subject:"\[Samba\] Logon scripts"

Re: [Samba] Logon scripts, home directories, and Samba4 AD

2013-07-03 Thread Daniel Müller

This could do the job
Identify the home share on your samba3 fileserver (certain it is member of
your samba4 domain?!) as dfs root

Ex:
msdfs root= yes

On samba4 ads
[home]
msdfs proxy= \your-samba3-server\homes
read only = No

with rsat point to \your-samba3-server\homes

Good luck
---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Lee Allen
Gesendet: Mittwoch, 3. Juli 2013 00:20
An: samba@lists.samba.org; samba-techni...@lists.samba.org
Betreff: [Samba] Logon scripts, home directories, and Samba4 AD

I apologize if this appears twice: I posted it several hours ago and it has
not appeared on the list, so I am tweaking the email address and trying
again.

I have two separate (virtual) servers: one running Samba4 functioning as an
AD controller, and one running Samba 3.6.1  functioning as a file  print
server.

On the Samba3 side I am using security=ads and winbind and authenticating
against the Samba4 ADC.  Everything is working great.

Where things get a little messy is with the [homes] shares.

Here is what I am doing now:

My Samba3 smb.conf has a typical [homes] section.  I create a subdirectory
for each user, and set ownership  permissions.

I create a logon script on the Samba4 system -- one for each user, because
the username is embedded in it:
net use H: \\samba3\username

And then I use RSAT to set the logon script to the correct value for each
user.

It's just a lot of steps that need to be performed (perfectly) for each
user.  Is there a better way?

I see RSAT allows me to specify a Home folder.  Could this be a folder on
the Samba3 server -- ie, \\samba3\username ? (I tried that and it did not
work)

I can imagine some scripts that would create the logon script on the Samba4
system, and create the necessary directories on the Samba3 system.  I could
probably manage that, but I hate to re-invent the wheel --

If there is a clean, orthodox way to do this, I would like to know what it
is.

Thank you.

Lee Allen
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Logon scripts, home directories, and Samba4 AD

2013-07-03 Thread Gémes Géza


Hi,

This could do the job
Identify the home share on your samba3 fileserver (certain it is member of
your samba4 domain?!) as dfs root

Ex:
msdfs root= yes

On samba4 ads
[home]
 msdfs proxy= \your-samba3-server\homes
 read only = No

with rsat point to \your-samba3-server\homes

Good luck
---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
Even easier specify \\your-samba3-server\%USERNAME% as the home folder 
setting under ADUC for all the users you want (you can even select them 
set this once) if you also specify home drive H: it will get mounted at 
that drive letter

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Lee Allen
Gesendet: Mittwoch, 3. Juli 2013 00:20
An: samba@lists.samba.org; samba-techni...@lists.samba.org
Betreff: [Samba] Logon scripts, home directories, and Samba4 AD

I apologize if this appears twice: I posted it several hours ago and it has
not appeared on the list, so I am tweaking the email address and trying
again.

I have two separate (virtual) servers: one running Samba4 functioning as an
AD controller, and one running Samba 3.6.1  functioning as a file  print
server.

On the Samba3 side I am using security=ads and winbind and authenticating
against the Samba4 ADC.  Everything is working great.

Where things get a little messy is with the [homes] shares.

Here is what I am doing now:

My Samba3 smb.conf has a typical [homes] section.  I create a subdirectory
for each user, and set ownership  permissions.

I create a logon script on the Samba4 system -- one for each user, because
the username is embedded in it:
net use H: \\samba3\username

And then I use RSAT to set the logon script to the correct value for each
user.

It's just a lot of steps that need to be performed (perfectly) for each
user.  Is there a better way?

I see RSAT allows me to specify a Home folder.  Could this be a folder on
the Samba3 server -- ie, \\samba3\username ? (I tried that and it did not
work)

I can imagine some scripts that would create the logon script on the Samba4
system, and create the necessary directories on the Samba3 system.  I could
probably manage that, but I hate to re-invent the wheel --

If there is a clean, orthodox way to do this, I would like to know what it
is.

Thank you.

Lee Allen
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Regards

Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Logon scripts, home directories, and Samba4 AD

2013-07-03 Thread Lee Allen

Thank you, that works great, and it eliminates the need to create logon
scripts for each user. That's a big improvement.

ADUC complains it cannot create the folder. Not surprising, because the
specified folder \\samba3\username does not really exist -- it's a [homes]
share, the true pathname is \\samba3\nas\homes\username.

So I still need to create the directory in the samba3 system, and set
permissions appropriately.

Is there a way around this? The only solution I can see is to write a
script that will create the necessary directories when a user is created.
But that wouldn't be simple, because it's on a different server -- the
user is created on the samba4 ADC and the shares are on the samba3
fileserver.

On Wed, Jul 3, 2013 at 3:22 AM, Gémes Géza g...@kzsdabas.hu wrote:

Hi,

This could do the job
Identify the home share on your samba3 fileserver (certain it is member of
your samba4 domain?!) as dfs root

Ex:
msdfs root= yes

On samba4 ads
[home]
msdfs proxy= \your-samba3-server\homes
read only = No

with rsat point to \your-samba3-server\homes

Good luck
--**-
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
--**-

Even easier specify \\your-samba3-server\%**USERNAME% as the home folder
setting under ADUC for all the users you want (you can even select them set
this once) if you also specify home drive H: it will get mounted at that
drive letter

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-bounces@lists.**
samba.org samba-boun...@lists.samba.org] Im
Auftrag von Lee Allen
Gesendet: Mittwoch, 3. Juli 2013 00:20
An: samba@lists.samba.org;
samba-technical@lists.samba.**orgsamba-techni...@lists.samba.org
Betreff: [Samba] Logon scripts, home directories, and Samba4 AD

I apologize if this appears twice: I posted it several hours ago and it
has
not appeared on the list, so I am tweaking the email address and trying
again.

I have two separate (virtual) servers: one running Samba4 functioning as
an
AD controller, and one running Samba 3.6.1 functioning as a file print
server.

On the Samba3 side I am using security=ads and winbind and authenticating
against the Samba4 ADC. Everything is working great.

Where things get a little messy is with the [homes] shares.

Here is what I am doing now:

My Samba3 smb.conf has a typical [homes] section. I create a subdirectory
for each user, and set ownership permissions.

I create a logon script on the Samba4 system -- one for each user, because
the username is embedded in it:
net use H: \\samba3\username

And then I use RSAT to set the logon script to the correct value for each
user.

It's just a lot of steps that need to be performed (perfectly) for each
user. Is there a better way?

I see RSAT allows me to specify a Home folder. Could this be a folder
on
the Samba3 server -- ie, \\samba3\username ? (I tried that and it did not
work)

I can imagine some scripts that would create the logon script on the
Samba4
system, and create the necessary directories on the Samba3 system. I
could
probably manage that, but I hate to re-invent the wheel --

If there is a clean, orthodox way to do this, I would like to know what it
is.

