >
>>> >Windows 7 runs the login scripts in the back ground by default-
> 
>>so
>>> >it
>>> >makes it a little harder to see if something is going wrong.
>>> >You can
>>> >change that behavior with gpedit.
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >On 01/27/14 08:15, samba1 at nym.hush.com wrote:
>>> >> Thanks very much for your reply.
>>> >>
>>> >> I was working on this all day yesterday, and just can’t get 
>>it to
>>> >> work.
>>> >>
>>> >> It’s as though Windows7 simply isn’t executing the login 
>>script.
>>> >>
>>> >> The user is called w7user2 and the login script is being 
>>named
>>> >> w7user2.bat.  pdbedit –L –v w7user2 shows everything to be 
>>okay
>>> >> with regard to the login script name and path.
>>> >>
>>> >> I’ve tried it with another user, and have tried granting 
>both
>>> >> standard and administrator user rights on the PC.
>>> >>
>>> >> I tried simplifying the contents of the login script so that 
>
>>it
>>> >> didn’t do any drive mapping, so it shouldn’t be stumbling 
>>over
>>> >any
>>> >> of the login script’s content.
>>> >>
>>> >> The only way I can get it to ‘work’ is by calling the login
>>> >script
>>> >> from a batch file in the user’s startup folder on the PC.  
>ie
>>> >> ‘call \\<server>\netlogon\%username%.bat’
>>> >>
>>> >> That executes fine, which means the server side of the login
>>> >script
>>> >> seems to be working okay (as it is for all existing XP 
>>users).
>>> >>
>>> >> I’m going to try it with another test Windows 7 PC (32 bit 
>>this
>>> >> time) and see if that makes any difference.  At the minute 
>>I’m
>>> >not
>>> >> sure what else to try!
>>> >>
>>> >>
>>> >> On Mon, 27 Jan 2014 08:22:43 +0000 "Daniel Müller"
>>> >> <mueller at tropenklinik.de> wrote:
>>> >>> You do not need to change any registry settings, just store 
>
>>the
>>> >>> users logon bat in the share netlogon and it is up and 
>>running.
>>> >>> As you provision your samba4 the netlogon will be created 
>>with
>>> >the
>>> >>> right permission. Just use this share.
>>> >>> In your case you choose the name of the user to point to 
>the
>>> >right
>>> >>> logon script: U%.bat, ex: administrator.bat. Nothing else 
>>will
>>> >>> Work.
>>> >>>
>>> >>> -----------------------------------------------
>>> >>> EDV Daniel Müller
>>> >>>
>>> >>> Leitung EDV
>>> >>> Tropenklinik Paul-Lechler-Krankenhaus
>>> >>> Paul-Lechler-Str. 24
>>> >>> 72076 Tübingen
>>> >>>
>>> >>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> >>> eMail: mueller at tropenklinik.de
>>> >>> Internet: www.tropenklinik.de
>>> >>> -----------------------------------------------
>>> >>> -----Ursprüngliche Nachricht-----
>>> >>> Von: samba-bounces at lists.samba.org [mailto:samba-
>>> >>> bounces at lists.samba.org] Im Auftrag von samba1 at nym.hush.com
>>> >>> Gesendet: Freitag, 24. Januar 2014 15:02
>>> >>> An: samba at lists.samba.org
>>> >>> Betreff: [Samba] Win7 login script not running
>>> >>>
>>> >>> I’ve got a 4.1.3 Samba PDC Server on Debian Wheezy.  It’s
>>> >running
>>> >>> in Classic mode – all existing clients are Windows XP Pro.
>>> >>>
>>> >>> I’m installing a Windows 7 Pro 64-bit PC, and have managed 
>>to
>>> >join
>>> >>> it to the domain, but can’t get the user’s login script to 
>>run.
>>> >>> The login scripts work fine on XP.
>>> >>>
>>> >>> The pertinent sections of smb.conf contain:
>>> >>>
>>> >>> logon script = %U.bat
>>> >>> logon drive = G:
>>> >>>
>>> >>> [netlogon]
>>> >>> path = /home/netlogon
>>> >>> locking = no
>>> >>> guest ok = no
>>> >>> root preexec = /home/netlogon/loginscript.pl %U %M %m root
>>> >>> postexec = /home/netlogon/logoutscript.pl %U %M %m read 
>only 
>>=
>>> >yes
>>> >>> browseable = no veto files = /*.pl/
>>> >>>
>>> >>> I’ve tried changing things such as the ‘read only’ and 
>>‘guest
>>> >ok’
>>> >>> parameters.
>>> >>>
>>> >>> The login script for the user is being created in
>>> >/home/netlogon.
>>> >>>
>>> >>> It’s also being removed when the PC is shut down.
>>> >>>
>>> >>> I’ve tried a few registry entries including:
>>> >>>
>>> >>>
>>> 
>>>HKLM\System\CurrentControlSet\Services\Lanman\Workstation\Paramet
>e
>>r
>>> >>> s
>>> >>>     DomainCompatibilityMode DWORD 1
>>> >>>     DNSNameResolutionRequired DWORD 0
>>> >>>
>>> >>> HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
>>> >>>     RequireSignOrSeal DWORD 1
>>> >>>     RequireStrongKey DWORD 0
>>> >>>
>>> >>> 
>>HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
>>> >>>     RunLogonScriptSync DWORD 1
>>> >>>
>>> >>>
>>> 
>>>HKLM\Software\Policies\Microsoft\WindowsNT\CurrentVersion\Winlogo
>n
>>
>>> >>>     SyncForegroundPolicy DWORD 1
>>> >>>
>>> >>> I also set the LanManager Authentication Level to LM & NTLM
>>> >>> responses.
>>> >>>
>>> >>> Drive G: is being mapped to the user’s home directory.  I 
>>also
>>> >>> placed a copy of the login script there (in case it was 
>>trying
>>> >to
>>> >>> run from there rather than from the netlogon share.
>>> >>>
>>> >>> I can map drives manually, and access the shares – I just 
>>can’t
>>> >>> get the login script to execute.
>>> >>>
>>> >>> Thanks very much.
>>> >>>
>>> >>> --
>>> >>> To unsubscribe from this list go to the following URL and 
>>read
>>> >the
>>> >>> instructions:  
>https://lists.samba.org/mailman/options/samba
>>> >
>>> >--
>>> >To unsubscribe from this list go to the following URL and read 
>
>>the
>>> >instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read 
>>the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>>Are you able to run the script after logging in by doing start -> 
>
>>run -> \\
>>ip.to.sam.ba\netlogon then double clicking the script? Have you 
>>tried
>>adding a 'pause' command to the end of your batch file to see 
>what 
>>happens?
>>Would you mind pasting your batch file and your perl script here 
>>so we can
>>see whats happening?
>>
>>Thanks,
>>Ricky

More information about the samba mailing list