[Samba] Win7 login script not running

Daniel Müller mueller at tropenklinik.de
Tue Jan 28 00:34:22 MST 2014


Hi  again ,

just try to use the Active Directory Users and Computers --"dsa.msc" from a windows client as admin.

Choose the profile and set there your "login.bat" I do so with XP Win7 and Win8 without any problem.

As I think perl is doing some action samba does not like. As I told you the "Logon Path" is set during provisioning and the rights too. 


-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von samba1 at nym.hush.com
Gesendet: Montag, 27. Januar 2014 20:34
An: samba at lists.samba.org; ricky.nance at gmail.com
Betreff: Re: [Samba] Win7 login script not running

I’ve had to leave it for today, but I just tried something else.

The login scripts are created ‘on-the-fly’ using a perl script I got over 10 years ago.  When a user logs in it creates a new batch file for them using an open command, and then writes out the appropriate login script commands based on the user’s group membership.

The login scripts are created with rw-rw-rw permissions, and owner and group are both set to ‘root’.  

I stopped Samba from running the perl script, made sure the Win7 user’s script was in the netlogon folder, and set its permissions to rwxrwxrwx.  This resulted in the script being executed in Windows 7.

I’ve changed that many things I’m not really sure what needs to be done!

I’d appreciate it if someone could confirm the correct permissions for the login scripts (they’ve been working fine this way in Windows XP, and they were also running from the Windows 7 command prompt).  If they need to be different, what’s the best way to force them to have execute permission?  Perhaps I could do it in perl as part of the open command, or add a perl command to change them once they’ve been created.

Thanks again.