Thank you.

Lee Allen
--
To unsubscribe from this list go to the following URL and read the
instructions:
https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba

Regards

Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions:
https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba

--
*Lee Allen*
email: l...@leecallen.com
bus: (716) 773-2729
home: (716) 773-2326
cell: (716) 880-0854
fax: (716) 408-8844
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Logon scripts, home directories, and Samba4 AD

2013-07-03 Thread Daniel Müller

So you authenticate against the samba4 ads with your samba3 is this true?
Then you can do a root preexec and run a script on your samba3 server every
time
the users connect to [homes].
Ex:

[homes]
root preexec = /path-to-script/./user-home-dir %U


Your script user-home-dir (where $1 is the login of the user):

#!/bin/bash
#if exist directory
if test -d /path-to/your-users-home-dirs/$1
then
#put Directory is already there in a log file
echo $1 Directory already up and running /system/log/eanm.log
else

mkdir  /path-to/your-users-home-dirs/$1
chmod -R 700  /path-to/your-users-home-dirs/$1
chown -R $1:Domain Users / path-to/your-users-home-dirs/$1
echo /path-to/your-users-home-dirs/$1 created /system/log/anm.log
fi


Greetings
Daniel
---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Lee Allen
Gesendet: Mittwoch, 3. Juli 2013 14:56
An: Gémes Géza
Cc: samba@lists.samba.org
Betreff: Re: [Samba] Logon scripts, home directories, and Samba4 AD

Thank you, that works great, and it eliminates the need to create logon
scripts for each user.  That's a big improvement.

ADUC complains it cannot create the folder.  Not surprising, because the
specified folder \\samba3\username does not really exist -- it's a [homes]
share, the true pathname is \\samba3\nas\homes\username.

So I still need to create the directory in the samba3 system, and set
permissions appropriately.

Is there a way around this?  The only solution I can see is to write a
script that will create the necessary directories when a user is created.
 But that wouldn't be simple, because it's on a different server -- the user
is created on the samba4 ADC and the shares are on the samba3 fileserver.


On Wed, Jul 3, 2013 at 3:22 AM, Gémes Géza g...@kzsdabas.hu wrote:

 Hi,

 This could do the job
 Identify the home share on your samba3 fileserver (certain it is 
 member of your samba4 domain?!) as dfs root

 Ex:
 msdfs root= yes

 On samba4 ads
 [home]
  msdfs proxy= \your-samba3-server\homes
  read only = No

 with rsat point to \your-samba3-server\homes

 Good luck
 --**-
 EDV Daniel Müller

 Leitung EDV
 Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24
 72076 Tübingen

 Tel.: 07071/206-463, Fax: 07071/206-499
 eMail: muel...@tropenklinik.de
 Internet: www.tropenklinik.de
 --**-

 Even easier specify \\your-samba3-server\%**USERNAME% as the home 
 folder setting under ADUC for all the users you want (you can even 
 select them set this once) if you also specify home drive H: it will 
 get mounted at that drive letter

 -Ursprüngliche Nachricht-
 Von: samba-boun...@lists.samba.org [mailto:samba-bounces@lists.** 
 samba.org samba-boun...@lists.samba.org] Im Auftrag von Lee Allen
 Gesendet: Mittwoch, 3. Juli 2013 00:20
 An: samba@lists.samba.org; 
 samba-technical@lists.samba.**orgsamba-techni...@lists.samba.org
 Betreff: [Samba] Logon scripts, home directories, and Samba4 AD

 I apologize if this appears twice: I posted it several hours ago and 
 it has not appeared on the list, so I am tweaking the email address 
 and trying again.

 I have two separate (virtual) servers: one running Samba4 functioning 
 as an AD controller, and one running Samba 3.6.1  functioning as a 
 file  print server.

 On the Samba3 side I am using security=ads and winbind and 
 authenticating against the Samba4 ADC.  Everything is working great.

 Where things get a little messy is with the [homes] shares.

 Here is what I am doing now:

 My Samba3 smb.conf has a typical [homes] section.  I create a 
 subdirectory for each user, and set ownership  permissions.

 I create a logon script on the Samba4 system -- one for each user, 
 because the username is embedded in it:
 net use H: \\samba3\username

 And then I use RSAT to set the logon script to the correct value for 
 each user.

 It's just a lot of steps that need to be performed (perfectly) for 
 each user.  Is there a better way?

 I see RSAT allows me to specify a Home folder.  Could this be a 
 folder on the Samba3 server -- ie, \\samba3\username ? (I tried that 
 and it did not
 work)

 I can imagine some scripts that would create the logon script on the
 Samba4
 system, and create the necessary directories on the Samba3 system.  I 
 could probably manage that, but I hate to re-invent the wheel --

 If there is a clean, orthodox way to do this, I would like to know 
 what it is.

 Thank you.

 Lee Allen
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  
 https://lists.samba.org/**mailman/options

Re: [Samba] Logon scripts, home directories, and Samba4 AD

2013-07-03 Thread Lee Allen

Daniel that's perfect - -  the 'root preexec'  is exactly what I need.
Thank you.
On Jul 3, 2013 9:33 AM, Daniel Müller muel...@tropenklinik.de wrote:

 So you authenticate against the samba4 ads with your samba3 is this true?
 Then you can do a root preexec and run a script on your samba3 server every
 time
 the users connect to [homes].
 Ex:

 [homes]
 root preexec = /path-to-script/./user-home-dir %U


 Your script user-home-dir (where $1 is the login of the user):

 #!/bin/bash
 #if exist directory
 if test -d /path-to/your-users-home-dirs/$1
 then
 #put Directory is already there in a log file
 echo $1 Directory already up and running /system/log/eanm.log
 else

 mkdir  /path-to/your-users-home-dirs/$1
 chmod -R 700  /path-to/your-users-home-dirs/$1
 chown -R $1:Domain Users / path-to/your-users-home-dirs/$1
 echo /path-to/your-users-home-dirs/$1 created /system/log/anm.log
 fi


 Greetings
 Daniel
 ---
 EDV Daniel Müller

 Leitung EDV
 Tropenklinik Paul-Lechler-Krankenhaus
 Paul-Lechler-Str. 24
 72076 Tübingen

 Tel.: 07071/206-463, Fax: 07071/206-499
 eMail: muel...@tropenklinik.de
 Internet: www.tropenklinik.de
 ---

 -Ursprüngliche Nachricht-
 Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
 Im
 Auftrag von Lee Allen
 Gesendet: Mittwoch, 3. Juli 2013 14:56
 An: Gémes Géza
 Cc: samba@lists.samba.org
 Betreff: Re: [Samba] Logon scripts, home directories, and Samba4 AD

 Thank you, that works great, and it eliminates the need to create logon
 scripts for each user.  That's a big improvement.

 ADUC complains it cannot create the folder.  Not surprising, because the
 specified folder \\samba3\username does not really exist -- it's a [homes]
 share, the true pathname is \\samba3\nas\homes\username.

