Re: [Samba] netlogon homes with Samba4 DC
hmm, Ive changed it to [home] but that doesnt change anything :( Ive created the homedir manually, does not help. Here are my logs: http://pastebin.com/J7ij9P4Z client log: http://pastebin.com/vHV9CZiu [2013/06/07 21:14:00.778318, 3] ../source3/smbd/password.c:138(register_homes_share) No home directory defined for user 'MYDOM\PC$' Why a homedirectory for a Computer ? [2013/06/07 21:14:00.779581, 3] ../source3/smbd/service.c:612(make_connection_snum) Connect path is '/tmp' for service [IPC$] Why defining /tmp as share ? [2013/06/07 21:14:02.996959, 3] ../source3/smbd/password.c:138(register_homes_share) No home directory defined for user 'MYDOM\hpeter' Why not ? Should Samba create that for me ? this is at log level 3 Ive seen nothing that reports why homedirs for user does not work and there is nothing in it about the netlogon scripts :( Attached a picture on how the profiles are configured in AD ls -al /usr/local/samba/var/locks/sysvol/mydom.de/scripts total 20 drwxrwx---+ 2 root 300 4096 Jun 1 20:57 . drwxrwx---+ 4 root 300 4096 Jun 1 15:27 .. -rwxrwxrwx+ 1 root root 29 Jun 1 20:57 hpeter.bat Regards 2013/6/4 Daniel Müller muel...@tropenklinik.de Of course: # Global parameters [global] workgroup = TPLECHLER realm = tplechler.kkh netbios name = LINUX2 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes log level= 5 allow dns updates = signed [netlogon] path = /usr/local/samba/var/locks/sysvol/tplechler.kkh/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [home] path = /home/windows/users --- Look at it, it is home--and working!!! read only = No EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: spamv...@googlemail.com [mailto:spamv...@googlemail.com] Gesendet: Montag, 3. Juni 2013 20:54 An: muel...@tropenklinik.de Betreff: Re: [Samba] netlogon homes with Samba4 DC Hi Daniel, are you sure ? the included manpages say: There are three special sections, [global], [homes] and [printers], which are described under.. Ill try to change that and see 2013/6/3 Daniel Müller muel...@tropenklinik.de It is not homes anymore within samba4 it calls home. You need to set the rights for your netlogon from your adm windows client or within ads tool in your user profile --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Gurdon Gesendet: Sonntag, 2. Juni 2013 01:02 An: spamv...@gmail.com Cc: samba@lists.samba.org Betreff: Re: [Samba] netlogon homes with Samba4 DC Hi, 1) Windows 7 logs should say something about your netlogon script. 2) I think you have to create the home directories via RSAT or make a pam script and login with the newly created user. I would suggest the second option, since as I discovered when you make your home directories with RSAT you will have getfacl and winbind problems. Well, if you try to use getfacl on a RSAT made directory samba's winbind part dies. 2013-06-01 22:38 keltezéssel, spamv...@googlemail.com írta: hi all, ive setup Samba4 as DC on Ubuntu Server LTS and have two problems right now: 1) netlogon smb.conf [netlogon] path = /usr/local/samba/var/locks/sysvol/asta-wh.de/scripts read only = No I can access the folder and execute the script as user, but it gets not executed automaticly Ive added to [netlogon] preexec = echo %u is in %G /tmp/netlogon to see if netlogon is executed, and its not. Client PC is a new installed Windows 7 Pro. And Ive added \\SMB4SRV\netlogon\userf00.bat via M$ AD Tools to the User. Roaming Prifiles are also enabled and working. 2) homes smb.conf [homes] comment = Home Directories path = /home/HOME/%S valid users = %S read only = No browseable = Yes Home directorys are not created. Im happy with every hint to the right direction Hans -- Kind regards: Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL
Re: [Samba] netlogon homes with Samba4 DC
On Mon, 2013-06-03 at 08:33 +0200, Daniel Müller wrote: It is not homes anymore within samba4 it calls home. Huh? We haven't (intentionally) changed anything of the sort. What may have changed is practices around ADUC creating home directories, which won't work if you use the magic [homes] (because you can't make the home directory for the share to link to). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon homes with Samba4 DC
It is not homes anymore within samba4 it calls home. You need to set the rights for your netlogon from your adm windows client or within ads tool in your user profile --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Gurdon Gesendet: Sonntag, 2. Juni 2013 01:02 An: spamv...@gmail.com Cc: samba@lists.samba.org Betreff: Re: [Samba] netlogon homes with Samba4 DC Hi, 1) Windows 7 logs should say something about your netlogon script. 2) I think you have to create the home directories via RSAT or make a pam script and login with the newly created user. I would suggest the second option, since as I discovered when you make your home directories with RSAT you will have getfacl and winbind problems. Well, if you try to use getfacl on a RSAT made directory samba's winbind part dies. 2013-06-01 22:38 keltezéssel, spamv...@googlemail.com írta: hi all, ive setup Samba4 as DC on Ubuntu Server LTS and have two problems right now: 1) netlogon smb.conf [netlogon] path = /usr/local/samba/var/locks/sysvol/asta-wh.de/scripts read only = No I can access the folder and execute the script as user, but it gets not executed automaticly Ive added to [netlogon] preexec = echo %u is in %G /tmp/netlogon to see if netlogon is executed, and its not. Client PC is a new installed Windows 7 Pro. And Ive added \\SMB4SRV\netlogon\userf00.bat via M$ AD Tools to the User. Roaming Prifiles are also enabled and working. 2) homes smb.conf [homes] comment = Home Directories path = /home/HOME/%S valid users = %S read only = No browseable = Yes Home directorys are not created. Im happy with every hint to the right direction Hans -- Kind regards: Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon homes with Samba4 DC
Am 03.06.2013 20:52, schrieb spamv...@googlemail.com: Am 01.06.2013 22:38, schrieb spamv...@googlemail.com: 1) netlogon smb.conf [netlogon] path = /usr/local/samba/var/locks/**sysvol/asta-wh.de/scripts read only = No I can access the folder and execute the script as user, but it gets not executed automaticly Did you add the name of the login script to the user account in ADUC (on the 'profiles' tab)? Or should the logon script be executed on a different way? yes ive added the script in the profiles tab where the roaming profile(which is working) is also added . - Do you have just the name of the script (e. g. logonscript.bat) or a full path in ADUC? - Any entries in the windows event log? - Anything interesting if you run at a higher debug level. Increase it to 3 and search the logs for the name of your login script after login. Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon homes with Samba4 DC
Hello Hans, Am 01.06.2013 22:38, schrieb spamv...@googlemail.com: 1) netlogon smb.conf [netlogon] path = /usr/local/samba/var/locks/sysvol/asta-wh.de/scripts read only = No I can access the folder and execute the script as user, but it gets not executed automaticly Did you add the name of the login script to the user account in ADUC (on the 'profiles' tab)? Or should the logon script be executed on a different way? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] netlogon homes with Samba4 DC
hi all, ive setup Samba4 as DC on Ubuntu Server LTS and have two problems right now: 1) netlogon smb.conf [netlogon] path = /usr/local/samba/var/locks/sysvol/asta-wh.de/scripts read only = No I can access the folder and execute the script as user, but it gets not executed automaticly Ive added to [netlogon] preexec = echo %u is in %G /tmp/netlogon to see if netlogon is executed, and its not. Client PC is a new installed Windows 7 Pro. And Ive added \\SMB4SRV\netlogon\userf00.bat via M$ AD Tools to the User. Roaming Prifiles are also enabled and working. 2) homes smb.conf [homes] comment = Home Directories path = /home/HOME/%S valid users = %S read only = No browseable = Yes Home directorys are not created. Im happy with every hint to the right direction Hans -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon homes with Samba4 DC
Hi, 1) Windows 7 logs should say something about your netlogon script. 2) I think you have to create the home directories via RSAT or make a pam script and login with the newly created user. I would suggest the second option, since as I discovered when you make your home directories with RSAT you will have getfacl and winbind problems. Well, if you try to use getfacl on a RSAT made directory samba's winbind part dies. 2013-06-01 22:38 keltezéssel, spamv...@googlemail.com írta: hi all, ive setup Samba4 as DC on Ubuntu Server LTS and have two problems right now: 1) netlogon smb.conf [netlogon] path = /usr/local/samba/var/locks/sysvol/asta-wh.de/scripts read only = No I can access the folder and execute the script as user, but it gets not executed automaticly Ive added to [netlogon] preexec = echo %u is in %G /tmp/netlogon to see if netlogon is executed, and its not. Client PC is a new installed Windows 7 Pro. And Ive added \\SMB4SRV\netlogon\userf00.bat via M$ AD Tools to the User. Roaming Prifiles are also enabled and working. 2) homes smb.conf [homes] comment = Home Directories path = /home/HOME/%S valid users = %S read only = No browseable = Yes Home directorys are not created. Im happy with every hint to the right direction Hans -- Kind regards: Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [netlogon] section being ignored
Samba 3.4, Ubuntu 9.10. Been fiddling with this for days and didn't find anything related with a search. With the simple config file attached, none of the VBS logon scripts are executed when users log on to the domain. Am I missing something obvious? -- Mark Leisher [global] workgroup = ZZ server string = Zz passdb backend = tdbsam socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 map to guest = Bad User username map = /etc/samba/smbusers add machine script = /usr/sbin/useradd -c Machine -d /var/empty -s /sbin/nologin %m$ logon script = %U.vbs local master = Yes domain logons = Yes os level = 65 preferred master = Yes domain master = Yes security = user utmp = yes [homes] comment = Home Directories valid users = %S read only = No inherit acls = Yes browseable = Yes writable = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon public = no browsable = no writeable = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [netlogon] section being ignored
Does it work if you specify a *.bat or *.cmd file?I haven't seen *.vbs files used as a logon script before. Once you logon to the PC, are you able to view the netlogon share and logon scripts? Are you trying to have a different logon script for each user? Variables in the script should still allow you to map each user's home directory appropriately. Alternately you could specify the logon script parameter for each user's account. On 02/09/10 12:58, Mark Leisher ♺ wrote: Samba 3.4, Ubuntu 9.10. Been fiddling with this for days and didn't find anything related with a search. With the simple config file attached, none of the VBS logon scripts are executed when users log on to the domain. Am I missing something obvious? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [netlogon] section being ignored
Gaiseric Vandal wrote: Does it work if you specify a *.bat or *.cmd file?I haven't seen *.vbs files used as a logon script before. Once you logon to the PC, are you able to view the netlogon share and logon scripts? We've been using .vbs files for several years, and until 3.4, they worked fine. All users can log on to the netlogon share and read files. Bat and cmd files are ignored as well. No error messages in the log files. -- Mark Leisher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] netlogon sccript
Hello I would use a login script in a XP pro client SP3 and my samba server is samba-3.0.33-3.7.el5_3.1 (Cent OS 5.3) samba is configured as PDC and I use a ldap database for auth. All work fine, client is a part of domain and use remote profile stored in the server samba but the logon script didn't run. This is part of my smb.conf file workgroup = AMMINISTRAZIONE netbios name =SERVER02 local master = yes os level = 99 domain master = yes preferred master = yes domain logons = yes logon script =orario.cmd wins support = yes [] [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon writable = yes my file orario.cmd on /var/lib/samba/netlogon net use w: \\server02\prova2 the permis of directory drwxr-xr-x 2 prova2 Domain Users 4096 17 set 11:37 netlogon and of the file -rwxrwxrwx 1 prova2 Domain Users 29 17 set 09:26 orario.cmd if I do a login process dont work, but if I try \\server02\netlogon\orario.cmd after login process it job why dont' job at logon process? I'm dispair what is wrong? Tanks for all help Luigi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon sccript
On Thu, Sep 17, 2009 at 12:48 PM, luigi.auge...@tin.it luigi.auge...@tin.it wrote: Hello I would use a login script in a XP pro client SP3 and my samba server is samba-3.0.33-3.7.el5_3.1 (Cent OS 5.3) samba is configured as PDC and I use a ldap database for auth. All work fine, client is a part of domain and use remote profile stored in the server samba but the logon script didn't run. This is part of my smb.conf file workgroup = AMMINISTRAZIONE netbios name =SERVER02 local master = yes os level = 99 domain master = yes preferred master = yes domain logons = yes logon script =orario.cmd wins support = yes [] [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon writable = yes my file orario.cmd on /var/lib/samba/netlogon net use w: \\server02\prova2 the permis of directory drwxr-xr-x 2 prova2 Domain Users 4096 17 set 11:37 netlogon and of the file -rwxrwxrwx 1 prova2 Domain Users 29 17 set 09:26 orario.cmd if I do a login process dont work, but if I try \\server02\netlogon\orario.cmd after login process it job why dont' job at logon process? I'm dispair what is wrong? Tanks for all help Luigi Try searching in logs. You may need to raise loging verbosity. LIutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Netlogon Service Privileged Account
Hey all, Let me first start by saying everything is working as expected so far! This is about my login script being shared from the netlogon directory. My XP client sees and executes the 99% of the script. The last little bit is permissions-related. In my logon.vbs script I am attempting to set the registry key to disable offline folder syncs. A Domain User cannot uncheck this box, nor can they modify this registry key. This can only been done by a privileged user. On a Win2k3 server the netlogon service account has the ability to execute these types of changes on behalf of the user. The problem is that the script executes using 'test user' account entered at logon time. This was verified by putting in a 60 second wait time somewhere in the script; then you can to to the task manager and see the username running the logon script. This does not emulate the windows process. My question: How would I go about assigning a privileged user, like the netlogon service account, to my logon.vbs script so that it is able to make those registry key modifications for any domain user logging into Samba 3.0.3 ? Thanks in advance, Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Netlogon Service Privileged Account
Am Sunday 26 April 2009 20:35:12 schrieb Todd E Thomas: Hey all, Let me first start by saying everything is working as expected so far! This is about my login script being shared from the netlogon directory. My XP client sees and executes the 99% of the script. The last little bit is permissions-related. . The problem is that the script executes using 'test user' account entered at logon time. This was verified by putting in a 60 second wait time somewhere in the script; then you can to to the task manager and see the username running the logon script. This does not emulate the windows process. My question: How would I go about assigning a privileged user, like the netlogon service account, to my logon.vbs script so that it is able to make those registry key modifications for any domain user logging into Samba 3.0.3 ? A commonly used (but questionable, security-wise) approach would be using cpau to elevate privileges of the script. It just makes it run as the selected (admin) user with encrypted password, so that's not visible to users who try to later connect to the netlogon share out of interest. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] netlogon script not running...(upgrade from 3.0.25b to 3.2.4)
Hi all, I have been using samba for a very long time and have just upgraded my 3.0.25b servers to 3.2.4. I have a bunch of BDC's located in different areas of the country and a PDC running at HQ. I'm using LDAP as the user directory and I replicate the tree to every site. Samba looks up users using the replicas. I also use netlogon scripts to mount drives and set the time when the clients log on. But, The last machine upgraded (Novell SLES10 x86_64) refuses to serve the netlogon script anymore. I have another exactly the same machine and smb.conf that does work, but this one does not. I can see it the log.smbd that when the client logs on, the netlogon share is mapped and disconnected, but I can't understand why it refuses to run the netlogon script. I have compared file permissions and configuration files, but I can't find any difference. Can someone give me a hint on how to go on debugging this problem and perhaps find the reason ? Best regards, Johan Landerholm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon script not running...(upgrade from 3.0.25b to 3.2.4)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Read the changelog. I think there was a change around 3.0.28 that may be causing this problem. There are some tricks to variable expansion or something like that. Forgive me if I'm wrong, I just seem to remember it myself. =R Johan Landerholm wrote: Hi all, I have been using samba for a very long time and have just upgraded my 3.0.25b servers to 3.2.4. I have a bunch of BDC's located in different areas of the country and a PDC running at HQ. I'm using LDAP as the user directory and I replicate the tree to every site. Samba looks up users using the replicas. I also use netlogon scripts to mount drives and set the time when the clients log on. But, The last machine upgraded (Novell SLES10 x86_64) refuses to serve the netlogon script anymore. I have another exactly the same machine and smb.conf that does work, but this one does not. I can see it the log.smbd that when the client logs on, the netlogon share is mapped and disconnected, but I can't understand why it refuses to run the netlogon script. I have compared file permissions and configuration files, but I can't find any difference. Can someone give me a hint on how to go on debugging this problem and perhaps find the reason ? Best regards, Johan Landerholm - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI839Mmb+gadEcsb4RAgn4AJ9gU9wfPF237u73tz7pL5CVBojMSACeKEXm Wtl3UJSPe6Ccf4dvst3tJzg= =FaUl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon script not running...(upgrade from 3.0.25b to 3.2.4)
