[Samba] logon script
Pastor Frank E. Ramírez
frankernesto.ramirez at gmail.com
Tue Apr 4 16:36:36 UTC 2023
Apologies for my english, I am not a native speaker. Well, Samba is an AD
DC. So, the manpage said that I need to use the LDAP
attribute scriptPath. But I don't know how?? I tried creating a new user
with the --script-path option, but it did not work. How can I set this ldap
attribute??
El mar, 4 abr 2023 a las 12:15, Rowland Penny via samba (<
samba at lists.samba.org>) escribió:
>
>
> On 04/04/2023 16:43, Pastor Frank E. Ramírez via samba wrote:
> > Hi, I am using Samba 4 with domain controller role.
>
> From reading your post, I think that when you say 'domain controller
> role', you actually mean a classic domain controller or PDC and not an
> AD DC. Is this correct ?
>
> > The clients use Windows
> > 10. I am trying to run a logon script every time a user logs in to give
> > them access to the internet automatically by updating iptables. I have
> read
> > in the smb.conf man pages that with this configuration I should use the
> > ldap scriptpath attribute but I don't know how to do it. Does anyone have
> > any idea how to achieve this. Thank you.
>
> The relevant part of the smb.conf has this to say about 'logon script':
>
> If Samba is set up as an Active Directory domain controller, LDAP
> attribute scriptPath is used instead.
> For configurations where passdb backend = ldapsam is in use, this option
> only defines a default value in case LDAP attribute sambaLogonScript is
> missing.
>
> From that you will need to use the ldap attribute 'scriptPath' if you
> are using AD and the ldap attribute 'sambaLogonScript' if you are using
> an ldap based PDC and it falls back to the value set with this parameter
> in smb.conf if the user doesn't have a 'sambaLogonScript' attribute.
>
> The main problem with all that, the old NT4-style domains are now
> deprecated and will at some point in the future be removed from Samba.
> They rely on the very insecure SMBv1, which is now turned off
> everywhere, though it is still there and can be turned on again.
>
> If you go with AD, you can then start to use GPO's instead of using
> netlogon scripts.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list