 So I still need to create the directory in the samba3 system, and set
 permissions appropriately.

 Is there a way around this?  The only solution I can see is to write a
 script that will create the necessary directories when a user is created.
  But that wouldn't be simple, because it's on a different server -- the
 user
 is created on the samba4 ADC and the shares are on the samba3 fileserver.


 On Wed, Jul 3, 2013 at 3:22 AM, Gémes Géza g...@kzsdabas.hu wrote:

  Hi,
 
  This could do the job
  Identify the home share on your samba3 fileserver (certain it is
  member of your samba4 domain?!) as dfs root
 
  Ex:
  msdfs root= yes
 
  On samba4 ads
  [home]
   msdfs proxy= \your-samba3-server\homes
   read only = No
 
  with rsat point to \your-samba3-server\homes
 
  Good luck
  --**-
  EDV Daniel Müller
 
  Leitung EDV
  Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24
  72076 Tübingen
 
  Tel.: 07071/206-463, Fax: 07071/206-499
  eMail: muel...@tropenklinik.de
  Internet: www.tropenklinik.de
  --**-
 
  Even easier specify \\your-samba3-server\%**USERNAME% as the home
  folder setting under ADUC for all the users you want (you can even
  select them set this once) if you also specify home drive H: it will
  get mounted at that drive letter
 
  -Ursprüngliche Nachricht-
  Von: samba-boun...@lists.samba.org [mailto:samba-bounces@lists.**
  samba.org samba-boun...@lists.samba.org] Im Auftrag von Lee Allen
  Gesendet: Mittwoch, 3. Juli 2013 00:20
  An: samba@lists.samba.org;
  samba-technical@lists.samba.**orgsamba-techni...@lists.samba.org
  Betreff: [Samba] Logon scripts, home directories, and Samba4 AD
 
  I apologize if this appears twice: I posted it several hours ago and
  it has not appeared on the list, so I am tweaking the email address
  and trying again.
 
  I have two separate (virtual) servers: one running Samba4 functioning
  as an AD controller, and one running Samba 3.6.1  functioning as a
  file  print server.
 
  On the Samba3 side I am using security=ads and winbind and
  authenticating against the Samba4 ADC.  Everything is working great.
 
  Where things get a little messy is with the [homes] shares.
 
  Here is what I am doing now:
 
  My Samba3 smb.conf has a typical [homes] section.  I create a
  subdirectory for each user, and set ownership  permissions.
 
  I create a logon script on the Samba4 system -- one for each user,
  because the username is embedded in it:
  net use H: \\samba3\username
 
  And then I use RSAT to set the logon script to the correct value for
  each user.
 
  It's just a lot of steps that need to be performed (perfectly) for
  each user.  Is there a better way?
 
  I see RSAT allows me to specify a Home folder.  Could this be a
  folder on the Samba3 server -- ie, \\samba3\username ? (I tried that
  and it did not
  work)
 
  I can imagine some scripts that would create the logon script on the
  Samba4
  system, and create the necessary directories on the Samba3 system.  I
  could probably manage that, but I hate

[Samba] Logon scripts, home directories, and Samba4 AD

2013-07-02 Thread Lee Allen

I have two separate (virtual) servers: one running Samba4 functioning as an
AD controller, and one running Samba 3.6.1  functioning as a file  print
server.

I am using security=ads and winbind.  Everything is working great.

Where things get a little messy is with the [homes] shares.

Here is what I am doing now:

My Samba3 smb.conf has a typical [homes] section.  I create a subdirectory
for each user, and set ownership  permissions.

I create a logon script on the Samba4 system -- one for each user, because
the username is embedded in it:
net use H: \\samba3\username

And then I use RSAT to set the logon script to the correct value for each
user.

It's just a lot of steps that need to be performed (perfectly) for each
user.  Is there a better way?

I see RSAT allows me to specify a Home folder.  Could this be a folder on
the Samba3 server -- ie, \\samba3\username ? (I tried that and it did not
work)

I can imagine some scripts that would create the logon script on the Samba4
system, and create the necessary directories on the Samba3 system.  I could
probably manage that, but I hate to re-invent the wheel --

If there is a clean, orthodox way to do this, I would like to know what it
is.

Thank you.

-- 
*Lee Allen*
email: l...@leecallen.com
bus: (716) 773-2729
home: (716) 773-2326
cell: (716) 880-0854
fax: (716) 408-8844
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Logon scripts, home directories, and Samba4 AD

2013-07-02 Thread Lee Allen

I apologize if this appears twice: I posted it several hours ago and it has
not appeared on the list, so I am tweaking the email address and trying
again.

I have two separate (virtual) servers: one running Samba4 functioning as an
AD controller, and one running Samba 3.6.1  functioning as a file  print
server.

On the Samba3 side I am using security=ads and winbind and authenticating
against the Samba4 ADC.  Everything is working great.

Where things get a little messy is with the [homes] shares.

Here is what I am doing now:

My Samba3 smb.conf has a typical [homes] section.  I create a subdirectory
for each user, and set ownership  permissions.

I create a logon script on the Samba4 system -- one for each user, because
the username is embedded in it:
net use H: \\samba3\username

And then I use RSAT to set the logon script to the correct value for each
user.

It's just a lot of steps that need to be performed (perfectly) for each
user.  Is there a better way?

I see RSAT allows me to specify a Home folder.  Could this be a folder on
the Samba3 server -- ie, \\samba3\username ? (I tried that and it did not
work)

I can imagine some scripts that would create the logon script on the Samba4
system, and create the necessary directories on the Samba3 system.  I could
probably manage that, but I hate to re-invent the wheel --

If there is a clean, orthodox way to do this, I would like to know what it
is.

Thank you.

Lee Allen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Logon scripts

2013-03-11 Thread Daniel Müller

The welcome screen? The welcome screen is first logoff and then  login
again. All work of the user will be lost!?
The locked screen is an item of security and it protects the authenticated
users desktop. And as long the user
is authenticated no other users has the right to drop in.
Every other rule would be chaos.


---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Terry Austin
Gesendet: Freitag, 8. März 2013 23:38
An: samba@lists.samba.org
Betreff: Re: [Samba] Logon scripts

OK, once I found the Group Policy editor, I got what I needed (which was to
enforce a screen saver with a password). Thanks.

Anybody know how to (ir if you can) get XP Pro to go to the welcome screen
instead of the locked screen when it comes out of the screen saver? 
Unlocking can only be done by whoever was logged in at the time, or an
admin, and the admin options forcibly logs out the other user. (The correct
solution, of course, is upgrading to Win7, but that's a time consuming and
expensive process, and we're not there yet.)

On 8 Mar 2013 at 14:15, Ricky Nance wrote:

 Hello Terry,
 You will need to define a logon script for each user in the Active 
 Directory Users and Computers (ADUC) tool or you can do this through 
 user GPO's (there is a logon script option under the user module).
 