i have the same problem and filled out a bug report https://bugzilla.samba.org/show_bug.cgi?id=5627 and it never went anywhere. my only work around was to create a shortcut in the user's startup folder to their netlogon script. Johan Landerholm wrote: Hi all, I have been using samba for a very long time and have just upgraded my 3.0.25b servers to 3.2.4. I have a bunch of BDC's located in different areas of the country and a PDC running at HQ. I'm using LDAP as the user directory and I replicate the tree to every site. Samba looks up users using the replicas. I also use netlogon scripts to mount drives and set the time when the clients log on. But, The last machine upgraded (Novell SLES10 x86_64) refuses to serve the netlogon script anymore. I have another exactly the same machine and smb.conf that does work, but this one does not. I can see it the log.smbd that when the client logs on, the netlogon share is mapped and disconnected, but I can't understand why it refuses to run the netlogon script. I have compared file permissions and configuration files, but I can't find any difference. Can someone give me a hint on how to go on debugging this problem and perhaps find the reason ? Best regards, Johan Landerholm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon script from a trusted domain controller is not executed
I'm running a samba 3.0.28a server as a primary domain controller which is trusting another domain. The foreign or trusted domain is hosted on a Windows NT4-SP6 system. On a domain member computer (Windows XP-SP2) the netlogon script of a user (who is registered with the NT4 domain) is not executed, if the the workstation is joined to the samba domain. If I join the workstation back to the NT4 domain, the netlogon script executes automatically as intended. I have tested several variants and at this point I would like to know if samba supports redirection of netlogon scipts at all. -- Peter Slickers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon folder permissions
forgive me if this is a dumb question. i created the netlogon folder in /home/samba/ but i'm not sure what permissions to assign to it or who to make owner and group. could anyone tell me?? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon folder permissions
On Wed, May 14, 2008 at 3:41 PM, Leandro Tracchia [EMAIL PROTECTED] wrote: thats what i have, but is that what it should have? We have been using that in our department for over 5 years and we have not had a problem with that. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon folder permissions
thats what i have, but is that what it should have? On Wed, May 14, 2008 at 3:32 PM, John Drescher [EMAIL PROTECTED] wrote: On Wed, May 14, 2008 at 3:24 PM, Leandro Tracchia [EMAIL PROTECTED] wrote: forgive me if this is a dumb question. i created the netlogon folder in /home/samba/ but i'm not sure what permissions to assign to it or who to make owner and group. could anyone tell me?? -- I got 755 with root:root John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon folder permissions
ok, you've convinced me, but it would be nice to see this documented somewhere... On Wed, May 14, 2008 at 3:46 PM, John Drescher [EMAIL PROTECTED] wrote: On Wed, May 14, 2008 at 3:41 PM, Leandro Tracchia [EMAIL PROTECTED] wrote: thats what i have, but is that what it should have? We have been using that in our department for over 5 years and we have not had a problem with that. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon folder permissions
On Wed, May 14, 2008 at 3:52 PM, Leandro Tracchia [EMAIL PROTECTED] wrote: ok, you've convinced me, but it would be nice to see this documented somewhere... I think this is more of a user preference than a one size fits all. I mean some admins may want some users to edit the login files from windows. For me there are only 2 files in that folder that I change and so I open up a ssh session to the storage server (from a windows or linux box) and edit them directly with nano. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon folder permissions
thanks for your help! On Wed, May 14, 2008 at 3:57 PM, John Drescher [EMAIL PROTECTED] wrote: On Wed, May 14, 2008 at 3:52 PM, Leandro Tracchia [EMAIL PROTECTED] wrote: ok, you've convinced me, but it would be nice to see this documented somewhere... I think this is more of a user preference than a one size fits all. I mean some admins may want some users to edit the login files from windows. For me there are only 2 files in that folder that I change and so I open up a ssh session to the storage server (from a windows or linux box) and edit them directly with nano. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon folder permissions
you just want it readable by users, the only thing you'll probably put in it is NTConfig.POL and logon scripts. Leandro Tracchia wrote: forgive me if this is a dumb question. i created the netlogon folder in /home/samba/ but i'm not sure what permissions to assign to it or who to make owner and group. could anyone tell me?? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Netlogon, roming profiles in samba(PDC)-ldap
Suresh, A little cheat however being that most of my notes are from this section, if you goto http://wiki.samba.org/index.php/Samba_%26_Windows_Profiles This helps you with creating essentially a roaming profile. Some other usefull goodies in there as well. Thanks Dave -Original Message- From: SURESH BOLLU [mailto:[EMAIL PROTECTED] Sent: 31 January 2007 04:59 To: Ellison, David Subject: RE: [Samba] Netlogon, roming profiles in samba(PDC)-ldap thanks for the help, and i am waiting for ur reply, Regards, Suresh Bollu --- Ellison, David [EMAIL PROTECTED] wrote: There is a way to do this, I'll have a dig. There is some documentation some on that, quite usefull. Give me an hour or so and I will have a look. Cheers Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ba.org] On Behalf Of suresh bollu Sent: 30 January 2007 13:57 To: samba@lists.samba.org Subject: [Samba] Netlogon, roming profiles in samba(PDC)-ldap for my organaization i configured a Samba PDC, Samba-LDAP, with the following configuration my server is running fedora core 5, all my clients are windows XP, my problem is when i login to the domain through windows xp client each time the profile is refreshing, i want to save the profile in server and retrive it when i login again. please healp me out to get out of this problem, Regards, Suresh Bollu *smb.conf* [global] workgroup = QVANTELIN netbios name = box1 interfaces = eth1, lo username map = /etc/samba/smbusers server string = Samba Server %v security = user encrypt passwords = Yes obey pam restrictions = No unix password sync = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing password for *\nNew password* %n\n *Retype new password* %n\n ldap password sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = startup.bat #logon drive = F: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://192.168.1.10 ldap admin dn= cn=Manager,dc=qvantelin,dc=com ldap suffix = dc=qvantelin,dc=com ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=machines ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u [homes] comment = Home Directories valid users = %S writable = yes create mask = 0664 directory mask = 0775 browseable = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [profiles] path = /home/samba/profiles writable = yes writable = yes Browseable = yes create mode = 0644 directory mode = 0755 [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No === message truncated === __ __ Need Mail bonding? Go to the Yahoo! Mail QA for great tips from Yahoo! Answers users. http://answers.yahoo.com/dir/?link=listsid=396546091 This message has been scanned for viruses by MailControl - (see http://bluepages.wsatkins.co.uk/?4318150) This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. Consider the environment. Please don't print this e-mail unless you really need to. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Netlogon, roming profiles in samba(PDC)-ldap
for my organaization i configured a Samba PDC, Samba-LDAP, with the following configuration my server is running fedora core 5, all my clients are windows XP, my problem is when i login to the domain through windows xp client each time the profile is refreshing, i want to save the profile in server and retrive it when i login again. please healp me out to get out of this problem, Regards, Suresh Bollu *smb.conf* [global] workgroup = QVANTELIN netbios name = box1 interfaces = eth1, lo username map = /etc/samba/smbusers server string = Samba Server %v security = user encrypt passwords = Yes obey pam restrictions = No unix password sync = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing password for *\nNew password* %n\n *Retype new password* %n\n ldap password sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = startup.bat #logon drive = F: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://192.168.1.10 ldap admin dn= cn=Manager,dc=qvantelin,dc=com ldap suffix = dc=qvantelin,dc=com ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=machines ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u [homes] comment = Home Directories valid users = %S writable = yes create mask = 0664 directory mask = 0775 browseable = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [profiles] path = /home/samba/profiles writable = yes writable = yes Browseable = yes create mode = 0644 directory mode = 0755 [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No *smbldap.conf* # $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $ # $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $ # # smbldap-tools.conf : Q D configuration file for smbldap-tools # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). # # Copyright (C) 2001-2002 IDEALX # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # Purpose : # . be the configuration file for all smbldap-tools scripts ## # # General Configuration # ## #UID and GID starting at... UID_START=1000 GID_START=1000 # Put your own SID. To obtain this number do: net getlocalsid. # If not defined, parameter is taking from net getlocalsid return SID=S-1-5-21-2118587481-1440970363-3314129951 # Domain name the Samba server is in charged. # If not defined, parameter is taking from smb.conf configuration file # Ex: sambaDomain=IDEALX-NT #sambaDomain=QVANTELIN ## # # LDAP Configuration # ## # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 # If not defined, parameter is set to 127.0.0.1 slaveLDAP=192.168.1.10 # Slave LDAP port
RE: [Samba] Netlogon, roming profiles in samba(PDC)-ldap
There is a way to do this, I'll have a dig. There is some documentation some on that, quite usefull. Give me an hour or so and I will have a look. Cheers Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ba.org] On Behalf Of suresh bollu Sent: 30 January 2007 13:57 To: samba@lists.samba.org Subject: [Samba] Netlogon, roming profiles in samba(PDC)-ldap for my organaization i configured a Samba PDC, Samba-LDAP, with the following configuration my server is running fedora core 5, all my clients are windows XP, my problem is when i login to the domain through windows xp client each time the profile is refreshing, i want to save the profile in server and retrive it when i login again. please healp me out to get out of this problem, Regards, Suresh Bollu *smb.conf* [global] workgroup = QVANTELIN netbios name = box1 interfaces = eth1, lo username map = /etc/samba/smbusers server string = Samba Server %v security = user encrypt passwords = Yes obey pam restrictions = No unix password sync = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing password for *\nNew password* %n\n *Retype new password* %n\n ldap password sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = startup.bat #logon drive = F: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://192.168.1.10 ldap admin dn= cn=Manager,dc=qvantelin,dc=com ldap suffix = dc=qvantelin,dc=com ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=machines ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u [homes] comment = Home Directories valid users = %S writable = yes create mask = 0664 directory mask = 0775 browseable = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [profiles] path = /home/samba/profiles writable = yes writable = yes Browseable = yes create mode = 0644 directory mode = 0755 [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No *smbldap.conf* # $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $ # $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $ # # smbldap-tools.conf : Q D configuration file for smbldap-tools # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). # # Copyright (C) 2001-2002 IDEALX # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # Purpose : # . be the configuration file for all smbldap-tools scripts ## # # General Configuration # ## #UID and GID starting at... UID_START=1000 GID_START=1000 # Put your own SID. To obtain this number do: net getlocalsid. # If not defined, parameter is taking from net getlocalsid return SID=S-1-5-21-2118587481-1440970363-3314129951 # Domain name the Samba server is in charged. # If not defined, parameter is taking from smb.conf configuration file # Ex: sambaDomain=IDEALX-NT #sambaDomain=QVANTELIN ## # # LDAP Configuration
[Samba] Netlogon Problem and 3.0.23c
Hello all, I seem to have lost my netlogon share.. I've seen scattered info about this via google.. Is there a resolution? Is there something that I am missing? We didn't have this problem in 3.0.22 (FreeBSD ports if it matters) I can open the netlogon share via \\isc # Samba config file created using SWAT # from 192.168.1.218 (192.168.1.218) # Date: 2006/11/03 08:34:30 [global] workgroup = PPLD-ADR netbios aliases = DEWEY netbios name = ISC server string = [Samba %v] interfaces = fxp0, lo0 bind interfaces only = Yes log file = /var/log/samba/%U.%m.log log level = 3 max wins ttl = 3600 min wins ttl = 1800 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_SNDBUF=16384 SO_RCVBUF=16384 logon script = %U.bat logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes admin users = bsullivan, bcook security mask = 0750 directory security mask = 0750 hosts allow = 127.0.0.1, 192.168.1., 172.16.1. hosts deny = ALL case sensitive = No hide unreadable = Yes veto oplock files = /*.doc/*.xls/*.mdb/ [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon browseable = No guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon Problem and 3.0.23c
B. Cook wrote: Hello all, I seem to have lost my netlogon share.. I've seen scattered info about this via google.. Is there a resolution? Is there something that I am missing? We didn't have this problem in 3.0.22 (FreeBSD ports if it matters) I can open the netlogon share via \\isc # Samba config file created using SWAT # from 192.168.1.218 (192.168.1.218) # Date: 2006/11/03 08:34:30 [global] workgroup = PPLD-ADR netbios aliases = DEWEY netbios name = ISC server string = [Samba %v] interfaces = fxp0, lo0 bind interfaces only = Yes log file = /var/log/samba/%U.%m.log log level = 3 max wins ttl = 3600 min wins ttl = 1800 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_SNDBUF=16384 SO_RCVBUF=16384 logon script = %U.bat logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes admin users = bsullivan, bcook security mask = 0750 directory security mask = 0750 hosts allow = 127.0.0.1, 192.168.1., 172.16.1. hosts deny = ALL case sensitive = No hide unreadable = Yes veto oplock files = /*.doc/*.xls/*.mdb/ [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon browseable = No guest ok = yes Also other shares on remote boxes that use the domain for auth, are not working either.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon Problem and 3.0.23c
B. Cook wrote: I seem to have lost my netlogon share.. I've seen scattered info about this via google.. Also other shares on remote boxes that use the domain for auth, are not working either.. Thanks for all the help, but we've decided in the interest of trying to work that we go back to 3.0.23b. http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html Following that doc with 3.0.23c didn't seem to produce a working example either anymore. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon error
Hi I mounted a pdc with ldap and samba, it works right...but when I use the script to mount a net unit it fails... i can mount it manually ...and if i execute the script like the user it ask me the username and the password..but also fails...someone know what happen? my script is this: net time \\shogun net use z: \\shogun\profiles\ thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon error
Have you correctly set up the netlogon permissions ? Put you netlogon settings here for clarify. On 10/26/06, chechu chechu [EMAIL PROTECTED] wrote: Hi I mounted a pdc with ldap and samba, it works right...but when I use the script to mount a net unit it fails... i can mount it manually ...and if i execute the script like the user it ask me the username and the password..but also fails...someone know what happen? my script is this: net time \\shogun net use z: \\shogun\profiles\ thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon error
Cleber P. de Souza wrote: Have you correctly set up the netlogon permissions ? Put you netlogon settings here for clarify. On 10/26/06, chechu chechu [EMAIL PROTECTED] wrote: Hi I mounted a pdc with ldap and samba, it works right...but when I use the script to mount a net unit it fails... i can mount it manually ...and if i execute the script like the user it ask me the username and the password..but also fails...someone know what happen? my script is this: net time \\shogun net use z: \\shogun\profiles\ Hey, I remember seeing some issues a long time ago with trying to use Z for drive mappings. If memory serves me correctly its got to do with how the netlogon share is temporarily mapped while logging into a domain (i,e, it uses z for this). I could be wrong but in that case using an alternate drive letter (such as Y) made things just work. To this day i never use Z for a drive mapping in a domain scenario. Try using another drive letter to map. You can probably mount manually because thats after/before the domain logon stuff which means z is not in use. Regards, Les -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NETLOGON samba-3.0.23c
Hi @all, I don't know why, but my PDC Stopps serving the netlogon service over the weekend. \\HUNTER\netlogon is avaliable and readeable! Here's output of nbtstat -ac HUNTER Name Typ Status - HUNTER 00 EINDEUTIG Registriert HUNTER 03 EINDEUTIG Registriert HUNTER 20 EINDEUTIG Registriert ..__MSBROWSE__.01 GRUPPE Registriert SNEAKER1D EINDEUTIG Registriert SNEAKER1B EINDEUTIG Registriert SNEAKER1C GRUPPE Registriert SNEAKER1E GRUPPE Registriert SNEAKER00 GRUPPE Registriert Smb.conf [global] interfaces = lo eth0 eth1 eth2 bind interfaces only = Yes name resolve order = wins bcast lmhosts host unix charset = ISO8859-1 display charset = ISO8859-1 workgroup = SNEAKER netbios name = HUNTER admin users = @Domain Admins guest account = nobody server string = SoundServer %v security = user encrypt passwords = Yes log level = 2 vfs:2 log file = /var/log/samba/%U.%m.log syslog = 0 max log size = 10 domain logons = Yes os level = 255 preferred master = Yes domain master = Yes local master = Yes wins support = Yes wins proxy = Yes dns proxy = Yes time server = Yes #ldap## passdb backend = ldapsam:ldap://127.0.0.1/; ldap admin dn = cn=Manager,dc=radiogong,dc=intern ldap suffix = dc=radiogong,dc=intern ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = no ldap delete dn = Yes add user script = /usr/local/sbin/smbldap-useradd -a -P %u delete user script = /usr/local/sbin/smbldap-userdel -r %u; rm -r /home/%u; rm -r /opt/profiles/%u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd %g delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u ldap passwd sync = Yes utmp = Yes idmap uid = 1000-2 idmap gid = 1000-2 idmap backend = ldap:ldap://127.0.0.1/ shutdown script = /sbin/shutdown abort shutdown script = /sbin/shutdown -c winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind uid = 1000-2 winbind gid = 1000-2 winbind cache time = 10 nt acl support = yes kernel oplocks = yes enable privileges = Yes template shell = /bin/false logon script = logon.bat logon path = logon home = DNS is working fine, also WinS! Do you have any clues? Thanx in advance Sascha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon initially fails after moving samba server to new machine.
