[Samba] logon script

Pastor Frank E. Ramírez frankernesto.ramirez at gmail.com
Tue Apr 4 16:36:36 UTC 2023

Apologies for my english, I am not a native speaker. Well, Samba is an AD
DC. So, the manpage said that I need to use the LDAP
attribute scriptPath. But I don't know how?? I tried creating a new user
with the --script-path option, but it did not work. How can I set this ldap

El mar, 4 abr 2023 a las 12:15, Rowland Penny via samba (<
samba at lists.samba.org>) escribió:

> On 04/04/2023 16:43, Pastor Frank E. Ramírez via samba wrote:
> > Hi, I am using Samba 4 with domain controller role.
>  From reading your post, I think that when you say 'domain controller
> role', you actually mean a classic domain controller or PDC and not an
> AD DC. Is this correct ?
> > The clients use Windows
> > 10. I am trying to run a logon script every time a user logs in to give
> > them access to the internet automatically by updating iptables. I have
> read
> > in the smb.conf man pages that with this configuration I should use the
> > ldap scriptpath attribute but I don't know how to do it. Does anyone have
> > any idea how to achieve this. Thank you.
> The relevant part of the smb.conf has this to say about 'logon script':
> If Samba is set up as an Active Directory domain controller, LDAP
> attribute scriptPath is used instead.
> For configurations where passdb backend = ldapsam is in use, this option
> only defines a default value in case LDAP attribute sambaLogonScript is
> missing.
>  From that you will need to use the ldap attribute 'scriptPath' if you
> are using AD and the ldap attribute 'sambaLogonScript' if you are using
> an ldap based PDC and it falls back to the value set with this parameter
> in smb.conf if the user doesn't have a 'sambaLogonScript' attribute.
> The main problem with all that, the old NT4-style domains are now
> deprecated and will at some point in the future be removed from Samba.
> They rely on the very insecure SMBv1, which is now turned off
> everywhere, though it is still there and can be turned on again.
> If you go with AD, you can then start to use GPO's instead of using
> netlogon scripts.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list