 In ADUC, select a user (or highlight several users) then under the 
 profiles tab add the filename (logon.bat for me, your's may be 
 different) and ensure that the logon.bat exists in the netlogon share.
 
 For the GPO option you can open Group Policy MMC and select your users 
 OU, then create new policy, name it something useful (map homes share, 
 or run logon script for instance), edit it, and under User 
 Configuration, click Windows Settings, scripts (logon/logoff), then 
 double click the logon option, and add your file to the GPO under the 
 show files button, then click Add, and select the file you just added (or
created) there.
 
 Ricky
 
 
 On Fri, Mar 8, 2013 at 2:02 PM, Terry Austin
te...@crownhardware.comwrote:
 
  Is there a detailed howto on setting up logon scripts on Samba 4? Or 
  is it the same as for 3?
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/options/samba
 
 
 
 
 --
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Logon scripts

2013-03-08 Thread Terry Austin

Is there a detailed howto on setting up logon scripts on Samba 4? Or is it 
the same as for 3?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Logon scripts

2013-03-08 Thread Ricky Nance

Hello Terry,
You will need to define a logon script for each user in the Active
Directory Users and Computers (ADUC) tool or you can do this through user
GPO's (there is a logon script option under the user module).

In ADUC, select a user (or highlight several users) then under the profiles
tab add the filename (logon.bat for me, your's may be different) and ensure
that the logon.bat exists in the netlogon share.

For the GPO option you can open Group Policy MMC and select your users OU,
then create new policy, name it something useful (map homes share, or run
logon script for instance), edit it, and under User Configuration, click
Windows Settings, scripts (logon/logoff), then double click the logon
option, and add your file to the GPO under the show files button, then
click Add, and select the file you just added (or created) there.

Ricky


On Fri, Mar 8, 2013 at 2:02 PM, Terry Austin te...@crownhardware.comwrote:

 Is there a detailed howto on setting up logon scripts on Samba 4? Or is it
 the same as for 3?
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba




--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Logon scripts

2013-03-08 Thread Terry Austin

OK, once I found the Group Policy editor, I got what I needed (which was to 
enforce a screen saver with a password). Thanks.

Anybody know how to (ir if you can) get XP Pro to go to the welcome screen 
instead of the locked screen when it comes out of the screen saver? 
Unlocking can only be done by whoever was logged in at the time, or an 
admin, and the admin options forcibly logs out the other user. (The correct 
solution, of course, is upgrading to Win7, but that's a time consuming and 
expensive process, and we're not there yet.)

On 8 Mar 2013 at 14:15, Ricky Nance wrote:

 Hello Terry,
 You will need to define a logon script for each user in the Active
 Directory Users and Computers (ADUC) tool or you can do this through user
 GPO's (there is a logon script option under the user module).
 
 In ADUC, select a user (or highlight several users) then under the profiles
 tab add the filename (logon.bat for me, your's may be different) and ensure
 that the logon.bat exists in the netlogon share.
 
 For the GPO option you can open Group Policy MMC and select your users OU,
 then create new policy, name it something useful (map homes share, or run
 logon script for instance), edit it, and under User Configuration, click
 Windows Settings, scripts (logon/logoff), then double click the logon
 option, and add your file to the GPO under the show files button, then
 click Add, and select the file you just added (or created) there.
 
 Ricky
 
 
 On Fri, Mar 8, 2013 at 2:02 PM, Terry Austin te...@crownhardware.comwrote:
 
  Is there a detailed howto on setting up logon scripts on Samba 4? Or is it
  the same as for 3?
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/options/samba
 
 
 
 
 --
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] logon scripts and variable substitution on the windows side

2011-12-17 Thread nikos sarantopoulos

i am really wondering a logon script stated in the config file with for
example logon script = %L.bat

can't contain inside variable substitutions from samba for example

a script that it will have inside and it will be uploaded in the client to
contain

net use z: \\%L\%u to be translated to net use z: \\SERVER\username

how it can it be done that?

thank you

Sarantopoulos Nikos
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] logon scripts and variable substitution on the windows side

2011-12-17 Thread Helmut Hullen

Hallo, nikos,

Du meintest am 17.12.11:

 i am really wondering a logon script stated in the config file with
 for example logon script = %L.bat

 can't contain inside variable substitutions from samba for example

 a script that it will have inside and it will be uploaded in the
 client to contain

 net use z: \\%L\%u to be translated to net use z: \\SERVER\username

If I have understood the system(s):

%L is a linux variable on the server,
net use is (mostly) a command which is run from/on a client (windows  
or Linux) which knows nothing about the servers'/samba's variables.

For those purposes I run on the server (in the home share) a command

root preexec = /etc/samba/exec/parameter %u %a %g %m

which runs the linux/bash script parameter, and parameter writes a  
(windows) batch file into the user's home directory which contains lines  
like

@echo off
if a%Server% == a set Server=192.168.0.1
set opsys=WinXP
set group=lehrer
set machine=___192.168.0.42


Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Logon scripts not executed when NT4 trusted domain users log in a S3-controlled domain

2011-03-22 Thread Christian PERRIER

Quoting Christian PERRIER (bubu...@debian.org):

 - I get a notice that the domain paassword is expired. I can either
 change it or ignore the warning, but:

This was bug #7066. Fixed in 3.5.8.

 - the DomB user logon script is not executed


This seems to be bug #6356 though my client is a Windows XP machine
(not Win7). This is really a showstopper for me.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Logon scripts not executed when NT4 trusted domain users log in a S3-controlled domain

2011-03-21 Thread Christian PERRIER

I'm currently building a Samba3-based domain (DomA) that has a trust
relationship with an existing production NT4 domain (DomB).

DomA uses an LDAP backend. The LDAP server is local on the PDC and is
dedicated to such use. DomA runs Samba 3.5.6 on Debian 6.0.

DomB is an old-timer: NT4 domain that's running for ages.

The trust relationship has been established: DomA trusts DomB.

Clients (Windows XP workstations) can join DomA flawlessly.  Machine
accounts are properly created in the LDAP backend.

A DomB user can open a session on client workstations...however:
- I get a notice that the domain paassword is expired. I can either
change it or ignore the warning, but:
- the DomB user logon script is not executed
- the DomB user home directory is not connected (users in DomB have their
home set to \\someserver\login)

Of course, everything is working as expected when DomB users open a
session on a DomB client: no password expiration warning, logon script
executed.


I actually see no sign of abnormal behaviour in samba logs on the
PDC. Indeed, once the user is authenticated, nothing shows up in the
logs.

Would you people have suggestions about places where I could
investigate such problem?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Logon scripts in Windows 2000

2009-01-03 Thread Bruce Ferrell

I am certain this is a stupid question, but I have been reading books 
and searching Google for the answer and have come up blank.


Are domain logins required for login scripts to work or will they work 
in workgroup mode as well?