Yesterday I migrated a Samba server from one machine running Samba 3.0.13 (on Mandrake 10.0) to another running 3.0.20-3 (on Mandriva 2006). The contents of: /etc/samba/* (all the .conf files) /usr/local/samba/private/* (secrets.pdb, smbpasswd) were moved intact from one machine to the other, as was all of the user data. I even checked md5sums - no changes to any of the samba files. Then the new machine was given the old machine's IP address and vice versa. Reboot both machines, start Samba on the new one, leave it off on the original server. The firewall configuration is identical on the two machines. Verified that windows explorer (run as administrator on a test machine) can mount any user (domain\username) without a problem. One would think that the XP clients could then logon to the domain, which moved intact to the new machine. But no. Attempts to login to the domain failed until the following steps were taken on one client: 1. login as administrator on the client. 2. remove the client machine from the domain. 3. reboot the client machine. 4. smbpasswd -m -x clientname 5. smbpasswd -m -a clientname 6. login as administrator on the client. 7. add the client to the domain. 8. reboot the client. After that I could login on that client, but logins on the other clients say this: Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator. (Whether or not a local profile actually exists.) I'm guessing that this too will go away once the second machine is removed/added to the domain. Testing... Yes, that's true. This is all very strange to me. The only thing that the client can see that differs between yesterday and today, near as I can tell, is the MAC of the server. They are all on the same subnet, so the client can see the MAC. Else, how does the XP client realize the server has changed and fail to logon? This is only a minor PITA for me, since there are only 8 clients involved. It would be really painful though for a site with hundreds of clients. Thanks, David Mathog [EMAIL PROTECTED] Manager, Sequence Analysis Facility, Biology Division, Caltech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon problems
I just went through all this with my set up. First, insure the users have the desired group as their PRIMARY group in both NT groups and Unix groups. You can verify this by checking the /etc/passwd list and running 'pdbedit -Lv'. Change your [NETLOGON] entry to read 'path = /data/%g'. In your /data/ folder, create a login for each group, i.e. /data/finsvcs/scripts/login.bat; /data/accounts/scripts/login.bat; /data/others/scripts/login.bat; etc. Each login would reflect what you want for that group. For example: /data/finsvcs/scripts/login.bat: REM Login.bat for Financial Services Members net time \\lserver0 /set /yes net use m: \\lserver0\finsvcs net use x: /home HTH, Michael Eric Hines told me on 12/8/2005 19:43: You have not misunderstood my post; I have mis-described my problem. The logon script will not run until the user gets connected to his/her share on the samba server, and I cannot get the user connected in the first place. I have a better description of my problem (finally) under the thread [Samba] Share Connection Failure. Your points are valid, though, and I will take them to heart when I get the point of getting connected so that the logon script has a chance to run. Do you have any advice on the basic connection problem? Thanks Eric Hines At 12/08/05 01:25, Matthew Easton wrote: Pardon me if I misunderstand your post... I think you want to present a logon script to the user based on her/ his group membership. In other words, ( I surmise ) currently Fred gets an invitation to logon to finsvcs, but it will necessarily fail unless he is a member of the finance group. So you want him to have a logon script that DOES NOT mount finsvcs share if he is not a member of finance. I note that the logon script directive in you [global] settings has no value. In a small environment, you can make that logon script = /some/path/%u.bat and give each user a unique logon script. In a larger environment you want to control scripts by group membership--- check out http://lists.samba.org/archive/samba/2002-March/040656.html as an example of ways to control logon by group. On Dec 4, 2005, at 12:19 PM, Eric Hines wrote: Folks, I'm trying to achieve control over who logs into a share according to the group to which that person belongs, but with no luck. I'm running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one subnet and an XP laptop on another subnet. In all cases, the user, instead of getting into his share transparently, gets invited to log in, and then the login is rejected. I've run the login.bat from the Windows machines, and that also only gets access denied. Share valid users is set to %G (%U lets the user in just fine, but that's inadequate security). Users get into their home directories just fine. My login.bat is net time \\lserver0 /set /yes net use \\lserver0\accounts net use \\lserver0\finsvcs net use x: /home My [netlogon] share is [netlogon] comment = Network logon service path = /data/%U valid users = %S read only = No My [global] is [global] workgroup = ASTRA_ENT username map = /etc/samba/smbusers syslog = 0 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/groupmod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d / var/lib/nobody '%u' logon script = scripts\login.bat logon path = logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap ssl = no I've placed the login.bat file in the share accounts (\data \accounts and /data/financials in this case), and I've placed the login.bat file in each user's home directory. Nothing has worked. I've been through the TOSHARG2 with no luck, and Googleing hasn't brought me anything I recognized, either. Any help would be greatly appreciated. Eric Hines -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon problems
Michael, This does help, but only when I get to that point. As I gain further understanding of my problem, it's that I can't get my users logged on in the first place, so as to get to the point of needing to be able to run the script. A better description of my problem is in the thread [Samba] Share Connection Failure. Can you offer any help there? Thanks Eric Hines At 12/09/05 08:47, Michael Barnes wrote: I just went through all this with my set up. First, insure the users have the desired group as their PRIMARY group in both NT groups and Unix groups. You can verify this by checking the /etc/passwd list and running 'pdbedit -Lv'. Change your [NETLOGON] entry to read 'path = /data/%g'. In your /data/ folder, create a login for each group, i.e. /data/finsvcs/scripts/login.bat; /data/accounts/scripts/login.bat; /data/others/scripts/login.bat; etc. Each login would reflect what you want for that group. For example: /data/finsvcs/scripts/login.bat: REM Login.bat for Financial Services Members net time \\lserver0 /set /yes net use m: \\lserver0\finsvcs net use x: /home HTH, Michael Eric Hines told me on 12/8/2005 19:43: You have not misunderstood my post; I have mis-described my problem. The logon script will not run until the user gets connected to his/her share on the samba server, and I cannot get the user connected in the first place. I have a better description of my problem (finally) under the thread [Samba] Share Connection Failure. Your points are valid, though, and I will take them to heart when I get the point of getting connected so that the logon script has a chance to run. Do you have any advice on the basic connection problem? Thanks Eric Hines At 12/08/05 01:25, Matthew Easton wrote: Pardon me if I misunderstand your post... I think you want to present a logon script to the user based on her/ his group membership. In other words, ( I surmise ) currently Fred gets an invitation to logon to finsvcs, but it will necessarily fail unless he is a member of the finance group. So you want him to have a logon script that DOES NOT mount finsvcs share if he is not a member of finance. I note that the logon script directive in you [global] settings has no value. In a small environment, you can make that logon script = /some/path/%u.bat and give each user a unique logon script. In a larger environment you want to control scripts by group membership--- check out http://lists.samba.org/archive/samba/2002-March/040656.html as an example of ways to control logon by group. On Dec 4, 2005, at 12:19 PM, Eric Hines wrote: Folks, I'm trying to achieve control over who logs into a share according to the group to which that person belongs, but with no luck. I'm running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one subnet and an XP laptop on another subnet. In all cases, the user, instead of getting into his share transparently, gets invited to log in, and then the login is rejected. I've run the login.bat from the Windows machines, and that also only gets access denied. Share valid users is set to %G (%U lets the user in just fine, but that's inadequate security). Users get into their home directories just fine. My login.bat is net time \\lserver0 /set /yes net use \\lserver0\accounts net use \\lserver0\finsvcs net use x: /home My [netlogon] share is [netlogon] comment = Network logon service path = /data/%U valid users = %S read only = No My [global] is [global] workgroup = ASTRA_ENT username map = /etc/samba/smbusers syslog = 0 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/groupmod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d / var/lib/nobody '%u' logon script = scripts\login.bat logon path = logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap ssl = no I've placed the login.bat file in the share accounts (\data \accounts and /data/financials in this case), and I've placed the login.bat file in each user's home directory. Nothing has worked. I've been through the TOSHARG2 with no luck, and Googleing hasn't brought me anything I recognized, either. Any help would be greatly appreciated. Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon problems
You have not misunderstood my post; I have mis-described my problem. The logon script will not run until the user gets connected to his/her share on the samba server, and I cannot get the user connected in the first place. I have a better description of my problem (finally) under the thread [Samba] Share Connection Failure. Your points are valid, though, and I will take them to heart when I get the point of getting connected so that the logon script has a chance to run. Do you have any advice on the basic connection problem? Thanks Eric Hines At 12/08/05 01:25, Matthew Easton wrote: Pardon me if I misunderstand your post... I think you want to present a logon script to the user based on her/ his group membership. In other words, ( I surmise ) currently Fred gets an invitation to logon to finsvcs, but it will necessarily fail unless he is a member of the finance group. So you want him to have a logon script that DOES NOT mount finsvcs share if he is not a member of finance. I note that the logon script directive in you [global] settings has no value. In a small environment, you can make that logon script = /some/path/%u.bat and give each user a unique logon script. In a larger environment you want to control scripts by group membership--- check out http://lists.samba.org/archive/samba/2002-March/040656.html as an example of ways to control logon by group. On Dec 4, 2005, at 12:19 PM, Eric Hines wrote: Folks, I'm trying to achieve control over who logs into a share according to the group to which that person belongs, but with no luck. I'm running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one subnet and an XP laptop on another subnet. In all cases, the user, instead of getting into his share transparently, gets invited to log in, and then the login is rejected. I've run the login.bat from the Windows machines, and that also only gets access denied. Share valid users is set to %G (%U lets the user in just fine, but that's inadequate security). Users get into their home directories just fine. My login.bat is net time \\lserver0 /set /yes net use \\lserver0\accounts net use \\lserver0\finsvcs net use x: /home My [netlogon] share is [netlogon] comment = Network logon service path = /data/%U valid users = %S read only = No My [global] is [global] workgroup = ASTRA_ENT username map = /etc/samba/smbusers syslog = 0 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/groupmod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d / var/lib/nobody '%u' logon script = scripts\login.bat logon path = logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap ssl = no I've placed the login.bat file in the share accounts (\data \accounts and /data/financials in this case), and I've placed the login.bat file in each user's home directory. Nothing has worked. I've been through the TOSHARG2 with no luck, and Googleing hasn't brought me anything I recognized, either. Any help would be greatly appreciated. Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon problems
Pardon me if I misunderstand your post... I think you want to present a logon script to the user based on her/ his group membership. In other words, ( I surmise ) currently Fred gets an invitation to logon to finsvcs, but it will necessarily fail unless he is a member of the finance group. So you want him to have a logon script that DOES NOT mount finsvcs share if he is not a member of finance. I note that the logon script directive in you [global] settings has no value. In a small environment, you can make that logon script = /some/path/%u.bat and give each user a unique logon script. In a larger environment you want to control scripts by group membership--- check out http://lists.samba.org/archive/samba/2002-March/040656.html as an example of ways to control logon by group. On Dec 4, 2005, at 12:19 PM, Eric Hines wrote: Folks, I'm trying to achieve control over who logs into a share according to the group to which that person belongs, but with no luck. I'm running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one subnet and an XP laptop on another subnet. In all cases, the user, instead of getting into his share transparently, gets invited to log in, and then the login is rejected. I've run the login.bat from the Windows machines, and that also only gets access denied. Share valid users is set to %G (%U lets the user in just fine, but that's inadequate security). Users get into their home directories just fine. My login.bat is net time \\lserver0 /set /yes net use \\lserver0\accounts net use \\lserver0\finsvcs net use x: /home My [netlogon] share is [netlogon] comment = Network logon service path = /data/%U valid users = %S read only = No My [global] is [global] workgroup = ASTRA_ENT username map = /etc/samba/smbusers syslog = 0 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/groupmod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d / var/lib/nobody '%u' logon script = scripts\login.bat logon path = logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap ssl = no I've placed the login.bat file in the share accounts (\data \accounts and /data/financials in this case), and I've placed the login.bat file in each user's home directory. Nothing has worked. I've been through the TOSHARG2 with no luck, and Googleing hasn't brought me anything I recognized, either. Any help would be greatly appreciated. Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon problems
Folks, I'm trying to achieve control over who logs into a share according to the group to which that person belongs, but with no luck. I'm running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one subnet and an XP laptop on another subnet. In all cases, the user, instead of getting into his share transparently, gets invited to log in, and then the login is rejected. I've run the login.bat from the Windows machines, and that also only gets access denied. Share valid users is set to %G (%U lets the user in just fine, but that's inadequate security). Users get into their home directories just fine. My login.bat is net time \\lserver0 /set /yes net use \\lserver0\accounts net use \\lserver0\finsvcs net use x: /home My [netlogon] share is [netlogon] comment = Network logon service path = /data/%U valid users = %S read only = No My [global] is [global] workgroup = ASTRA_ENT username map = /etc/samba/smbusers syslog = 0 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/groupmod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' logon script = scripts\login.bat logon path = logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap ssl = no I've placed the login.bat file in the share accounts (\data\accounts and /data/financials in this case), and I've placed the login.bat file in each user's home directory. Nothing has worked. I've been through the TOSHARG2 with no luck, and Googleing hasn't brought me anything I recognized, either. Any help would be greatly appreciated. Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon share