On Mon, 27 Jan 2014 17:08:42 +0000 samba1 at nym.hush.com wrote:
>Thanks for that.
>
>I tried typing \\<samba-ip>\netlogon in the Windows ‘run’ box.  It
>
>opened the netlogon share.  When I double-clicked on the user’s login 
>script (<user>.bat) Windows popped up a warning saying ‘Open
>
>File – Security Warning.  We can’t verify who created this file. 
>Are you sure you want to run this file?’
>
>However, if I run \\<samba-ip>\netlogon\<user>.bat from the command 
>prompt it executes without warning.
>
>I started to look at some solutions, but thought I’d better report
>
>back!
>
>I added <samba-ip> to the intranet zone in IE security and added ‘bat’ 
>to the inclusion list of low risk files.  I also disabled User Account 
>Control.  Now when I try to run the file \\<samba-
>ip>\netlogon\<user>.bat Windows says I don’t have permission to
>access it.  
>
>
>
>On Mon, 27 Jan 2014 15:50:18 +0000 "Ricky Nance" 
><ricky.nance at gmail.com> wrote:
>>On Mon, Jan 27, 2014 at 9:38 AM, <samba1 at nym.hush.com> wrote:
>>
>>> Thanks for that.
>>>
>>> I’ve tried it on another Windows7 PC with a new machine name
>and
>>> username, and that does the same thing.
>>>
>>> I set the option to show login scripts in the foreground, and
>>some
>>> other related parameters (Run Synchronously, Allow scripts if 
>>> NetBios/DNS disabled, Always wait for network at computer
>>startup,
>>> Run legacy scripts unhidden).  However, still no joy, and it doesn’t 
>>> open a command window when loading which seems to
>>indicate
>>> it’s making no attempt to run the script.
>>>
>>> I’m not sure if it’s relevant but the [homes] share is working
>>okay
>>> – drive G: is mapped to the user’s home directory.
>>>
>>> I wondered if it was a timing issue – noticed that after
>>entering
>>> the password and Windows was displaying the ‘Welcome’ screen
>>that
>>> the user’s login script wasn’t on the Samba server.  It appears
>
>>to
>>> be created as the user’s Windows desktop loads.  However, I 
>>> configured Samba to not delete/create login scripts, so that
>the
>>> user’s login script was always available, and that made no 
>>> difference.
>>>
>>> I was only using the %username% environment variable to
>>explicitly
>>> call the login script from the user’s Startup Group in Windows
>>>> not an ideal solution, and I’d really like to have the login
>>script
>>> launching automatically.  %username% is correctly set to the
>>user’s
>>> login name.
>>>
>>> It’s really strange… I must be missing something really simple!
>>>
>>>
>>>
>>>
>>>
>>> On Mon, 27 Jan 2014 13:39:50 +0000 "Gaiseric Vandal"
>>> <gaiseric.vandal at gmail.com> wrote:
>>> >I am not sure if the "logon script" parameter is smb.conf
>>trumps
>>> >the
>>> >"logon script" parameter set for a user (i.e. the one you see
>>in
>>> >pdbedit.)
>>> >
>>> >I don't set a "logon script" in smb.conf.  Instead, each user
>>has
>>> >a
>>> >"logon script" parameter set.   I also don't use the 
>%username%
>>or
>>> >other
>>> >variables in the "logon script" parameter.   I am not using a
>>> >different
>>> >logon script for each user.   The script itself does have a 
>>line
>>> >for
>>> >"net use x: %homeshare%"   to map each user's individual home
>>> >directory.
>>> >
>>> >
>>> >I suspect the issue may be the %username% variable is not
>being
>>> >resolve
>>> >correctly.   After you log in, does the "set" command from a
>>> >command
>>> >prompt show you the environmental variables that you expect?
>>> >
>>> >Windows 7 runs the login scripts in the back ground by default-
> 
>>so
>>> >it
>>> >makes it a little harder to see if something is going wrong.
>>> >You can
>>> >change that behavior with gpedit.
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >On 01/27/14 08:15, samba1 at nym.hush.com wrote:
>>> >> Thanks very much for your reply.
>>> >>
>>> >> I was working on this all day yesterday, and just can’t get
>>it to
>>> >> work.
>>> >>
>>> >> It’s as though Windows7 simply isn’t executing the login
>>script.
>>> >>
>>> >> The user is called w7user2 and the login script is being
>>named
>>> >> w7user2.bat.  pdbedit –L –v w7user2 shows everything to be
>>okay
>>> >> with regard to the login script name and path.
>>> >>
>>> >> I’ve tried it with another user, and have tried granting
>both
>>> >> standard and administrator user rights on the PC.
>>> >>
>>> >> I tried simplifying the contents of the login script so that
>
>>it
>>> >> didn’t do any drive mapping, so it shouldn’t be stumbling
>>over
>>> >any
>>> >> of the login script’s content.
>>> >>
>>> >> The only way I can get it to ‘work’ is by calling the login
>>> >script
>>> >> from a batch file in the user’s startup folder on the PC.  