Thanks in advance

and I have my asbestos underwear in case the question is really stupid
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon scripts in Windows 2000

2009-01-03 Thread John H Terpstra

On Saturday 03 January 2009 21:18:09 Bruce Ferrell wrote:
 I am certain this is a stupid question, but I have been reading books
 and searching Google for the answer and have come up blank.

Please tell us which books you have been reading.  They should all be burnt! 
;-)

 Are domain logins required for login scripts to work or will they work
 in workgroup mode as well?

Domain logons are required for logon scripts to be available, but the windows 
client also must be joined to the domain. 

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon scripts in Windows 2000

2009-01-03 Thread Tim Bates


Bruce Ferrell wrote:
Are domain logins required for login scripts to work or will they work 
in workgroup mode as well?
Yes. Workgroup is what you could call a peer to peer mode. Nothing 
controls anything, and nothing really trusts anything.


TB
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon scripts in Windows 2000

2009-01-03 Thread Helmut Hullen

Hallo, Bruce,

Du (bferrell) meintest am 03.01.09:

 Are domain logins required for login scripts to work or will they
 work in workgroup mode as well?

You can put a local script into the user's autostart directory which  
calls the logon script of the server.

That's the way I connect Windows XP Home clients to the server.

- local logon script --

@echo off
set Server=192.168.0.1
rem or which IP address it may be

ping -n 1 -w 1 %Server% | find /I (0%
if errorlevel 1 goto tunix

\\%Server%\netlogon\logon
rem or where the logon script may live

:tunix
exit

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Logon scripts not working on all users

2007-06-08 Thread Boaz Bezborodko

I have set up a logon script to run when users login.  It works for me
when I log in, but my user ID is mapped to a root group as well as
administrative privileges.  But it is not executing for regular users.

What am I doing wrong?

Thanks in advance,
Boaz

logon script = stdlogon.bat
logon home =
logon path =
security = user
preferred master = yes
domain logons = yes
time server = yes
guest ok = no
domain master = yes
writable = no
path = /data/printspool

[netlogon]

; comment = Network Logon Service
path = /var/lib/samba/netlogon


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Logon scripts

2005-08-29 Thread Edson Capitani

Hi list! 

 

Need your advice! 

 

Im looking for a way to do this: 

 

I have one SAMBA+LDAP+DNS+DHCP (DC) server running fine in a debian box, my
problem now is that a need to have 2 different logon scripts, one is a
specific user  only, let's say user1 when this user login in winxp client
machine the server send to it a script loginA.cmd, and when all user of
group Domain Users logs in  the server users a loginB.cmd 

 

Later a can use this for admin specific scripts or for  Domain Admins
group,  but for now those 2 thing are more important.

 

Thankyou all in advance

 

Edson

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon scripts

2005-08-29 Thread Joachim Kieferle


Edson Capitani wrote:

Hi list! 




Need your advice! 




Im looking for a way to do this: 




I have one SAMBA+LDAP+DNS+DHCP (DC) server running fine in a debian box, my
problem now is that a need to have 2 different logon scripts, one is a
specific user  only, let's say user1 when this user login in winxp client
machine the server send to it a script loginA.cmd, and when all user of
group Domain Users logs in  the server users a loginB.cmd 




Later a can use this for admin specific scripts or for  Domain Admins
group,  but for now those 2 thing are more important.



Thankyou all in advance




Hi Edson,

if I get you right you are talking about a logon script on the 
CLIENT-side (Windows XP)?


We use KIXTART (http://www.kixtart.org) that gives you all necessary 
flexibility (we do e.g. also connect printers for users according to 
their group membership, machine they log on, etc.).



Best

Joachim
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Logon scripts

2005-08-29 Thread Paul Gienger

 I have one SAMBA+LDAP+DNS+DHCP (DC) server running fine in a debian box,
 my
 problem now is that a need to have 2 different logon scripts, one is a
 specific user  only, let's say user1 when this user login in winxp client
 machine the server send to it a script loginA.cmd, and when all user of
 group Domain Users logs in  the server users a loginB.cmd
 
 
 
 Later a can use this for admin specific scripts or for  Domain Admins
 group,  but for now those 2 thing are more important.

Here we generate the login script on the fly on the server using the root
preexec parameter whenever someone connects to the netlogon share.  A perl
script runs on the server that pulls data from LDAP and checks against all
their group memberships and writes an appropriate windows batch file for
them to run.

Not that this is right for everyone, but it's what we do.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon scripts

2005-08-29 Thread Geert Stappers

On Mon, Aug 29, 2005 at 12:10:40PM -0500, Paul Gienger wrote:
 
 Here we generate the login script on the fly on the server using the root
 preexec parameter whenever someone connects to the netlogon share.  A perl
 script runs on the server that pulls data from LDAP and checks against all
 their group memberships and writes an appropriate windows batch file for
 them to run.
 
 Not that this is right for everyone, but it's what we do.
 

Cool Concept!


Thanks for sharing the idea with us.


Cheers
Geert Stappers



signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] logon scripts no longer run with p-node netbios type 2

2005-08-15 Thread Chris

For several days (at least 4) after using DHCP to switch the NetBIOS 
node type from h-node (8) to p-node (2) the systems have worked fine 
(the lease time is only three hours so everyone was affected reasonably 
early).

This morning, however, the logon scripts would not run until I changed 
the node-type back to h-node.

I have found some information regarding timing issues with VPN's but 
this is plain old local logins (server has gigbit nics, going through a 
gigbit switch, clients have 100baseT).

There was one change but I can't really test that until tonight: Samba 
was rebuilt with the hide-special-files patch - 
https://bugzilla.samba.org/show_bug.cgi?id=2514 , which doesn't seem 
like it should cause a problem.

Any other ideas?

Thanks.

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] logon scripts no longer run with p-node netbios type 2

2005-08-15 Thread Chris

On Monday 15 August 2005 04:40 pm, Chris wrote:
 There was one change but I can't really test that until tonight:
 Samba was rebuilt with the hide-special-files patch -
 https://bugzilla.samba.org/show_bug.cgi?id=2514 , which doesn't seem
 like it should cause a problem.

Rebuilt the previous version of 14a without the above patch. No change 
(the problem isn't caused by hide-special-files patch).

I'm guessing that the netbios name cache gets depleted after a time when 
using p-node and that exists a timing issue where the WINS server 
cannot respond on a timely basis.

Can anyone verify?
What materials can I provide in order to get a fix?
Should this be filed with bugzilla?

Thank you.