hi, i'm not able to get logon script working logon script =\\%L\netlogon\logon.%U.bat [netlogon] comment = Network Logon Service path = /var/netlogon admin users = @ntadmin guest ok = Yes browseable = No i'm not even finding any hint in the logfiles. thanks L.Cerini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NETLOGON Auth
Ok. Simple questions: What is NETLOGON in respect to Samba authentication? Further, what is NET_AUTH2 and NET_SAMLOGON which are RPCs of NETLOGON? Finally, how can I make the system try NET_SAMLOGON before NET_AUTH2? I am getting significant login delays b/c samba hangs with NET_AUTH2 as the RPC, but works immediately with the NET_SAMLOGON protocol after about a 20 second wait for the user. Thanks! Matt Vlasach Owner / Operator Pacific Swell Networks, Inc. http://www.pacificswell.com Contact: email : [EMAIL PROTECTED] cell : 310.529.9165 fax : 877.531.6463 - DIGITALLY SIGNED EMAIL: This email has been digitally signed to guarantee it has originated from the actual sender. The attachment smime.p7s contains this verification information, and is readable by newer versions of mail clients. IMPORTANT NOTICE: This message is intended only for the addressee and may contain confidential, privileged information. If you are not the intended recipient, you may not use, copy or disclose any information contained in the message. If you have received this message in error, please notify the sender by reply e-mail and delete the message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NETLOGON scripts will not execute
Hi there, i have a samba PDC with a mix of w2l and XP clients connecting. FOr some reason the network logon scripts will not execute. I have made sure they are dos format, and the permissions are correct. yet I can;t get it to work! Here is my samba.conf: [global] workgroup = IHPR server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /sbin/nologin $ logon drive = H: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no hosts allow = 142.103.158. cups options = raw printcap name = /etc/printcap load printers = yes logon script = %U.cmd ANy ideas as to what might keep this from happening? If I run the same commands from the dos prompt - it works fine. d -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NETLOGON scripts will not execute
On Thursday 28 July 2005 04:39 pm, lists wrote: Here is my samba.conf smb.conf? You don't show a netlogon share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NETLOGON scripts will not execute
lists wrote: Hi there, i have a samba PDC with a mix of w2l and XP clients connecting. FOr some reason the network logon scripts will not execute. I have made sure they are dos format, and the permissions are correct. yet I can;t get it to work! Here is my samba.conf: [global] workgroup = IHPR server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /sbin/nologin $ logon drive = H: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no hosts allow = 142.103.158. cups options = raw printcap name = /etc/printcap load printers = yes logon script = %U.cmd ANy ideas as to what might keep this from happening? If I run the same commands from the dos prompt - it works fine. d Have you put the scripts in the correct place? I believe they should be in the home directory of the users by default. So for user BIGJOHN, you should have the file BIGJOHN.cmd inside the /home/BIGJOHN directory. Scott -- Scott Mayo Technology Coordinator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Pager: 800-264-2535 X2549 Duct tape is like the force, it has a light side and a dark side and it holds the universe together. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon, profdata and profiles
Dear list, Can these be hidden like print$ so when you browse the network you can't see them? Or should they be seen? Thanks, Paul. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Netlogon scripts
Hi List, maybe i missed a hint on google, but i didnt find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pcs called: netlogon.bat and in addition there is for some client-pcs a additional script called by the %m switch in smb.conf kind regards Arno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon scripts
Arno Seidel wrote: maybe i missed a hint on google, but i didn´t find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pc´s called: netlogon.bat and in addition there is for some client-pc´s a additional script called by the %m switch in smb.conf No, but you can 'roll your own' ... There are several techniques you can use : 1) Use pre-exec to run a server based script and generate a per-user (or per machine) logon script at each logon. You then have access to everything the host (Linux/Unix) system knows about the user/machine. 2) Use the basic batch file commands to test for various things and call other batch files as required - search the archives for ifmember.exe which is useful for this. You then have every machine/user use a common logon.bat and take runtime decisions on what to do. 3) Use a client side scripting environment such as Kixtart and write much more complex scripts. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon scripts
Hi Arno, if you have a default.bat for all clients you can do the cascade to groups users or machine in this file itself i.e. for the client machine itself echo %COMPUTERNAME% call %COMPUTERNAME%.bat Regards Arno Seidel schrieb: Hi List, maybe i missed a hint on google, but i didnt find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pcs called: netlogon.bat and in addition there is for some client-pcs a additional script called by the %m switch in smb.conf kind regards Arno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon scripts
Hi Simon, thanks... for that hints... arno Simon Hobson schrieb: Arno Seidel wrote: maybe i missed a hint on google, but i didn´t find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pc´s called: netlogon.bat and in addition there is for some client-pc´s a additional script called by the %m switch in smb.conf No, but you can 'roll your own' ... There are several techniques you can use : 1) Use pre-exec to run a server based script and generate a per-user (or per machine) logon script at each logon. You then have access to everything the host (Linux/Unix) system knows about the user/machine. 2) Use the basic batch file commands to test for various things and call other batch files as required - search the archives for ifmember.exe which is useful for this. You then have every machine/user use a common logon.bat and take runtime decisions on what to do. 3) Use a client side scripting environment such as Kixtart and write much more complex scripts. Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon scripts
Hi Robert, thanks a lot for that this is what i searched. Arno Robert Schetterer schrieb: Hi Arno, if you have a default.bat for all clients you can do the cascade to groups users or machine in this file itself i.e. for the client machine itself echo %COMPUTERNAME% call %COMPUTERNAME%.bat Regards Arno Seidel schrieb: Hi List, maybe i missed a hint on google, but i didnt find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pcs called: netlogon.bat and in addition there is for some client-pcs a additional script called by the %m switch in smb.conf kind regards Arno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon scripts for machines / groups - possible?
Hello, I use Samba 3 as a PDC. When a user logs in, a user-specific script is executed for him/her, as stated in smb.conf: logon script = %U.bat This is handy when it comes to do some minor tweaks, but can become pain when one have to do bigger changes. Is it possible to execute also a machine script (for installing software etc.), and group script (users belonging to a certain group should have specific settings applied)? I was thinking of something like: logon script = %U.bat - now it's executed for a user machine logon script = %m.bat group logon script = %g.bat etc. Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] netlogon scripts for machines / groups - possible?
Tomasz Chmielewski wrote: Is it possible to execute also a machine script (for installing software etc.), and group script (users belonging to a certain group should have specific settings applied)? I was thinking of something like: logon script = %U.bat - now it's executed for a user machine logon script = %m.bat group logon script = %g.bat Hmmm. I don't know of any specific mechanisim to do this, but you might be able to do some of it with just the batch files. For example, in your %U.bat you could call another batch file with %COMPUTERNAME%.bat. I'm not sure how to solve the group problem, though. I'm not aware of a mechanisim to retrieve the users group from the command line. You may be able to do this by using visual basic logon scripts, but that's beyond my capabilities, sorry. HTH, --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon scripts for machines / groups - possible?
Is it possible to execute also a machine script (for installing software etc.), and group script (users belonging to a certain group should have specific settings applied)? You can dynamically generate the script on the server if you're crafty with the prelogon parameters. I attach one to the profile share (since the client hits that before netlogon) and generate the script based on the user's group membership as returned by the groups username command on the server side. You can find my posting on it in the archives. The machine part could probably be done as well under my setup, since all you're doing is passing parameters to a perl script. Actually installing software could be a little dicey however, since you have to worry about user permissions and such, but you can always check if the user has admin privileges with ifmember or something similar. And then there's 3rd party tools, which I won't comment on out of ignorance on their operation. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon scripts for machines / groups - possible?
On Thursday 04 November 2004 10:57, Jason Balicki wrote: I'm not sure how to solve the group problem, though. I'm not aware of a mechanisim to retrieve the users group from the command line. You may be able to do this by using visual basic logon scripts, but that's beyond my capabilities, sorry. IFMEMBER.EXE from the Windows resource kit can do this. Easier and more flexible is the Kixtart scripting language. Find this at http://www.kixtart.org. I learned it in about 2 hours, basically. Misty HTH, --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon scripts for machines / groups - possible?
Tomasz Chmielewski schrieb: Hello, I use Samba 3 as a PDC. When a user logs in, a user-specific script is executed for him/her, as stated in smb.conf: logon script = %U.bat This is handy when it comes to do some minor tweaks, but can become pain when one have to do bigger changes. Is it possible to execute also a machine script (for installing software etc.), and group script (users belonging to a certain group should have specific settings applied)? I was thinking of something like: logon script = %U.bat - now it's executed for a user machine logon script = %m.bat group logon script = %g.bat etc. Tomek hi, you can user ifmember.exe with a default.bat for groups, and parse the host name in default bat to to do other stuff this runs very nice and will give you the features you desire Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Netlogon
Hi, I've just configure my Samba 3.0.7 as a PDC with an LDAP-based backend. Everthing seems fine except that my logon.bat is unable to execute when my users login to their XP. If I manually run //bilbo/netlogon/logon.bat on XP, the script will run without any problems. Is this purely a samba problem or it is due to my ldap configuration? Do I need to include ntconfig.POL in the netlogon directory? If only someone can help as I cannot seem to find any solution. Below is my smb.conf file: [global] workgroup = test netbios name = BILBO #interfaces = 192.168.88.13 #username map = /etc/samba/smbusers #admin users= @Domain Admins server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No ldap passwd sync = Yes #unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n passwd chat = Changing password for*\nNew password* %n\n *success* passwd chat debug = Yes #ldap passwd sync = Yes log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 name resolve order = wins bcast hosts time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = #logon path = logon path = \\%L\profiles\%u domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:ldap://127.0.0.1/ ldap://slave.idealx.com; # ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Manager,dc=muvee,dc=com ldap suffix = dc=muvee,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers #ldap idmap suffix = ou=Users ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes #ldap ssl = start tls add user script = /usr/local/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/local/sbin/smbldap-userdel %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes #locking = No [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes nt acl support = Yes hidden files=desktop.ini hide files = /desktop.ini/ntuser.ini/NTUSER.*/ hide files = /desktop.ini/ hide files = /var/lib/samba/profiles/*/Start\ Menu/Programs/Startup/desktop.ini -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon and domain trust
Do login-scripts work within a domain trust ? I have 2 domains, where domA trusts domB. Loginscripts (connection to netlogon share) work in both domains. But when I try to login in domB on a host that belongs to domA, I can login, but there seems to be no connection to a netlogon share (not on the domB nor on the domA PDC). How can I make sure the loginscript is always executed? Brecht -- Brecht Samyn, Systeemgroep Katholieke Universiteit Leuven Campus Kortrijk (KULAK) tel. ++32 56 246 264 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon scripts
Spike Burkhardt schrieb: All, If I want to specify a logon script, does security need to be set to Domain? The issue is that we have authentication at the PDC/BDC so that our VPN users can map drives on their home PC's. Is there a different way to do a logon script other than setting the SECURITY = DOMAIN? I am running 2.2.8a (planning on 2.2.12) on Solaris 8. Thanks for your help. spike Hi, dint plan on version 2.2.8a use samba version tree 3, if samba is pdc security = user is right study samba faqs Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon scripts
All, If I want to specify a logon script, does security need to be set to Domain? The issue is that we have authentication at the PDC/BDC so that our VPN users can map drives on their home PC's. Is there a different way to do a logon script other than setting the SECURITY = DOMAIN? I am running 2.2.8a (planning on 2.2.12) on Solaris 8. Thanks for your help. spike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon scripts
way to do a logon script other than setting the SECURITY = DOMAIN? Actually you don't set domain to run login scripts at all. Rather, set your the following parameters like so along with whatever else you have:: [global] security = user logon script = something.bat logon path = \\%N\profiles\%u logon drive = H: logon home = \\%N\%u domain logons = Yes preferred master = Yes domain master = Yes [netlogon] path = /some/dir browseable = No Anything I've left out is either default or not important to the question at hand (or at least I think it isn't) -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NetLogon Script
hi, I have a samba 3.0.5 PDC server The netlogon script works fine on windows 2k On windows 98 it executes the script but it doesnt map the drives why Thank you -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon
James Coggan wrote: Is it possible to use some kind of netlogon script to add a printer? net use \\server\printert ?? I would suggest a complete solution that you can also use to add drives, set registry settings. A way so you can do anything you wish in the future. Kixtart would be the best thing to use in my opinion. http://www.kixtart.org/ We use it in a environment for +600 people, working with Win98, 2K and XP. Just take a look! Later, Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon
It can be this simple as well: RunDll32.EXE printui.dll,PrintUIEntry /in /n \\host\printer RunDll32.EXE printui.dll,PrintUIEntry /y /n \\host\printer ...the first line being install printer and the second set default. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Wed, 7 Jul 2004, Mark Maas wrote: James Coggan wrote: Is it possible to use some kind of netlogon script to add a printer? net use \\server\printert ?? I would suggest a complete solution that you can also use to add drives, set registry settings. A way so you can do anything you wish in the future. Kixtart would be the best thing to use in my opinion. http://www.kixtart.org/ We use it in a environment for +600 people, working with Win98, 2K and XP. Just take a look! Later, Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Netlogon
Is it possible to use some kind of netlogon script to add a printer? net use \\server\printert ?? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon
James Coggan wrote: Is it possible to use some kind of netlogon script to add a printer? net use \\server\printert ?? You can use con2prt from the Windows Zero Administration Kit to do this as part of a logon script. Cheers, Tony -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon
Tony Whitmore wrote: James Coggan wrote: Is it possible to use some kind of netlogon script to add a printer? net use \\server\printert ?? You can use con2prt from the Windows Zero Administration Kit to do this as part of a logon script. You can do it with no extra software using a rundll command. This is the exact line from one of my scripts: rundll32 printui.dll,PrintUIEntry /in /n \\fgoserv\hplj /r \\fgoserv\hplj /m HP LaserJet 5000 Series PS Use this command to get a help dialogue that will explain the options rundll32 printui.dll,PrintUIEntry /? -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon
Just found a solution to that this morning. Here is the script I've been testing, replace ServerName and PrinterName ' VBScript.' Guy Thomas February 2004. ' http://computerperformance.co.uk ' Purpose of script to create a local printer ' ** Dim net Set net = CreateObject(WScript.Network) net.AddWindowsPrinterConnection \\ServerName\PrinterName It appears to work really well. I found this and several other useful thing on this site http://www.computerperformance.co.uk/Logon/LogonScript_Printer.htm Hope that helps, Derek On Jul 6, 2004, at 12:41 PM, James Coggan wrote: Is it possible to use some kind of netlogon script to add a printer? net use \\server\printert ?? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba The future is no place to place your better days. -- Dave Matthews Band PGP.sig Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon
Hi, On Tue, Jul 06, 2004 at 01:41:08PM -0300, James Coggan wrote: Is it possible to use some kind of netlogon script to add a printer? net use \\server\printert ?? in STARTUP.CMD : rundll32 printui.dll,PrintUIEntry /in /n\\SERVER\QUEUENAME On my system I've installed CUPS driver for Windows with cupsaddsmb, and I've login once as administrator, it seems to work fine for other unpriviledged users now. hth Jerome Alet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon runas Administrator problem solved
Hi Sambatistas, a few days ago there was a discussion, how to force jobs runas administrator at netlogon. If you use a default.bat at netlogon this is executed as the logon user , therefor you are running in rights problems if you wanna execute job which need admin right like regedit /s . I found myself in this problem too, pushing the user to use the logon screensaver as default, i created a reg key which work but now i had that regedit problem ( also apears if i push my thightvnc password ) i found this tool called cpau which is a runas replacement which can take the user and password from commandline, also it allows to create full jobs i a crypted textfile so nobody can see you admin passwords, it work great and is a simply solution for the task. Please look here for cpau http://www.joeware.net/win32/ there are many usefull other tools more there. if sombody is interested in the reg key about the logonscreensaver its like this screenlogdefault.reg Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Control Panel\Desktop] ScreenSaveActive=1 ScreenSaverIsSecure=1 ScreenSaveTimeOut=600 SCRNSAVE.EXE=C:\\WINNT\\system32\\logon.scr Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon, logonscript halts on error
Hi, I have a setup of samba 3.0.2a-Debian and validate domainusers on a LDAP server. Right now I have a major hack to dynamicly mount the appropriate shares for each user. I have a root preexec perlfile that uses a database with info about the shares, to creates a username.bat file, which mounts all the drives, that users is alowed to write or read. My problem is that the winlogon script does not excecute properbly on a domain logon. This is a typical logonscript: NET USE * /DELETE /YES NET USE H: \\SERVER\username /YES NET USE Q: \\SERVER\a_share /YES NET USE J: \\SERVER\another /YES The bat-file excecutes all lines if I call it directly on //SERVER/netlogon/username.bat. It DOES throw a error sometimes, either because no drives are mounted, or because they are already mounted, I'm not realy sure, but it unmounts and mounts the drives. But on the domain-netlogon it halts on the first error, and never executes the rest of the script. Is there a way to create the script so no errors can occour, or force windows to continue executing the script on errors ? Or could my script be constructed smarter? (eg. without the * /DELETE) Thanks... /torben -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Netlogon script executes randomly
|-Original Message- |From: [EMAIL PROTECTED] [mailto:samba- |[EMAIL PROTECTED] On Behalf Of Gémes Géza |Sent: 26. mars 2004 00:24 |To: Frode Lillerud |Cc: [EMAIL PROTECTED] |Subject: Re: [Samba] Netlogon script executes randomly | |-BEGIN PGP SIGNED MESSAGE- |Hash: SHA1 | |Gerald (Jerry) Carter írta: || Frode Lillerud wrote: || | Hi, I have set up Samba 3.0.2a on my Debian server as a PDC. || | || | I use a Windows XP Pro laptop to log on wirelessly, and things seems to || | be working fine except with the logon.bat script. || | || | I have added logon script = logon.bat and the netlogon share in my || | smb.conf. || | || | The logon.bat has executed a few times (perhaps 10% of || | the times), but there is obviously a problem. The logon.bat || | is created with DOS style CR/LF. || || general this kind of behavior would happen if you were || using cached credentials to logon. You might want to || disable caching of logon credentials temporaily so help || track down the problem. flakey wireless maybe ? || || |I would also recomend to check if you can successfully run the logon |script from command prompt. I've had once problems with a Win2k box |which after installing a program which filled in in the path things like |C:\PROGRA~1\.., failed to find the net command. | I've tried logging in and run: net use k: \\sauroman\netlogon and it seems to be working just fine. The drive is mapped, and I can run the logon.bat manually without any problems. Occationally I also see that C:\Windows\System32\cmd.exe is running, but just shuts down again. This is not the logon-script! I've added a pause statement to it to keep it from closing. I'm also trying to test this from my desktop computer, to see if the wireless connection has any bad sideeffects, but I have thus far been unable to create a new sambauser. See separate mail to sambalist called XP gives Access denied for domain logon. |Cheers | |Geza |-BEGIN PGP SIGNATURE- |Version: GnuPG v1.2.3 (GNU/Linux) |Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org | |iD8DBQFAY2od/PxuIn+i1pIRAloXAJ9Jf51+hCQVdLRdln1/onUWjLOBNACdEd0e |DET5fNRGwqKvjjKDjMBDG1I= |=UNjU |-END PGP SIGNATURE- | |-- |To unsubscribe from this list go to the following URL and read the |instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Netlogon script executes randomly
Hi, I have set up Samba 3.0.2a on my Debian server as a PDC. I use a Windows XP Pro laptop to log on wirelessly, and things seems to be working fine except with the logon.bat script. I have added logon script = logon.bat and the netlogon share in my smb.conf. The logon.bat has executed a few times (perhaps 10% of the times), but there is obviously a problem. The logon.bat is created with DOS style CR/LF. Anyone know what could be wrong? My smb.conf file: # Setting up Samba 3.0 as a Primary Domain Controller [global] # Server settings netbios name = sauroman workgroup = ISENGARD server string = Testing PDC security = user # guest account = smbguest encrypt passwords = yes # PDC settings domain logons = yes logon script = newlog.bat # Browser and WINS settings domain master = yes local master = yes preferred master = yes os level = 255 wins support = yes # Other services time server = yes # Debugging and Logging log level = 1 log file = /tmp/samba_%m.log max log size = 1000 #1MB debug timestamp = yes syslog = 1 [netlogon] path = /var/lib/samba/netlogon browseable = yes writable = yes # set this to no again! #[profiles] # path = /var/lib/samba/profiles # read only = no # create mask = 0600 # directory mask = 0700 [homes] comment = Home for %u writeable = yes browseable = no ; map archive = yes ;? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon script executes randomly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frode Lillerud wrote: | Hi, I have set up Samba 3.0.2a on my Debian server as a PDC. | | I use a Windows XP Pro laptop to log on wirelessly, and things seems to | be working fine except with the logon.bat script. | | I have added logon script = logon.bat and the netlogon share in my | smb.conf. | | The logon.bat has executed a few times (perhaps 10% of | the times), but there is obviously a problem. The logon.bat | is created with DOS style CR/LF. general this kind of behavior would happen if you were using cached credentials to logon. You might want to disable caching of logon credentials temporaily so help track down the problem. flakey wireless maybe ? - -- cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAY1MAIR7qMdg1EfYRAsEjAKDpVT1r+N/PJda0zqVKSuX4nvZL/gCeMYgc KUz8ZENMzZoBTqTSdPrINYc= =MQMG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon script executes randomly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter írta: | Frode Lillerud wrote: | | Hi, I have set up Samba 3.0.2a on my Debian server as a PDC. | | | | I use a Windows XP Pro laptop to log on wirelessly, and things seems to | | be working fine except with the logon.bat script. | | | | I have added logon script = logon.bat and the netlogon share in my | | smb.conf. | | | | The logon.bat has executed a few times (perhaps 10% of | | the times), but there is obviously a problem. The logon.bat | | is created with DOS style CR/LF. | | general this kind of behavior would happen if you were | using cached credentials to logon. You might want to | disable caching of logon credentials temporaily so help | track down the problem. flakey wireless maybe ? | | I would also recomend to check if you can successfully run the logon script from command prompt. I've had once problems with a Win2k box which after installing a program which filled in in the path things like C:\PROGRA~1\.., failed to find the net command. Cheers Geza -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAY2od/PxuIn+i1pIRAloXAJ9Jf51+hCQVdLRdln1/onUWjLOBNACdEd0e DET5fNRGwqKvjjKDjMBDG1I= =UNjU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon problems
Big thanks to all who helped me! I found now that I completely missconfigured my wins servers on samba, corrected it and now everything's fine... Without your hints I wouldn't have been able to find the problem, again thank u... Greetings Sascha Am Mittwoch, 24. Mrz 2004 14:06 schrieb Craig White: On Wed, 2004-03-24 at 05:08, Radio Gong 2000 GmbH Co. KG [Technik] wrote: I don't know how? Would you explain it to me? Sascha Am Mittwoch, 24. Mrz 2004 03:28 schrieben Sie: On Tue, 2004-03-23 at 11:48, Radio Gong 2000 GmbH Co. KG [Technik] wrote: Is there another possibility than importing lmhosts on every client??? sure, a command script Craig - something like including in logon.bat xcopy \\server\netlogon\lmhosts c:\winnt\system 32\drivers\inf\lmhosts Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon problems
Hi @ all, I have two samba-servers running perfectly! Now I configured a third machine which provides some backups. Since I brought it up in the network the windows client won't execute the netlogon-scripts... When I turn off samba-services on the backup-machine it works again. Did I miss something??? Maybe you can open my eyes... Best regards Sascha Here my conf-files: PDC -- # Global parameters [global] netbios name = Hunter workgroup = SNEAKER server string = SoundServer %v realm = hunter.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes wins proxy = Yes wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.1/24, 192.168.11.1/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = yes client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 33 domain master = yes preferred master = yes local master = yes time server = yes # LOGON STUFF logon script = logon.bat logon drive = logon home = logon path = template homedir = [netlogon] comment = Network Logon Service path = /data/netlogon public = No guest ok = No share modes = No # SHARES BDC -- # Global parameters [global] netbios name = Assassin workgroup = SNEAKER server string = FileServer %v realm = assassin.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.2/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = no client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 32 domain master = no preferred master = yes local master = yes time server = yes # LOGON STUFF # logon script = logon.bat logon drive = logon home = logon path = template homedir = # SHARES BACKUP -- # Global parameters [global] netbios name = Leo workgroup = SNEAKER server string = BackUpServer %v realm = leo.radiogong.intern admin users = root, administrator, sascha security = share # Use password server option only with security = server # password server = hunter.radiogong.intern dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.3/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes # client schannel = auto server schannel = no # client signing = auto # server signing = auto # FEATURE STUFF domain logons = yes
Re: [Samba] netlogon problems
Radio Gong 2000 GmbH Co. KG [Technik] schrieb: Hi @ all, I have two samba-servers running perfectly! Now I configured a third machine which provides some backups. Since I brought it up in the network the windows client won't execute the netlogon-scripts... When I turn off samba-services on the backup-machine it works again. Did I miss something??? Maybe you can open my eyes... Best regards Sascha Here my conf-files: PDC -- # Global parameters [global] netbios name = Hunter workgroup = SNEAKER server string = SoundServer %v realm = hunter.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes wins proxy = Yes wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.1/24, 192.168.11.1/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = yes client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 33 domain master = yes preferred master = yes local master = yes time server = yes # LOGON STUFF logon script = logon.bat logon drive = logon home = logon path = template homedir = [netlogon] comment = Network Logon Service path = /data/netlogon public = No guest ok = No share modes = No # SHARES BDC -- # Global parameters [global] netbios name = Assassin workgroup = SNEAKER server string = FileServer %v realm = assassin.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.2/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = no client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 32 domain master = no preferred master = yes local master = yes time server = yes # LOGON STUFF # logon script = logon.bat logon drive = logon home = logon path = template homedir = # SHARES BACKUP -- # Global parameters [global] netbios name = Leo workgroup = SNEAKER server string = BackUpServer %v realm = leo.radiogong.intern admin users = root, administrator, sascha security = share # Use password server option only with security = server # password server = hunter.radiogong.intern dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.3/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes # client schannel = auto server schannel = no # client signing = auto # server signing = auto # FEATURE
Re: [Samba] netlogon problems