>ie
>>> >> ‘call \\<server>\netlogon\%username%.bat’
>>> >>
>>> >> That executes fine, which means the server side of the login
>>> >script
>>> >> seems to be working okay (as it is for all existing XP
>>users).
>>> >>
>>> >> I’m going to try it with another test Windows 7 PC (32 bit
>>this
>>> >> time) and see if that makes any difference.  At the minute
>>I’m
>>> >not
>>> >> sure what else to try!
>>> >>
>>> >>
>>> >> On Mon, 27 Jan 2014 08:22:43 +0000 "Daniel Müller"
>>> >> <mueller at tropenklinik.de> wrote:
>>> >>> You do not need to change any registry settings, just store
>
>>the
>>> >>> users logon bat in the share netlogon and it is up and
>>running.
>>> >>> As you provision your samba4 the netlogon will be created
>>with
>>> >the
>>> >>> right permission. Just use this share.
>>> >>> In your case you choose the name of the user to point to
>the
>>> >right
>>> >>> logon script: U%.bat, ex: administrator.bat. Nothing else
>>will
>>> >>> Work.
>>> >>>
>>> >>> -----------------------------------------------
>>> >>> EDV Daniel Müller
>>> >>>
>>> >>> Leitung EDV
>>> >>> Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24
>>> >>> 72076 Tübingen
>>> >>>
>>> >>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> >>> eMail: mueller at tropenklinik.de
>>> >>> Internet: www.tropenklinik.de
>>> >>> -----------------------------------------------
>>> >>> -----Ursprüngliche Nachricht-----
>>> >>> Von: samba-bounces at lists.samba.org [mailto:samba- 
>>> >>> bounces at lists.samba.org] Im Auftrag von samba1 at nym.hush.com
>>> >>> Gesendet: Freitag, 24. Januar 2014 15:02
>>> >>> An: samba at lists.samba.org
>>> >>> Betreff: [Samba] Win7 login script not running
>>> >>>
>>> >>> I’ve got a 4.1.3 Samba PDC Server on Debian Wheezy.  It’s
>>> >running
>>> >>> in Classic mode – all existing clients are Windows XP Pro.
>>> >>>
>>> >>> I’m installing a Windows 7 Pro 64-bit PC, and have managed
>>to
>>> >join
>>> >>> it to the domain, but can’t get the user’s login script to
>>run.
>>> >>> The login scripts work fine on XP.
>>> >>>
>>> >>> The pertinent sections of smb.conf contain:
>>> >>>
>>> >>> logon script = %U.bat
>>> >>> logon drive = G:
>>> >>>
>>> >>> [netlogon]
>>> >>> path = /home/netlogon
>>> >>> locking = no
>>> >>> guest ok = no
>>> >>> root preexec = /home/netlogon/loginscript.pl %U %M %m root 
>>> >>> postexec = /home/netlogon/logoutscript.pl %U %M %m read
>only
>>=
>>> >yes
>>> >>> browseable = no veto files = /*.pl/
>>> >>>
>>> >>> I’ve tried changing things such as the ‘read only’ and
>>‘guest
>>> >ok’
>>> >>> parameters.
>>> >>>
>>> >>> The login script for the user is being created in
>>> >/home/netlogon.
>>> >>>
>>> >>> It’s also being removed when the PC is shut down.
>>> >>>
>>> >>> I’ve tried a few registry entries including:
>>> >>>
>>> >>>
>>> 
>>>HKLM\System\CurrentControlSet\Services\Lanman\Workstation\Paramet
>e
>>r
>>> >>> s
>>> >>>     DomainCompatibilityMode DWORD 1
>>> >>>     DNSNameResolutionRequired DWORD 0
>>> >>>
>>> >>> HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
>>> >>>     RequireSignOrSeal DWORD 1
>>> >>>     RequireStrongKey DWORD 0
>>> >>>
>>> >>> 
>>HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
>>> >>>     RunLogonScriptSync DWORD 1
>>> >>>
>>> >>>
>>> 
>>>HKLM\Software\Policies\Microsoft\WindowsNT\CurrentVersion\Winlogo
>n
>>
>>> >>>     SyncForegroundPolicy DWORD 1
>>> >>>
>>> >>> I also set the LanManager Authentication Level to LM & NTLM 
>>> >>> responses.
>>> >>>
>>> >>> Drive G: is being mapped to the user’s home directory.  I
>>also
>>> >>> placed a copy of the login script there (in case it was
>>trying
>>> >to
>>> >>> run from there rather than from the netlogon share.
>>> >>>
>>> >>> I can map drives manually, and access the shares – I just
>>can’t
>>> >>> get the login script to execute.
>>> >>>
>>> >>> Thanks very much.
>>> >>>
>>> >>> --
>>> >>> To unsubscribe from this list go to the following URL and
>>read
>>> >the
>>> >>> instructions:  
>https://lists.samba.org/mailman/options/samba
>>> >
>>> >--
>>> >To unsubscribe from this list go to the following URL and read
>
>>the
>>> >instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read
>>the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>>Are you able to run the script after logging in by doing start ->
>
>>run -> \\
>>ip.to.sam.ba\netlogon then double clicking the script? Have you tried 
>>adding a 'pause' command to the end of your batch file to see
>what
>>happens?
>>Would you mind pasting your batch file and your perl script here so we 
>>can see whats happening?
>>
>>Thanks,
>>Ricky

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list