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] logon scripts no longer run with p-node netbios type 2

2005-08-15 Thread Chris

The Samba log for the system:

using h-node starting at logon time:
[2005/08/15 23:31:03, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service netlogon initially as user 
smythe (uid=637, gid=100) (pid 12088)
[2005/08/15 23:31:03, 1] smbd/service.c:close_cnum(830)
  h2s04 (192.168.1.12) closed connection to service netlogon
[2005/08/15 23:31:03, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service smythe initially as user 
smythe (uid=637, gid=100) (pid 12088)
[2005/08/15 23:31:03, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service netlogon initially as user 
smythe (uid=637, gid=100) (pid 12088)
[2005/08/15 23:31:04, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service smythe initially as user 
smythe (uid=637, gid=100) (pid 12088)
[2005/08/15 23:31:06, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service cdImages initially as user 
smythe (uid=637, gid=446) (pid 12088)
[2005/08/15 23:31:06, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service kwlibrary initially as user 
smythe (uid=637, gid=100) (pid 12088)
[2005/08/15 23:31:06, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service projects initially as user 
smythe (uid=637, gid=446) (pid 12088)
[2005/08/15 23:31:06, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service ad2 initially as user smythe 
(uid=637, gid=444) (pid 12088)
[2005/08/15 23:31:06, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service print$ initially as user 
smythe (uid=637, gid=100) (pid 12089)
[2005/08/15 23:31:06, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service kwlibrary initially as user 
smythe (uid=637, gid=100) (pid 12088)
[2005/08/15 23:31:07, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service projects initially as user 
smythe (uid=637, gid=446) (pid 12088)
[2005/08/15 23:31:07, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service ad2 initially as user smythe 
(uid=637, gid=444) (pid 12088)
[2005/08/15 23:31:07, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service print$ initially as user 
smythe (uid=637, gid=100) (pid 12088)
[2005/08/15 23:31:08, 1] smbd/ipc.c:api_fd_reply(290)
  api_fd_reply: INVALID PIPE HANDLE: 709a

I don't know what the INVALID PIPE HANDLE is all about but notice the 
immediate connection to the netlogon service.

using p-node starting at logon time:
[2005/08/15 23:33:49, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service smythe initially as user 
smythe (uid=637, gid=100) (pid 12625)
[2005/08/15 23:33:50, 1] smbd/service.c:make_connection_snum(642)
  h2s04 (192.168.1.12) connect to service smythe initially as user 
smythe (uid=637, gid=100) (pid 12625)
[2005/08/15 23:33:50, 1] smbd/service.c:close_cnum(830)
  h2s04 (192.168.1.12) closed connection to service smythe
[2005/08/15 23:33:51, 1] smbd/service.c:make_connection_snum(642)

With p-node there is no connection to the netlogon service when logging 
in.

I have reverted any changes, yet the problem persists. WINS appears to 
be working fine, yet all of a sudden p-node will no longer connect to 
the netlogon service.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] logon scripts no longer run with p-node netbios type 2

2005-08-15 Thread Chris

Apparent user mind loss issue
p-node works fine as long as you don't disable NetBIOS over TCP/IP, 
seems I did both at the same time..will sleep now...for many hours
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Logon scripts on Win2k w/s

2005-04-14 Thread tom burkart

Hi,
The issue is as follows:
When a Win2k box becomes a domain member, the first time a user logs into 
the box on that domain, the Win2k box actually downloads the logon script 
and executes it.  It appears to then save it locally and on subsequent 
logons does not get it off the server again.

However, I do want it to fetch the login script off the server every time 
as there are occasions where the script does change and I don't really 
want to go around and fix each occurrence on each workstation...

tom.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] logon scripts with kixtart

2005-01-01 Thread Joachim Kieferle

Shawn Henderson wrote:
Any body using kixtart with your samba server..?
or anyone have any great scripting tools for logon scripts...

Dear Shawn,
we use KIXTART since years with 500 users +. Runs very reliable and up 
to now without any problems. We e.g. use it for
- Unmounting and mounting network drives
- Unmounting and mounting printers
- Changing the registry of client computer
- setting up Mozilla for the user logging on,
- and many other.

If you are interested in our scripts, please send a PM-Mail (pls. mark 
in the subject accordingly that I don't erase it by accident, since this 
account serves many lists).

Best
Joachim
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] logon scripts with kixtart

2004-12-31 Thread Shawn Henderson

Any body using kixtart with your samba server..?
or anyone have any great scripting tools for logon scripts...
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] logon scripts execute randomly

2004-11-29 Thread mathias schenker

I use samba 3.0.9 as a pdc with ldapsam. In the ldap entries, for every user
there is a logon script sambaLogonScript. I only use two different scripts
for 1000 users and 100 computers. The scripts lehrer.bat and schueler.bat
reside in the netlogon share and provide more shares with the net use
command.

From the user's perspective, this often works well. sometimes, however, the
script is not executed, without further notice, and the users see only their
own home directory. more proficient users still can connect to the server
and use the other shares, but the less technically minded fail.

If it didn't work at all, I could maybe live with it, but this drives me
crazy ;-) The domain has only one server, so it shouldn't be a conflict
between two servers.

has anybody seen this before? google and a search in bugzilla have not
yielded much so far.

thanks for any input!

mathias schenker
informatiker
gymnasium liestal


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] logon scripts execute randomly

2004-11-29 Thread Lee Baker

I have a similar problem since upgrade to Samba 3.0.x - must admit I've
not tried debugging the problem yet.  Have around 1500 users across ~50
XP (SP2) workstations - problem tends to occur ~2 in every 30 users.
Logon script does seem to execute though - it's just the drives that
don't map.


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of mathias schenker
Sent: 29 November 2004 14:33
To: [EMAIL PROTECTED]
Subject: [Samba] logon scripts execute randomly

I use samba 3.0.9 as a pdc with ldapsam. In the ldap entries, for every
user
there is a logon script sambaLogonScript. I only use two different
scripts
for 1000 users and 100 computers. The scripts lehrer.bat and
schueler.bat
reside in the netlogon share and provide more shares with the net use
command.

From the user's perspective, this often works well. sometimes, however,
the
script is not executed, without further notice, and the users see only
their
own home directory. more proficient users still can connect to the
server
and use the other shares, but the less technically minded fail.

If it didn't work at all, I could maybe live with it, but this drives me
crazy ;-) The domain has only one server, so it shouldn't be a conflict
between two servers.

has anybody seen this before? google and a search in bugzilla have not
yielded much so far.

thanks for any input!

mathias schenker
informatiker
gymnasium liestal


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] logon scripts by group

2004-10-06 Thread Misty Stanley-Jones

Hi,

I am having a hard time figuring out how to have logon scripts that only 
execute if the user is a member of a certain group.  I had the smart idea of 
putting the supplemental logon script in a share only available to the group, 
and then calling it from the normal logon script using CALL 
path_to_script.  However it looks like it always executes that CALL even if 
the user is not part of a group, and I don't want to confuse my users by the 
text that goes into the DOS window that pops up to run the logon scripts.  
Also, somehow I feel like there must be a better way to do this, some way to 
query Samba for group membership as the user logs in.

Also, is there a such thing as a logoff script?  Or do I need to put those 
things in postexec scripts?  (things like net use /d *)

Thanks for your assistance to this non-Windows user!

Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] logon scripts by group

2004-10-06 Thread Paul Gienger


I am having a hard time figuring out how to have logon scripts that only 
execute if the user is a member of a certain group.  
 