Unfortunatly that's no solution... Need more help, please... Thanks in advance Sascha Am Dienstag, 23. März 2004 09:59 schrieb RRuegner: Radio Gong 2000 GmbH Co. KG [Technik] schrieb: Hi @ all, I have two samba-servers running perfectly! Now I configured a third machine which provides some backups. Since I brought it up in the network the windows client won't execute the netlogon-scripts... When I turn off samba-services on the backup-machine it works again. Did I miss something??? Maybe you can open my eyes... Best regards Sascha Here my conf-files: PDC -- # Global parameters [global] netbios name = Hunter workgroup = SNEAKER server string = SoundServer %v realm = hunter.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes wins proxy = Yes wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.1/24, 192.168.11.1/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = yes client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 33 domain master = yes preferred master = yes local master = yes time server = yes # LOGON STUFF logon script = logon.bat logon drive = logon home = logon path = template homedir = [netlogon] comment = Network Logon Service path = /data/netlogon public = No guest ok = No share modes = No # SHARES BDC -- # Global parameters [global] netbios name = Assassin workgroup = SNEAKER server string = FileServer %v realm = assassin.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.2/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = no client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 32 domain master = no preferred master = yes local master = yes time server = yes # LOGON STUFF # logon script = logon.bat logon drive = logon home = logon path = template homedir = # SHARES BACKUP -- # Global parameters [global] netbios name = Leo workgroup = SNEAKER server string = BackUpServer %v realm = leo.radiogong.intern admin users = root, administrator, sascha security = share # Use password server option only with security = server # password server = hunter.radiogong.intern dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos
Re: [Samba] netlogon problems
Just looked up which server is MASTERBROWSER indeed and it seems ok... # nmblookup -SR hunter querying hunter on 192.168.10.255 192.168.10.1 hunter00 Looking up status of 192.168.10.1 HUNTER 00 - H ACTIVE HUNTER 03 - H ACTIVE HUNTER 20 - H ACTIVE ..__MSBROWSE__. 01 - GROUP H ACTIVE SNEAKER 00 - GROUP H ACTIVE SNEAKER 1b - H ACTIVE SNEAKER 1c - GROUP H ACTIVE SNEAKER 1d - H ACTIVE SNEAKER 1e - GROUP H ACTIVE # nmblookup -SR assassin querying assassin on 192.168.10.255 192.168.10.2 assassin00 Looking up status of 192.168.10.2 ASSASSIN00 - B ACTIVE ASSASSIN03 - B ACTIVE ASSASSIN20 - B ACTIVE SNEAKER 00 - GROUP B ACTIVE SNEAKER 1c - B ACTIVE SNEAKER 1e - GROUP B ACTIVE # nmblookup -SR leo querying leo on 192.168.10.255 192.168.10.3 leo00 Looking up status of 192.168.10.3 LEO 00 - B ACTIVE LEO 03 - B ACTIVE LEO 20 - B ACTIVE SNEAKER 00 - GROUP B ACTIVE SNEAKER 1c - B ACTIVE SNEAKER 1e - GROUP B ACTIVE Am Dienstag, 23. März 2004 09:57 schrieben Sie: Just guessing but check to see if Master Browser is set to NO if one of your other two is set to yes? -Rudy -Original Message- From: Radio Gong 2000 GmbH Co. KG [Technik] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:44 AM To: [EMAIL PROTECTED] Subject: [Samba] netlogon problems Hi @ all, I have two samba-servers running perfectly! Now I configured a third machine which provides some backups. Since I brought it up in the network the windows client won't execute the netlogon-scripts... When I turn off samba-services on the backup-machine it works again. Did I miss something??? Maybe you can open my eyes... Best regards Sascha Here my conf-files: PDC -- # Global parameters [global] netbios name = Hunter workgroup = SNEAKER server string = SoundServer %v realm = hunter.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes wins proxy = Yes wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.1/24, 192.168.11.1/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = yes client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 33 domain master = yes preferred master = yes local master = yes time server = yes # LOGON STUFF logon script = logon.bat logon drive = logon home = logon path = template homedir = [netlogon] comment = Network Logon Service path = /data/netlogon public = No guest ok = No share modes = No # SHARES BDC -- # Global parameters [global] netbios name = Assassin workgroup = SNEAKER server string = FileServer %v realm = assassin.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.2/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes
Re: [Samba] netlogon problems
This is how it looks like on a windows box: nbtstat -a hunter LAN-Verbindung: Knoten-IP-Adresse: [192.168.10.53] Bereichskennung: [] NetBIOS-Namentabelle des Remotecomputers Name Typ Status - HUNTER 00 UNIQUE Registriert HUNTER 03 UNIQUE Registriert HUNTER 20 UNIQUE Registriert HUNTER 00 UNIQUE Registriert HUNTER 03 UNIQUE Registriert HUNTER 20 UNIQUE Registriert ..__MSBROWSE__.01 GROUP Registriert SNEAKER00 GROUP Registriert SNEAKER1B UNIQUE Registriert SNEAKER1C GROUP Registriert SNEAKER1D UNIQUE Registriert SNEAKER1E GROUP Registriert SNEAKER00 GROUP Registriert SNEAKER1B UNIQUE Registriert SNEAKER1C GROUP Registriert SNEAKER1D UNIQUE Registriert SNEAKER1E GROUP Registriert MAC Adresse = 00-00-00-00-00-00 nbtstat -a assassin LAN-Verbindung: Knoten-IP-Adresse: [192.168.10.53] Bereichskennung: [] NetBIOS-Namentabelle des Remotecomputers Name Typ Status - ASSASSIN 00 UNIQUE Registriert ASSASSIN 03 UNIQUE Registriert ASSASSIN 20 UNIQUE Registriert ASSASSIN 00 UNIQUE Registriert ASSASSIN 03 UNIQUE Registriert ASSASSIN 20 UNIQUE Registriert SNEAKER00 GROUP Registriert SNEAKER1C GROUP Registriert SNEAKER1E GROUP Registriert SNEAKER00 GROUP Registriert SNEAKER1C UNIQUE Registriert SNEAKER1E GROUP Registriert MAC Adresse = 00-00-00-00-00-00 nbtstat -a leo LAN-Verbindung: Knoten-IP-Adresse: [192.168.10.53] Bereichskennung: [] NetBIOS-Namentabelle des Remotecomputers Name Typ Status - LEO00 UNIQUE Registriert LEO03 UNIQUE Registriert LEO20 UNIQUE Registriert LEO00 UNIQUE Registriert LEO03 UNIQUE Registriert LEO20 UNIQUE Registriert SNEAKER00 GROUP Registriert SNEAKER1C GROUP Registriert SNEAKER1E GROUP Registriert SNEAKER00 GROUP Registriert SNEAKER1C UNIQUE Registriert SNEAKER1E GROUP Registriert MAC Adresse = 00-00-00-00-00-00 Am Dienstag, 23. März 2004 14:37 schrieb Radio Gong 2000 GmbH Co. KG [Technik]: Just looked up which server is MASTERBROWSER indeed and it seems ok... # nmblookup -SR hunter querying hunter on 192.168.10.255 192.168.10.1 hunter00 Looking up status of 192.168.10.1 HUNTER 00 - H ACTIVE HUNTER 03 - H ACTIVE HUNTER 20 - H ACTIVE ..__MSBROWSE__. 01 - GROUP H ACTIVE SNEAKER 00 - GROUP H ACTIVE SNEAKER 1b - H ACTIVE SNEAKER 1c - GROUP H ACTIVE SNEAKER 1d - H ACTIVE SNEAKER 1e - GROUP H ACTIVE # nmblookup -SR assassin querying assassin on 192.168.10.255 192.168.10.2 assassin00 Looking up status of 192.168.10.2 ASSASSIN00 - B ACTIVE ASSASSIN03 - B ACTIVE ASSASSIN20 - B ACTIVE SNEAKER 00 - GROUP B ACTIVE SNEAKER 1c - B ACTIVE SNEAKER 1e - GROUP B ACTIVE # nmblookup -SR leo querying leo on 192.168.10.255 192.168.10.3 leo00 Looking up status of 192.168.10.3 LEO 00 - B ACTIVE LEO 03 - B ACTIVE LEO 20 - B ACTIVE SNEAKER 00 - GROUP B ACTIVE SNEAKER 1c - B ACTIVE SNEAKER 1e - GROUP B ACTIVE Am Dienstag, 23. März 2004 09:57 schrieben Sie: Just guessing but check to see if Master Browser is set to NO if one of your other two is set to yes? -Rudy -Original Message- From: Radio Gong 2000 GmbH Co. KG [Technik] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:44 AM To: [EMAIL PROTECTED] Subject: [Samba] netlogon problems Hi @ all, I have two samba-servers running perfectly! Now I configured a third machine which provides some backups. Since I brought it up in the network the windows client won't execute the netlogon-scripts... When I turn off samba-services on the backup-machine it works again. Did I miss something??? Maybe you can open my
Re: [Samba] netlogon problems
: Radio Gong 2000 GmbH Co. KG [Technik] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:44 AM To: [EMAIL PROTECTED] Subject: [Samba] netlogon problems Hi @ all, I have two samba-servers running perfectly! Now I configured a third machine which provides some backups. Since I brought it up in the network the windows client won't execute the netlogon-scripts... When I turn off samba-services on the backup-machine it works again. Did I miss something??? Maybe you can open my eyes... Best regards Sascha Here my conf-files: PDC -- # Global parameters [global] netbios name = Hunter workgroup = SNEAKER server string = SoundServer %v realm = hunter.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes wins proxy = Yes wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.1/24, 192.168.11.1/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = yes client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 33 domain master = yes preferred master = yes local master = yes time server = yes # LOGON STUFF logon script = logon.bat logon drive = logon home = logon path = template homedir = [netlogon] comment = Network Logon Service path = /data/netlogon public = No guest ok = No share modes = No # SHARES BDC -- # Global parameters [global] netbios name = Assassin workgroup = SNEAKER server string = FileServer %v realm = assassin.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.2/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = no client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 32 domain master = no preferred master = yes local master = yes time server = yes # LOGON STUFF # logon script = logon.bat logon drive = logon home = logon path = template homedir = # SHARES BACKUP -- # Global parameters [global] netbios name = Leo workgroup = SNEAKER server string = BackUpServer %v realm = leo.radiogong.intern admin users = root, administrator, sascha security = share # Use password server option only with security = server # password server = hunter.radiogong.intern dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes
Re: [Samba] netlogon problems
Radio Gong 2000 GmbH Co. KG [Technik] schrieb: Unfortunatly that's no solution... Need more help, please... Thanks in advance Sascha Am Dienstag, 23. März 2004 09:59 schrieb RRuegner: Radio Gong 2000 GmbH Co. KG [Technik] schrieb: Hi @ all, I have two samba-servers running perfectly! Now I configured a third machine which provides some backups. Since I brought it up in the network the windows client won't execute the netlogon-scripts... When I turn off samba-services on the backup-machine it works again. Did I miss something??? Maybe you can open my eyes... Best regards Sascha Here my conf-files: PDC -- # Global parameters [global] netbios name = Hunter workgroup = SNEAKER server string = SoundServer %v realm = hunter.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes wins proxy = Yes wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.1/24, 192.168.11.1/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = yes client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 33 domain master = yes preferred master = yes local master = yes time server = yes # LOGON STUFF logon script = logon.bat logon drive = logon home = logon path = template homedir = [netlogon] comment = Network Logon Service path = /data/netlogon public = No guest ok = No share modes = No # SHARES BDC -- # Global parameters [global] netbios name = Assassin workgroup = SNEAKER server string = FileServer %v realm = assassin.radiogong.intern admin users = root, administrator, sascha security = user dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.2/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes client schannel = auto server schannel = no client signing = auto server signing = no # FEATURE STUFF domain logons = yes os level = 32 domain master = no preferred master = yes local master = yes time server = yes # LOGON STUFF # logon script = logon.bat logon drive = logon home = logon path = template homedir = # SHARES BACKUP -- # Global parameters [global] netbios name = Leo workgroup = SNEAKER server string = BackUpServer %v realm = leo.radiogong.intern admin users = root, administrator, sascha security = share # Use password server option only with security = server # password server = hunter.radiogong.intern dns proxy = yes # wins proxy = Yes # wins support = Yes ldap ssl = no socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 keepalive = 255 locking = 1 kernel oplocks = yes blocking locks = yes oplocks = yes level2 oplocks = yes large readwrite = yes map to guest = Bad User dos charset = ISO8859-15 unix charset = ISO8859-15 display charset = ISO8859-15 printing = cups printcap name = cups utmp = Yes host msdfs = Yes # NETWORK STUFF interfaces = 192.168.10.3/24 hosts allow = 192.168. bind interfaces only = yes nt acl support = yes # client schannel = auto server schannel = no # client signing = auto #
Re: [Samba] netlogon problems
When doing the suggested (import lmhosts), it's always: NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - SNEAKER1C GROUP 192.168.10.1-1 HUNTER 03 UNIQUE 192.168.10.1-1 HUNTER 00 UNIQUE 192.168.10.1-1 HUNTER 20 UNIQUE 192.168.10.1-1 Also after doing nbtstat -R. But now test-machine is not anymore usable for this... ;-( And what do I do know? Why are they confused this little princesses? Greetings Sascha Am Dienstag, 23. März 2004 16:05 schrieben Sie: Your windows boxes may be confused. As a test u may want to add an LMHOST entry for pdc. Ipofservergoeshere #PRE #DOM:Yourdomainname Ex..172.14.23.2#PRE #DOM:Somedomain That is a sample of how -Rudy When I do an nbtstat -c directly after logon i see: NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - SNEAKER1C GROUP 192.168.10.3565 Doing the same after turning off the smb-services on leo: NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - ASSASSIN 00 UNIQUE 192.168.10.25 SNEAKER1C GROUP 192.168.10.3472 HUNTER 00 UNIQUE 192.168.10.15 I copy via scp the following files: /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/samba/smbpasswd Maybe is this the problem??? Greetings Sascha -Original Message- From: Radio Gong 2000 GmbH Co. KG [Technik] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 9:50 AM To: Fiordilino, Rudy Subject: Re: [Samba] netlogon problems nbtstat -R says: NBT-remotecache-nametable succesfully loaded nbtstat -c says: no name in cache Greetings Sascha Am Dienstag, 23. März 2004 15:42 schrieben Sie: Sascha, Can you try an nbtstat -R then do an nbtstat -c on the windows box and paste the output to me? -Rudy -Original Message- From: Radio Gong 2000 GmbH Co. KG [Technik] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 9:31 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] netlogon problems Now I switched to: domain logons = yes os level = 32 domain master = no preferred master = no local master = no on both BDCs and it's still the same, when I start smb-services on leo the clients handle logon-requests with him... WHY? He's totally cutted... Greetings Sascha Am Dienstag, 23. März 2004 14:54 schrieb Radio Gong 2000 GmbH Co. KG [Technik]: This is how it looks like on a windows box: nbtstat -a hunter LAN-Verbindung: Knoten-IP-Adresse: [192.168.10.53] Bereichskennung: [] NetBIOS-Namentabelle des Remotecomputers Name Typ Status - HUNTER 00 UNIQUE Registriert HUNTER 03 UNIQUE Registriert HUNTER 20 UNIQUE Registriert HUNTER 00 UNIQUE Registriert HUNTER 03 UNIQUE Registriert HUNTER 20 UNIQUE Registriert ..__MSBROWSE__.01 GROUP Registriert SNEAKER00 GROUP Registriert SNEAKER1B UNIQUE Registriert SNEAKER1C GROUP Registriert SNEAKER1D UNIQUE Registriert SNEAKER1E GROUP Registriert SNEAKER00 GROUP Registriert SNEAKER1B UNIQUE Registriert SNEAKER1C GROUP Registriert SNEAKER1D UNIQUE Registriert SNEAKER1E GROUP Registriert MAC Adresse = 00-00-00-00-00-00 nbtstat -a assassin LAN-Verbindung: Knoten-IP-Adresse: [192.168.10.53] Bereichskennung: [] NetBIOS-Namentabelle des Remotecomputers Name Typ Status - ASSASSIN 00 UNIQUE Registriert ASSASSIN 03 UNIQUE Registriert ASSASSIN 20 UNIQUE Registriert ASSASSIN 00 UNIQUE Registriert ASSASSIN 03 UNIQUE Registriert ASSASSIN 20 UNIQUE Registriert SNEAKER00 GROUP Registriert SNEAKER1C GROUP Registriert SNEAKER1E GROUP Registriert SNEAKER00 GROUP Registriert SNEAKER1C UNIQUE Registriert
Re: [Samba] netlogon problems