We got around a problem like that here initially by using the ifmember 
tool, however that only returned the primary group, at the time that was 
under 2.2.x. 

To get around THAT problem I started writing pre-exec scripts attached 
to the netlogon share.  What I do is define this as netlogon:

[netlogon]
   path = /opt/samba/share/netlogon
   browseable = No
   root preexec = /local/scripts/prelogon.pl '%U'
Which then generates a script for the user with their name that has the 
commands that they need to run according to this global line:
logon script = %U.bat

In the script I do something like this:
$groups = `/usr/bin/groups $user`;
open (LOGON,/opt/samba/share/netlogon/$user.bat);
if ( $groups =~ m/itadmin/ )
{
   print LOGON NET USE Q: fgoserv\\itadmin\r\n;
}
That's perl in case you aren't fluent, but I imagine you could use any 
scripting language and probably do fun stuff like direct ldap queries if 
that's where you store your posix data, but this works well for us.

things in postexec scripts?  (things like net use /d *)
 

I believe if you use the /persistant:no flag on your mounts then they 
won't come back when you log back in, but I could be wrong.  That won't 
solve the problem of the users adding mapped drives that you don't 
want.  For that reason I delete the drives first elsewhere in the 
script.  The pre/post exec lines execute on the server, not the client, 
so they need to be unix scripts/commands, not windows batch executables.

--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. 
Information Systems Consultant   Fax:701-281-1322
URL: www.ae-solutions.commailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] logon scripts by group

2004-10-06 Thread Lee Baker

Step 1: 
Create a NETLOGON share with a group variable in the path
e.g. /domain_data/netlogon_shares/%g

Step 2:
In the [globals] section of your conf file enter the name of your script
for 'logon script' (e.g. login.bat)

Step 3:
On your samba PDC create folders for each group name in
/domain_data/netlogon/ (or whatever location you have chosen)
make sure that users will have read only access.

Step 4:
Put your login.bat scripts in each folder (you may want to use symbolic
links if many groups use the same script - it will make it easier to
edit in future).

Hope this helps,

Lee Baker

-Original Message-
Sent: 06 October 2004 16:33
To: [EMAIL PROTECTED]
Subject: [Samba] logon scripts by group

Hi,

I am having a hard time figuring out how to have logon scripts that only

execute if the user is a member of a certain group.  I had the smart
idea of 
putting the supplemental logon script in a share only available to the
group, 
and then calling it from the normal logon script using CALL 
path_to_script.  However it looks like it always executes that CALL
even if 
the user is not part of a group, and I don't want to confuse my users by
the 
text that goes into the DOS window that pops up to run the logon
scripts.  
Also, somehow I feel like there must be a better way to do this, some
way to 
query Samba for group membership as the user logs in.

Also, is there a such thing as a logoff script?  Or do I need to put
those 
things in postexec scripts?  (things like net use /d *)

Thanks for your assistance to this non-Windows user!

Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] logon scripts by group

2004-10-06 Thread rruegner

Misty Stanley-Jones schrieb:
Hi,
I am having a hard time figuring out how to have logon scripts that only 
execute if the user is a member of a certain group.  I had the smart idea of 
putting the supplemental logon script in a share only available to the group, 
and then calling it from the normal logon script using CALL 
path_to_script.  However it looks like it always executes that CALL even if 
the user is not part of a group, and I don't want to confuse my users by the 
text that goes into the DOS window that pops up to run the logon scripts.  
Also, somehow I feel like there must be a better way to do this, some way to 
query Samba for group membership as the user logs in.

Also, is there a such thing as a logoff script?  Or do I need to put those 
things in postexec scripts?  (things like net use /d *)

Thanks for your assistance to this non-Windows user!
Misty
hi,
the simpelst way is to use to create one default script for every user
default.bat and write a ifmember statement ( ifmember.exe is in the win 
resource kit) which leads then to a group.bat.
there is also a tool called hidecmd to make the popup at logon unvisible
and cpau ( with crypt ) to give admin rights if you desire to implement
higher access statements.
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Logon Scripts Fail to Execute at Logon

2004-09-10 Thread Dustin A. Dortch

I am running Samba 3.0.6 with and LDAP backend.  Here is the output of
pdbedit for my user:
 
pdb_set_logon_script: setting logon script scripts\logon.cmd, was
element 4 - now SET
 
While logging in with this account (or any other account), this script
never executes.  I am able to run it manually, but that doesnt help.
 
Dustin A. Dortch
Network Administrator
Gilchrist  Soames
Office Email: HYPERLINK
mailto:[EMAIL PROTECTED][EMAIL PROTECTED]
Mobile Email: HYPERLINK
mailto:[EMAIL PROTECTED][EMAIL PROTECTED]
s.com
Office Phone: 1.317.786.8286 x423
Mobile Phone: 1.317.809.5794
Fax: 1.317.786.2788
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.757 / Virus Database: 507 - Release Date: 9/9/2004
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Logon scripts and Windows NT

2004-06-29 Thread Michael Crider

We have Samba 2.2.5 recompiled with LDAP support running on RedHat 8 as
PDC.  A mixed network of Windows 98 and NT 4 clients log in using it.
We have a logon script set to run for all users.  It runs fine on 98
clients, but never appears to run on NT.  I can access the netlogon
share through Network Neighborhood on any NT box and run the script
manually and it works.
Below is an abbreviated copy of my smb.conf (I have removed comments and 
unrelated shares) and our logon script.  Any recommendations on how to 
get this running automatically on NT clients would be greatly appreciated.

smb.conf:
[global]
guest ok = yes  
log level = 0
max mux = 50
kernel oplocks = true
   workgroup = HOE-MAIN
   netbios name = RHSERVER1
   server string = RH_SERVER_1  
   deny hosts = 192.168.10.11 192.168.10.12
   allow hosts = 192.168.10.  127.0.0.
printcap name = /etc/printcap
load printers = yes
   printing = lprng
log file = /var/log/samba/%m.log
   max log size = 2
  encrypt passwords = yes
  unix password sync = Yes
  passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
  passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
socket options =  TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   remote announce = 192.168.10.255
   os level = 65
   domain master = True
   preferred master = False
   domain logons = yes
logon script = default.bat
   wins support = yes
   dns proxy = no
preserve case = yes
short preserve case = YES
  default case = lower  
  case sensitive = no
mangle case = yes
  ldap suffix = dc=HOECOOP,dc=ORG
  ldap admin dn = cn=manager,dc=HOECOOP,dc=ORG
  ldap port = 389
  ldap server = 127.0.0.1
  ldap ssl = No
  add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
  domain admin group =  @Domain Admins 
  time server = Yes
[netlogon]
   comment = Network Logon Service
   path = /opt/samba/netlogon
logon script:
@ECHO off
net use u: /delete
net use w: /delete
net use y: /delete
if not %os%!==! goto nt
:95
net use h: /delete
net use h: \\tuxprint1\pchome
net use y: \\rhserver1\dept
net use w: \\rhserver1\engineer
net use u: \\tuxprint1\programs
goto cont
:NT
net use h: /delete
net use h: \\tuxprint1\pchome
net use y: \\rhserver1\dept /persistent:no
net use w: \\rhserver1\engineer /persistent:no
net use u: \\tuxprint1\programs /persistent:no
goto cont
:cont
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] logon scripts doen't run

2004-05-03 Thread LanRol

Hi all,

I have problem with my logon scripts.

drwxrwxrwx5 root root 4096 May  2 20:26 .
drwxr-xr-x   25 root root 4096 May  3 09:36 ..
drwxrwxrwx2 root root 4096 May  2 20:11 netlogon
drwxr-xrwt4 root root 4096 May  2 22:14 profiles
drwxrwxrwx6 root root 4096 May  2 20:11 shares

I store them in netlogon folder.