Is there another possibility than importing lmhosts on every client??? Am Dienstag, 23. März 2004 16:43 schrieb Radio Gong 2000 GmbH Co. KG [Technik]: When doing the suggested (import lmhosts), it's always: NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - SNEAKER1C GROUP 192.168.10.1-1 HUNTER 03 UNIQUE 192.168.10.1-1 HUNTER 00 UNIQUE 192.168.10.1-1 HUNTER 20 UNIQUE 192.168.10.1-1 Also after doing nbtstat -R. But now test-machine is not anymore usable for this... ;-( And what do I do know? Why are they confused this little princesses? Greetings Sascha Am Dienstag, 23. März 2004 16:05 schrieben Sie: Your windows boxes may be confused. As a test u may want to add an LMHOST entry for pdc. Ipofservergoeshere #PRE #DOM:Yourdomainname Ex..172.14.23.2#PRE #DOM:Somedomain That is a sample of how -Rudy When I do an nbtstat -c directly after logon i see: NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - SNEAKER1C GROUP 192.168.10.3565 Doing the same after turning off the smb-services on leo: NetBIOS-Remotecache-Namentabelle Name TypHostadresse Dauer [Sek.] - ASSASSIN 00 UNIQUE 192.168.10.25 SNEAKER1C GROUP 192.168.10.3472 HUNTER 00 UNIQUE 192.168.10.15 I copy via scp the following files: /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/samba/smbpasswd Maybe is this the problem??? Greetings Sascha -Original Message- From: Radio Gong 2000 GmbH Co. KG [Technik] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 9:50 AM To: Fiordilino, Rudy Subject: Re: [Samba] netlogon problems nbtstat -R says: NBT-remotecache-nametable succesfully loaded nbtstat -c says: no name in cache Greetings Sascha Am Dienstag, 23. März 2004 15:42 schrieben Sie: Sascha, Can you try an nbtstat -R then do an nbtstat -c on the windows box and paste the output to me? -Rudy -Original Message- From: Radio Gong 2000 GmbH Co. KG [Technik] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 9:31 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] netlogon problems Now I switched to: domain logons = yes os level = 32 domain master = no preferred master = no local master = no on both BDCs and it's still the same, when I start smb-services on leo the clients handle logon-requests with him... WHY? He's totally cutted... Greetings Sascha Am Dienstag, 23. März 2004 14:54 schrieb Radio Gong 2000 GmbH Co. KG [Technik]: This is how it looks like on a windows box: nbtstat -a hunter LAN-Verbindung: Knoten-IP-Adresse: [192.168.10.53] Bereichskennung: [] NetBIOS-Namentabelle des Remotecomputers Name Typ Status - HUNTER 00 UNIQUE Registriert HUNTER 03 UNIQUE Registriert HUNTER 20 UNIQUE Registriert HUNTER 00 UNIQUE Registriert HUNTER 03 UNIQUE Registriert HUNTER 20 UNIQUE Registriert ..__MSBROWSE__.01 GROUP Registriert SNEAKER00 GROUP Registriert SNEAKER1B UNIQUE Registriert SNEAKER1C GROUP Registriert SNEAKER1D UNIQUE Registriert SNEAKER1E GROUP Registriert SNEAKER00 GROUP Registriert SNEAKER1B UNIQUE Registriert SNEAKER1C GROUP Registriert SNEAKER1D UNIQUE Registriert SNEAKER1E GROUP Registriert MAC Adresse = 00-00-00-00-00-00 nbtstat -a assassin LAN-Verbindung: Knoten-IP-Adresse: [192.168.10.53] Bereichskennung: [] NetBIOS-Namentabelle des Remotecomputers Name Typ Status - ASSASSIN 00 UNIQUE Registriert ASSASSIN 03 UNIQUE Registriert ASSASSIN 20 UNIQUE Registriert ASSASSIN 00 UNIQUE Registriert ASSASSIN 03 UNIQUE Registriert
[Samba] Netlogon
Hi, I have trouble with netlogon. My samba server is a pdc and i can logon with my workstation (xp pro) on the domain but i still receive the error that the roaming profile cannot be found. If i need to post my smb.conf you must tell it and i will post it. Kind regards --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.552 / Virus Database: 344 - Release Date: 15-12-2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon
On Thu, 2003-12-18 at 05:13, Cindy van Asch wrote: Hi, I have trouble with netlogon. My samba server is a pdc and i can logon with my workstation (xp pro) on the domain but i still receive the error that the roaming profile cannot be found. If i need to post my smb.conf you must tell it and i will post it. so little info - it only invites a guess so I will make one. permissions in the tree for the profiles share don't allow the user logging in to create the files/directories needed. You might want to check the logs for the individual workstation and for the server itself - on my systems, they tend to be in /var/log/samba/ and things to look at are smbd.log - nmbd.log and fqdn or ip .log for the connecting stations Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon script generation
Can anyone point me to a doc or a script that shows how to generate netlogon script on the fly and supports users having multiple groups? I tried the Perl script referenced at http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I believe it only supports the user being a member of one group. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon script generation
Hi, here is an example start this script with root prexec in the netlogon
share
it will create netlogon bat files for users and groups which can
the orginal file is genlogon.pl
which is part of samba, read the doku, all other stuff is done by netlogon
bat files ( there are several examples in the web )
Best Regards
#!/usr/bin/perl
#
# login.pl
# creation on the fly logon scripts by [EMAIL PROTECTED] inspired by
genlogon.pl
# Log client connection
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
open LOG, /smbmonitor/user/netlogon.txt;
print LOG $mon/$mday/$year $hour:$min:$sec - User $ARGV[0] Group $ARGV[1]\n
from $ARGV[2] in $ARGV[3];
close LOG;
# Start generating logon script for user
open LOGON, /var/lib/samba/netlogon/$ARGV[0].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n echo %USERNAME%\r\n call send.bat\r\n;
# Start generating logon script for machine for different security
monitoring
open LOGON, /var/lib/samba/netlogon/$ARGV[2].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n call chkdir.bat\r\n call listapp.bat
$ARGV[3]\\smbmonitor\\machines\\$ARGV[2]\\software\\$A$
# Start generating logon script for group
open LOGON, /var/lib/samba/netlogon/$ARGV[1].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n;
# Connect shares for group users
if ($ARGV[1] eq users)
{
print LOGON NET USE X: $ARGV[3]\\files\r\n;
}
# Connect shares for group ntadmin
if ($ARGV[1] eq ntadmin)
{
print LOGON NET USE Y: $ARGV[3]\\smbmonitor\r\n;
}
- Original Message -
From: Andrew Gaffney [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 6:02 PM
Subject: [Samba] netlogon script generation
Can anyone point me to a doc or a script that shows how to generate
netlogon script on the
fly and supports users having multiple groups? I tried the Perl script
referenced at
http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I
believe it only
supports the user being a member of one group.
--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon script generation
This was the script I was refering to that didn't work for me. I ended up re-writing
almost completely from scratch to support multiple groups.
#!/usr/bin/perl
my ($user) = @ARGV;
my $drives = {F = NET USE F: SKYLINE\\SKYLINEF\r\n,
H = NET USE H: SKYLINE\\SHARE\r\n,
I = NET USE I: SHIPPING1\\INVENTORY\r\n,
M = NET USE M: SKYLINE\\SKYLINEM\r\n,
S = NET USE S: SHIPPING1\\SHOP\r\n,
Y = NET USE Y: ACCOUNTING\\FLTSCHOOL\r\n,
Z = NET USE Z: ACCOUNTING\\MAINT\r\n};
my $which = {accounting = F H I M S Y Z, mech = I M S Z, dispatch = M,
instructors = M};
my $groups = `cat /etc/group | grep ${user} | cut -d ':' -f 1`;
$groups =~ s/\n/\:/sg;
# Start generating logon script
#open LOGON, /usr/local/samba/netlogon/${user}.bat;
open LOGON, /tmp/${user}.bat;
print LOGON [EMAIL PROTECTED] OFF\r\n;
foreach $group (split /:/, $groups) {
foreach $drive (split / /, $which-{$group}) {
print LOGON $drives-{$drive};
}
}
close LOGON;
system cat /tmp/${user}.bat | sort -u /usr/local/samba/netlogon/${user}.bat;
rruegner wrote:
Hi, here is an example start this script with root prexec in the netlogon
share
it will create netlogon bat files for users and groups which can
the orginal file is genlogon.pl
which is part of samba, read the doku, all other stuff is done by netlogon
bat files ( there are several examples in the web )
Best Regards
#!/usr/bin/perl
#
# login.pl
# creation on the fly logon scripts by [EMAIL PROTECTED] inspired by
genlogon.pl
# Log client connection
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
open LOG, /smbmonitor/user/netlogon.txt;
print LOG $mon/$mday/$year $hour:$min:$sec - User $ARGV[0] Group $ARGV[1]\n
from $ARGV[2] in $ARGV[3];
close LOG;
# Start generating logon script for user
open LOGON, /var/lib/samba/netlogon/$ARGV[0].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n echo %USERNAME%\r\n call send.bat\r\n;
# Start generating logon script for machine for different security
monitoring
open LOGON, /var/lib/samba/netlogon/$ARGV[2].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n call chkdir.bat\r\n call listapp.bat
$ARGV[3]\\smbmonitor\\machines\\$ARGV[2]\\software\\$A$
# Start generating logon script for group
open LOGON, /var/lib/samba/netlogon/$ARGV[1].bat;
print LOGON [EMAIL PROTECTED] OFF\r\n;
# Connect shares for group users
if ($ARGV[1] eq users)
{
print LOGON NET USE X: $ARGV[3]\\files\r\n;
}
# Connect shares for group ntadmin
if ($ARGV[1] eq ntadmin)
{
print LOGON NET USE Y: $ARGV[3]\\smbmonitor\r\n;
}
- Original Message -
From: Andrew Gaffney [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 6:02 PM
Subject: [Samba] netlogon script generation
Can anyone point me to a doc or a script that shows how to generate
netlogon script on the
fly and supports users having multiple groups? I tried the Perl script
referenced at
http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I
believe it only
supports the user being a member of one group.
--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
Andrew Gaffney
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon script generation
On Tue, 2003-12-09 at 12:02, Andrew Gaffney wrote: Can anyone point me to a doc or a script that shows how to generate netlogon script on the fly and supports users having multiple groups? I tried the Perl script referenced at http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I believe it only supports the user being a member of one group. Deryk Robosson wrote some scripts that I modified to parse group membership (based upon /etc/group which may or may not be best). If you want to try them you can get them at http://scnc.lsd.k12.mi.us/~mrambo/netlogon-0.2.tar.gz I had planned on sending the group updates back to Deryk to see if he wanted to incorporate them into his release but I never got the preexec stuff to work so I never sent him the updates. You're welcome to give them a whirl. We are using the scripts daily but not in the way which was originally envisioned (much to my chagrin). If you can get the root preexec stuff to work I'd love to know how you do it. I tried repeatedly, even with some help from Deryk, and asked a least a couple of different times on this list for help but I can't get the root preexec to work for nothing. -- Mike Rambo [EMAIL PROTECTED] NOTE: In order to control energy costs the light at the end of the tunnel has been shut off until further notice... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon script generation
Mike Rambo wrote: On Tue, 2003-12-09 at 12:02, Andrew Gaffney wrote: Can anyone point me to a doc or a script that shows how to generate netlogon script on the fly and supports users having multiple groups? I tried the Perl script referenced at http://us2.samba.org/samba/docs/man/AdvancedNetworkManagement.html but I believe it only supports the user being a member of one group. Deryk Robosson wrote some scripts that I modified to parse group membership (based upon /etc/group which may or may not be best). If you want to try them you can get them at http://scnc.lsd.k12.mi.us/~mrambo/netlogon-0.2.tar.gz I had planned on sending the group updates back to Deryk to see if he wanted to incorporate them into his release but I never got the preexec stuff to work so I never sent him the updates. You're welcome to give them a whirl. We are using the scripts daily but not in the way which was originally envisioned (much to my chagrin). If you can get the root preexec stuff to work I'd love to know how you do it. I tried repeatedly, even with some help from Deryk, and asked a least a couple of different times on this list for help but I can't get the root preexec to work for nothing. I got the 'root preexec' to work without a problem: [netlogon] comment = The domain logon service path = /usr/local/samba/netlogon public = no writeable = no root preexec = /etc/samba/genlogon.pl %U I already posted my script in this thread. It also parses /etc/group to determine what groups a specific user is in. -- Andrew Gaffney -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon script = %U.bat ; %G.bat ;%m.bat in samba3 possible?
Hi Sambatistas, I have running Samba 3 Rc2 cvs as Pdc which is now really working fine. I was able to setup login script generation on the fly with root preexec enabled in the netlogon share. So i have now have scripts for machines %m.bat i.e. win2k.bat for groups %G.bat i.e users.bat for user %U.bat i.e. testuser.bat created in the netlogon share after login. now i want to combinate this logon scripts my question is ,can i do something like netlogon script = %u.bat ; %G.bat ; %m.bat i played a little bit with this and read the faqs it looks like its not possible to combinate.Can anyone veryfi this? I seéms to me that there is an default login.bat needed which checks user group machine and overtake this parameters to execute the related batch files in windows at logon time. Does anyone has such kind of script? Best Regards -- COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test -- 1. GMX TopMail - Platz 1 und Testsieger! 2. GMX ProMail - Platz 2 und Preis-Qualitätssieger! 3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon sometimes works (corrected with smb.confattached)
Hi Kurt, thanks for that. Our ping times are faster than that, I have now created the server without any extra software running (we were running domino on the box as well), so now it is purely a fileserver, running backup DNS, DHCP, NIS, NTP. If I turn my PC off, and log on it executes the NETLOGON script each and every time (great!), alas, if I log out and log back in, chances are it won't work (not so great), if I persevere, it will eventually work again, for a while. So, even with less load, it occasionally works, though I am perplexed as to why it appears to always work when I reboot my PC, perhaps there is something in windows that it messing up? We run Windows 2000 at the moment and are waiting to launch Windows XP on the poor users in the near future. Jason Walton Nomad Software Ltd 186 Regent Street London W1B 5TN Tel. +44 (20) 7292 2459 Fax. +44 (20) 7292 2401 www.nomadsoft.com Kurt Weiss [EMAIL PROTECTED] 31/01/2003 07:00 To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject:Re: [Samba] netlogon sometimes works (corrected with smb.conf attached) hello jason, we are using successful netlogon over years. - at first we had similar problems. the reason lied in the batch file: 1) the batch was written on linux, so the CR was missing at the end of the line... 2) we used net use without the /y flag - windows did not rebind the drive, but deleted the old link. (so onetimes the link was here, next times it missed...) hardware: if u have not the possibility/experience to look at the network packets, so u can test your stability in a simple way: use ping with a big packet size, and u will find out, if there is a problem with your network connection: in windows (stop with ctrl-c): ping -t -l 65000 XXX.XXX.XXX.XXX should look like this: == Ping wird ausgeführt für 192.168.10.1 mit 65000 Bytes Daten: Antwort von 192.168.10.1: Bytes=65000 Zeit=16ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=16ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=16ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=16ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit10ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit10ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=15ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=15ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=15ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=15ms TTL=255 Ping-Statistik für 192.168.10.1: Pakete: Gesendet = 10, Empfangen = 10, Verloren = 0 (0% Verlust), Ca. Zeitangaben in Millisek.: Minimum = 0ms, Maximum = 16ms, Mittelwert = 12ms == in linux (stop with ctrl-c): mail:~ # ping -fs 65000 XXX.XXX.XXX should look like this: == PING 192.168.10.10 (192.168.10.10) from 192.168.10.1 : 65000(65028) bytes of data. . --- 192.168.10.10 ping statistics --- 458 packets transmitted, 457 received, 0% loss, time 6461ms rtt min/avg/max/mdev = 12.748/12.875/17.226/0.242 ms, pipe 2, ipg/ewma 14.139/12.880ms == i hope it helped... gk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netlogon script help!
can anyone point me in the right direction to obtain a good samba logon script for WIN XP thanks a bunch!!! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] netlogon sometimes works (corrected with smb.confattached)
John, I have no success with packet sniffing, the netlogon share either works or it doesn't. Our boxes are not overly loaded, but I took your advice and tinkered with the loading. Over the passed week, it gets the netlogon share executed more times than not (at the moment) but it still isn't perfect (100% record is what I'd expect from a PDC). I suspect it is a problem within samba in terms of how fast it looks at certainincoming network packets, as the password logon works fine every single time, but connecting to the PDC and executing the NETLOGON share are problematic.. Anyway, thanks for your help. Hopefully, a bit more load balancing will get it working 100% of the time. Jason Walton Nomad Software Ltd 186 Regent Street London W1B 5TN Tel. +44 (20) 7292 2459 Fax. +44 (20) 7292 2401 www.nomadsoft.com John H Terpstra [EMAIL PROTECTED] 25/01/2003 05:05 To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject:Re: [Samba] netlogon sometimes works (corrected with smb.conf attached) Jason, Apologies for the dealy, I was at LinuxWorld Expo New York all week and just got home. You should use a network sniffer (like Ethereal) to capture a trace of a logon that works correctly and one that does not. Then examine the differences to find what went wrong. It should tell you where things broke down. If timing is the issue t hen your authentication server may be problematic. In this case you would need to either isolate the problem, or move the authentication (netlogon) service to another machine that is more responsive. - John T. On Wed, 22 Jan 2003 [EMAIL PROTECTED] wrote: John, thanks for your help thus far. I switched switches that the PDC is plugged into and it almost had me believing that it worked, I managed to log in three times in quick succession and each time it executed the netlogon script. Alas, inconsistency reared its ugly head once more and now I either get a successful logon (netlogon script runs) or a plain logon (validates my password, creates my profile share (z drive), but fails to run the netlogon share). Which brings me to ask the question, is the netlogon share affected by network acvtivity? The PDC server is running fileservices, domino, and other items. Password validation isn't a problem, but getting samba to process the netlogon, is a pain. Everything that did run on the NT server has been migrated to the solaris machine and works better and faster than before. The PDC is the last item left, I'm wondering if Samba needs a more dedicated host to invoke netlogon? Domino can be quite intensive on network activity when replicating between sites, so would this network deluge put samba off from the 'less critical' execution of the netlogon share? FYI our NT server is an old Pentium, 64Mb RAM, 10M network card. our solaris PDC server is a dual PIII, 1Gb RAM, 100M network card. Jason Walton Nomad Software Ltd 186 Regent Street London W1B 5TN Tel. +44 (20) 7292 2459 Fax. +44 (20) 7292 2401 www.nomadsoft.com John H Terpstra [EMAIL PROTECTED] 21/01/2003 03:46 To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject:Re: [Samba] netlogon sometimes works (corrected with smb.conf attached) Jason, We have gone over a few things already. You are using WINS, that means your MS Windows clients should not have any trouble finding your samba server and the services that run on it. The only time I have seen similar behaviour, given that everything is correctly configured from a Samba and MS Windows networking perspective, has been where there has been a jabbering network card or a defective HUB. Have you tried replacing the NICs in a client and the server? Have you tried a cross-over cable between the two to validate that you the network login process correctly completes EVERY time. If with known working NICs and a cross-over cable you can reproduce the failure to execute the network logon process correctly, then it might be time to turn back to blaming the Samba or MS Windows configuration. - John T. On Mon, 20 Jan 2003 [EMAIL PROTECTED] wrote: Could anybody please help? I have tried all sorts and nothing will fix the problem permamently. I have a samba PDC which on occasion happily logs a user on and processes the NETLOGON share. However, it doesn't always run this service. I have placed preexec commands in both the profiles and netlogon shares, only the profiles preexec is executed. Reboots don't make any difference, only determed logout / logins will eventually get the netlogon share executed. I have included the full smb.conf file, samba is now running 2.2.7a, each upgrade results in the same problem. We have two domains, one controlled by an old NT PDC (this is to be retired) and one by a new samba PDC (to be the main PDC for all machines, once they are migrated). I have noticed that trying to join the samba
Re: [Samba] netlogon sometimes works (corrected with smb.confattached)
hello jason, we are using successful netlogon over years. - at first we had similar problems. the reason lied in the batch file: 1) the batch was written on linux, so the CR was missing at the end of the line... 2) we used net use without the /y flag - windows did not rebind the drive, but deleted the old link. (so onetimes the link was here, next times it missed...) hardware: if u have not the possibility/experience to look at the network packets, so u can test your stability in a simple way: use ping with a big packet size, and u will find out, if there is a problem with your network connection: in windows (stop with ctrl-c): ping -t -l 65000 XXX.XXX.XXX.XXX should look like this: == Ping wird ausgeführt für 192.168.10.1 mit 65000 Bytes Daten: Antwort von 192.168.10.1: Bytes=65000 Zeit=16ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=16ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=16ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=16ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit10ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit10ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=15ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=15ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=15ms TTL=255 Antwort von 192.168.10.1: Bytes=65000 Zeit=15ms TTL=255 Ping-Statistik für 192.168.10.1: Pakete: Gesendet = 10, Empfangen = 10, Verloren = 0 (0% Verlust), Ca. Zeitangaben in Millisek.: Minimum = 0ms, Maximum = 16ms, Mittelwert = 12ms == in linux (stop with ctrl-c): mail:~ # ping -fs 65000 XXX.XXX.XXX should look like this: == PING 192.168.10.10 (192.168.10.10) from 192.168.10.1 : 65000(65028) bytes of data. . --- 192.168.10.10 ping statistics --- 458 packets transmitted, 457 received, 0% loss, time 6461ms rtt min/avg/max/mdev = 12.748/12.875/17.226/0.242 ms, pipe 2, ipg/ewma 14.139/12.880ms == i hope it helped... gk [EMAIL PROTECTED] schrieb: John, I have no success with packet sniffing, the netlogon share either works or it doesn't. Our boxes are not overly loaded, but I took your advice and tinkered with the loading. Over the passed week, it gets the netlogon share executed more times than not (at the moment) but it still isn't perfect (100% record is what I'd expect from a PDC). I suspect it is a problem within samba in terms of how fast it looks at certainincoming network packets, as the password logon works fine every single time, but connecting to the PDC and executing the NETLOGON share are problematic.. Anyway, thanks for your help. Hopefully, a bit more load balancing will get it working 100% of the time. Jason Walton Nomad Software Ltd 186 Regent Street London W1B 5TN Tel. +44 (20) 7292 2459 Fax. +44 (20) 7292 2401 www.nomadsoft.com John H Terpstra [EMAIL PROTECTED] 25/01/2003 05:05 To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject:Re: [Samba] netlogon sometimes works (corrected with smb.conf attached) Jason, Apologies for the dealy, I was at LinuxWorld Expo New York all week and just got home. You should use a network sniffer (like Ethereal) to capture a trace of a logon that works correctly and one that does not. Then examine the differences to find what went wrong. It should tell you where things broke down. If timing is the issue t hen your authentication server may be problematic. In this case you would need to either isolate the problem, or move the authentication (netlogon) service to another machine that is more responsive. - John T. On Wed, 22 Jan 2003 [EMAIL PROTECTED] wrote: John, thanks for your help thus far. I switched switches that the PDC is plugged into and it almost had me believing that it worked, I managed to log in three times in quick succession and each time it executed the netlogon script. Alas, inconsistency reared its ugly head once more and now I either get a successful logon (netlogon script runs) or a plain logon (validates my password, creates my profile share (z drive), but fails to run the netlogon share). Which brings me to ask the question, is the netlogon share affected by network acvtivity? The PDC server is running fileservices, domino, and other items. Password validation isn't a problem, but getting samba to process the netlogon, is a pain. Everything that did run on the NT server has been migrated to the solaris machine and works better and faster than before. The PDC is the last item left, I'm wondering if Samba needs a more dedicated host to invoke netlogon? Domino can be quite intensive on network activity when replicating between sites, so would this network deluge put samba off from the 'less critical' execution of the netlogon share? FYI our NT server
Re: [Samba] netlogon sometimes works (corrected with smb.confattached)
John, thanks for your help thus far. I switched switches that the PDC is plugged into and it almost had me believing that it worked, I managed to log in three times in quick succession and each time it executed the netlogon script. Alas, inconsistency reared its ugly head once more and now I either get a successful logon (netlogon script runs) or a plain logon (validates my password, creates my profile share (z drive), but fails to run the netlogon share). Which brings me to ask the question, is the netlogon share affected by network acvtivity? The PDC server is running fileservices, domino, and other items. Password validation isn't a problem, but getting samba to process the netlogon, is a pain. Everything that did run on the NT server has been migrated to the solaris machine and works better and faster than before. The PDC is the last item left, I'm wondering if Samba needs a more dedicated host to invoke netlogon? Domino can be quite intensive on network activity when replicating between sites, so would this network deluge put samba off from the 'less critical' execution of the netlogon share? FYI our NT server is an old Pentium, 64Mb RAM, 10M network card. our solaris PDC server is a dual PIII, 1Gb RAM, 100M network card. Jason Walton Nomad Software Ltd 186 Regent Street London W1B 5TN Tel. +44 (20) 7292 2459 Fax. +44 (20) 7292 2401 www.nomadsoft.com John H Terpstra [EMAIL PROTECTED] 21/01/2003 03:46 To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject:Re: [Samba] netlogon sometimes works (corrected with smb.conf attached) Jason, We have gone over a few things already. You are using WINS, that means your MS Windows clients should not have any trouble finding your samba server and the services that run on it. The only time I have seen similar behaviour, given that everything is correctly configured from a Samba and MS Windows networking perspective, has been where there has been a jabbering network card or a defective HUB. Have you tried replacing the NICs in a client and the server? Have you tried a cross-over cable between the two to validate that you the network login process correctly completes EVERY time. If with known working NICs and a cross-over cable you can reproduce the failure to execute the network logon process correctly, then it might be time to turn back to blaming the Samba or MS Windows configuration. - John T. On Mon, 20 Jan 2003 [EMAIL PROTECTED] wrote: Could anybody please help? I have tried all sorts and nothing will fix the problem permamently. I have a samba PDC which on occasion happily logs a user on and processes the NETLOGON share. However, it doesn't always run this service. I have placed preexec commands in both the profiles and netlogon shares, only the profiles preexec is executed. Reboots don't make any difference, only determed logout / logins will eventually get the netlogon share executed. I have included the full smb.conf file, samba is now running 2.2.7a, each upgrade results in the same problem. We have two domains, one controlled by an old NT PDC (this is to be retired) and one by a new samba PDC (to be the main PDC for all machines, once they are migrated). I have noticed that trying to join the samba domain over a VPN is impossible, whereas joining the NT domain, works first time. I don't know if this last bit is relevant to the problem or not. # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not many any basic syntactic errors. # #=== Global Settings = [global] ## ## Basic Server Settings ## netbios name = PDC netbios aliases = FILESERVER # netbios name = PDCM # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = NOMAD # workgroup = PDC1 # server string is the equivalent of the NT Description field server string = Nomad PDC (Samba %v) #JOWserver string = Samba Server 2.2.6 # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.2. 192.168.1. 127.0.0.1 # Uncomment this if you want a guest
Re: [Samba] netlogon sometimes works (corrected with smb.confattached)
Jason, Apologies for the dealy, I was at LinuxWorld Expo New York all week and just got home. You should use a network sniffer (like Ethereal) to capture a trace of a logon that works correctly and one that does not. Then examine the differences to find what went wrong. It should tell you where things broke down. If timing is the issue t hen your authentication server may be problematic. In this case you would need to either isolate the problem, or move the authentication (netlogon) service to another machine that is more responsive. - John T. On Wed, 22 Jan 2003 [EMAIL PROTECTED] wrote: John, thanks for your help thus far. I switched switches that the PDC is plugged into and it almost had me believing that it worked, I managed to log in three times in quick succession and each time it executed the netlogon script. Alas, inconsistency reared its ugly head once more and now I either get a successful logon (netlogon script runs) or a plain logon (validates my password, creates my profile share (z drive), but fails to run the netlogon share). Which brings me to ask the question, is the netlogon share affected by network acvtivity? The PDC server is running fileservices, domino, and other items. Password validation isn't a problem, but getting samba to process the netlogon, is a pain. Everything that did run on the NT server has been migrated to the solaris machine and works better and faster than before. The PDC is the last item left, I'm wondering if Samba needs a more dedicated host to invoke netlogon? Domino can be quite intensive on network activity when replicating between sites, so would this network deluge put samba off from the 'less critical' execution of the netlogon share? FYI our NT server is an old Pentium, 64Mb RAM, 10M network card. our solaris PDC server is a dual PIII, 1Gb RAM, 100M network card. Jason Walton Nomad Software Ltd 186 Regent Street London W1B 5TN Tel. +44 (20) 7292 2459 Fax. +44 (20) 7292 2401 www.nomadsoft.com John H Terpstra [EMAIL PROTECTED] 21/01/2003 03:46 To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject:Re: [Samba] netlogon sometimes works (corrected with smb.conf attached) Jason, We have gone over a few things already. You are using WINS, that means your MS Windows clients should not have any trouble finding your samba server and the services that run on it. The only time I have seen similar behaviour, given that everything is correctly configured from a Samba and MS Windows networking perspective, has been where there has been a jabbering network card or a defective HUB. Have you tried replacing the NICs in a client and the server? Have you tried a cross-over cable between the two to validate that you the network login process correctly completes EVERY time. If with known working NICs and a cross-over cable you can reproduce the failure to execute the network logon process correctly, then it might be time to turn back to blaming the Samba or MS Windows configuration. - John T. On Mon, 20 Jan 2003 [EMAIL PROTECTED] wrote: Could anybody please help? I have tried all sorts and nothing will fix the problem permamently. I have a samba PDC which on occasion happily logs a user on and processes the NETLOGON share. However, it doesn't always run this service. I have placed preexec commands in both the profiles and netlogon shares, only the profiles preexec is executed. Reboots don't make any difference, only determed logout / logins will eventually get the netlogon share executed. I have included the full smb.conf file, samba is now running 2.2.7a, each upgrade results in the same problem. We have two domains, one controlled by an old NT PDC (this is to be retired) and one by a new samba PDC (to be the main PDC for all machines, once they are migrated). I have noticed that trying to join the samba domain over a VPN is impossible, whereas joining the NT domain, works first time. I don't know if this last bit is relevant to the problem or not. # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not many any basic syntactic errors. # #=== Global Settings = [global] ## ## Basic Server Settings ## netbios name = PDC netbios aliases = FILESERVER # netbios name = PDCM # workgroup = NT-Domain