In smb.conf
[global]
logon script= %G.cmd

[netlogon]
comment = logon scriptek
path= samba/netlogon
guest ok= yes
writable= no
share modes = no
browseable  = no

I have IT, HR, etc group, and of course I have IT.cmd, HR.cmd, etc. They are
all r--r--r-- root root.

Idea?

regards,
Roland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Logon scripts

2004-04-02 Thread Kent L. Nasveschuk

Hello Urs,

I've been experimenting with RunAsP.exe to do exactly what you are
suggesting.

By using kixtart script processor you can fork part of your clients that
login (2000/XP) to runasp.exe. This can switch user context to an
administrator, run a program, then return to the user's context. The
only drawback is that they charge $ per client machine. The passwords
are kept in an encrypted form in a file that can be launched from the
netlogon directory.

I've evaluated it enough that to determine that I can't do without it.
I've tested it for automating Norton AV virus definition updates from
login scripts as well as running older programs that write to priveleged
directories, but there are many thing it can be used for. Nobody has
written a free version to my knowledge, would be a great project.


Good luck


-- 
Kent L. Nasveschuk [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Logon Scripts

2003-09-18 Thread David Bronson

Hi All,

I have a samba pdc that uses login scripts to apply several registry
changes. I tried the config.pol and ntconfig.pol and didn't ever seem to
find that they were reliably applied.

Here is my question. I am able to apply serveral changes for
HKEY_CURRENT_USER. HKEY_LOCAL_MACHINE keys seem to be discarded. Is
there a different way to apply these? If I run the script from the dos
prompt after being logged in, the changes are accepted so it appears the
script is not the problem.

Thanks in advance,

David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Logon Scripts

2003-09-18 Thread Max Harvey

 To: [EMAIL PROTECTED]
 Subject: [Samba] Logon Scripts

 Hi All,

 I have a samba pdc that uses login scripts to apply several 
 registry changes. I tried the config.pol and ntconfig.pol and 
 didn't ever seem to find that they were reliably applied.

 Here is my question. I am able to apply serveral changes for 
 HKEY_CURRENT_USER. HKEY_LOCAL_MACHINE keys seem to be 
 discarded. Is there a different way to apply these? If I run 
 the script from the dos prompt after being logged in, the 
 changes are accepted so it appears the script is not the problem.

From my very limited experience, people please correct me for both our
sakes if I am off mark... 

It sounds like a permissions problem... 

Make sure when you logon to check your script works, you do so with a
normal user account, rather than with one of your administration
accounts. Normal users normally have some reg. entries they are not
allowed to change, this the use of the .pol files, which windows trusts
if they are in the NetLogon directory.

Apart form that, can't offer much else advise.

Max.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] logon scripts, shares, and permissions

2003-02-18 Thread Demian Lessa

Hi,

RedHat 8 and Samba 2.2.7

I'm a little confused on setting user/group/other permissions on my RedHat
box to allow logon scripts to execute, and files to be created/deleted and
even listed/read from their shares. In Windows, it was easy to make all
shares fully accessible and set permissions using NTFS. What is the best way
to set permissions to file system and shares using Linux/Samba?

For now, I ran 'chmod 777 -Rf *' on my netlogon folder to solve a problem of
certain users not executing their logon scripts, and this solved it. But I
think this is overkill... what should be the proper permissions?

Thanks,

Demian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon Scripts for Mandrake 9.0

2003-01-18 Thread Buchan Milne

 From: David Sexton [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Date: Fri, 17 Jan 2003 12:16:00 -0500
 Subject: [Samba] Logon Scripts for Mandrake 9.0

 I was wondering if some one could help me make some basic
 login scripts and tell me where to place them.  I know
 nothing about them.  I am trying to get my windows based
 mechines to login to my Mandrake 9.0 server

This isn't really a samba question, as you can write the login scripts as
batch files on a windows machine, and copy them to your samba server. I am
sure a google search would turn up a few examples. But most uses for login
scripts include mapping shares (net use, see 'net help use' on a windows
mahcine) or importing registry settings (regedit /s regfile.reg) or
copying files etc.

If you need to customise logins scripts per-user, per-machine, per-OS, you
may want to try ntlogon, which is in the Mandrake contribs (set yourself
up at http://plf.zarb.org/~nanardon if you haven't yet, and you should be
able to 'urpmi ntlogon'). Edit the file /etc/ntlogon.conf, it's pretty
self-explanatory. Also, uncomment the lines for ntlogon in the netlogon
share of the default smb.conf in Mandrake. If you have mangled yours, take
a look at:
http://ranger.dnsalias.com/mandrake/samba/smb-domain-controller.conf

 I have windows
 ME and XP i got ME to login but XP won't. Can some one
 help

That may be a different issue. Firstly, I don't think you can join XP Home
to a domain (any domain, NT/2k/samba). Secondly, XP Pro, like NT and 2k
requires machine accounts (check that your 'add user script' is setup),
and that you join the domain with the root account (unless you are using
an LDAP backend on 2.2.x). So, you would need to do 'smbpasswd -a' as
root, and when joining the machine use 'root' as the username, and the
password you entered for 'smbpasswd -a'. Finally, XP won't connect to a
server that doesn't support signing/sealing unless you apply the registry
patch, available in the samba-doc package:

[bgmilne@bgmilne bgmilne]$ rpm -ql samba-doc |grep -i signorseal
/usr/share/doc/samba-doc-2.2.6/docs/Registry/WinXP_SignOrSeal.reg

Finally, make sure you have run updates (I have't on this machine as you
can see above ...)

Buchan

-- 
|Registered Linux User #182071-|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Logon Scripts for Mandrake 9.0

2003-01-17 Thread David Sexton

TEXTAREA NAME=Signature ROWS=4 COLS=60

I was wondering if some one could help me make some basic 
login scripts and tell me where to place them.  I know 
nothing about them.  I am trying to get my windows based 
mechines to login to my Mandrake 9.0 server I have windows 
ME and XP i got ME to login but XP won't. Can some one 
help 

Thanks 

David
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

46 matches

Mail list logo