Re: [Samba] netlogon.bat issues
Hi Guys, I have similar problem. I am following the instructions in http://www.samba.org/samba/docs/man/...#magicnetlogon to add domain users to the winxp clients Power Users group. Code: autopoweruser.sh #!/bin/bash /usr/bin/net rpc group addmem "Power Users" "DOMAIN_NAME\$1" \ -UAdministrator%secret -S $2 exit 0 [netlogon] comment = Netlogon Share path = /export/samba/logon root preexec = /etc/samba/scripts/autopoweruser.sh %U %m read only = Yes guest ok = Yes But, this is not working as the user is still not added to the Power Users group after login.. Can anybody help Avinash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon.bat issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Crow wrote: > Depending on the version of Samba, it could be that "passdb expand > explicit = yes" is required. I ran across this in a similar situation > due to a change in default behaviour. > > Alex Alex, Thanks for the info, I will investigate this, I am currently using version 3.2.11. I am using ldap as my backend, is the passdb expand explicit parameter compatible with such a configuration? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkqNvAAACgkQ5B+8XEnAvqsBmQCeNTbL9EqYl3OKOwgIsZ6kzE2e R2sAn1OCHsuX7FWybexBMqihlkKGvNtb =iSNF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon.bat issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dale Schroeder wrote: > David Christensen wrote: > > Dale Schroeder wrote: > > > David, > > Your netlogon share is more complicated than most. > Consider initially commenting out all the mask and mode parameters and the > valid users parameter. > If it then works, add them back one at a time until it breaks. > > Depending on what the global preexec script does, you may want to initially > disable that also. > > Check that the execute bit is set on the .bat files. I used 755 permissions > with root:root ownership. > Check the permissions throughout the entire netlogon path > (/mnt/samba/netlogon). > Were the files created in a DOS/Windows editor? > > Dale > > > David Christensen wrote: > > David Christensen wrote: > > > I have samba configured so that users have their own netlogon.bat file > (e.g. %U.bat) and each user has a .bat with their username in the > netlogon share. > > So far I have been unable to get any of the shares that I have defined > in the batch file to be mounted when a user logs in. Here is a snapshot > of both the netlogon section of my smb.conf file and the %U.bat file I > am using: > > smb.conf: > > [global] > ... > preexec = /usr/local/bin/netlogon %U > logon script = %U.bat > logon home = \\%L\%U\.profiles > logon path = \\%L\profiles$\%U > logon drive = Z: > > > > [netlogon] > path = /mnt/samba/netlogon > admin users = root, Administrator, Admin > valid users = %U > read only = no > browsable = no > create mask = 0770 > force create mode = 0060 > create directory mask = 0770 > force directory mode = 0070 > security mask = 0777 > directory security mask = 0777 > > %U.bat: > @echo off > REM # In this example it is assumed the smb.conf handles home drive mapping > REM # All users get access to Common drive > net use Y: \\192.168.155.20\common > > > REM # Lastly lets set the davidc's time to 192.168.155.20's time > net time \\192.168.155.20 /set /yes > > > > Updated info > > The user can run the batch file manually from the netlogon share, so the > issue seems to be with it running automatically, is there any logs that > would capture an attempt to execute this file? > > > Determined by the "log file" and "log level" parameters, usually located in > /var/log/samba. > > > The preexec script actually creates a netlogon.bat file for each user > when they log in and sets the file ownership to that of the user logging > in. So the batch file is being created by the Linux server. Since I > can execute the bat files manually via a command line on an XP host, > wouldn't that mean that the file is ok? > > > Everything I've read says the logon scripts have to be in DOS format. Here's > one example of that admonition: > http://oreilly.com/catalog/samba/chapter/book/ch06_06.html > > To keep it automated, you could add a unix2dos command in the script. > > > I commented everything you mentioned out and changed the file > permissions, still not playing fair. > > > The other parameters you provided look fairly standard. > > Dale > > > David > > Dale, The preexec script that creates the user batch file actually converts the .bat file to DOS format using unix2dos so that is why running it manually works and should work when a user logs in. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkqNtVQACgkQ5B+8XEnAvqs0MACfWSd8VIOHv90cCTGEUBPjKiVQ FYEAniAL/GCLwTas0zKQGL5huARLGd2M =j0es -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon.bat issues
Depending on the version of Samba, it could be that "passdb expand explicit = yes" is required. I ran across this in a similar situation due to a change in default behaviour. Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. "Transact" is operated by Integrated Financial Arrangements plc Domain House, 5-7 Singer Street, London EC2A 4BQ Tel: (020) 7608 4900 Fax: (020) 7608 1200 (Registered office: as above; Registered in England and Wales under number: 3727592) Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon.bat issues
David Christensen wrote: Dale Schroeder wrote: David, Your netlogon share is more complicated than most. Consider initially commenting out all the mask and mode parameters and the valid users parameter. If it then works, add them back one at a time until it breaks. Depending on what the global preexec script does, you may want to initially disable that also. Check that the execute bit is set on the .bat files. I used 755 permissions with root:root ownership. Check the permissions throughout the entire netlogon path (/mnt/samba/netlogon). Were the files created in a DOS/Windows editor? Dale David Christensen wrote: David Christensen wrote: I have samba configured so that users have their own netlogon.bat file (e.g. %U.bat) and each user has a .bat with their username in the netlogon share. So far I have been unable to get any of the shares that I have defined in the batch file to be mounted when a user logs in. Here is a snapshot of both the netlogon section of my smb.conf file and the %U.bat file I am using: smb.conf: [global] ... preexec = /usr/local/bin/netlogon %U logon script = %U.bat logon home = \\%L\%U\.profiles logon path = \\%L\profiles$\%U logon drive = Z: [netlogon] path = /mnt/samba/netlogon admin users = root, Administrator, Admin valid users = %U read only = no browsable = no create mask = 0770 force create mode = 0060 create directory mask = 0770 force directory mode = 0070 security mask = 0777 directory security mask = 0777 %U.bat: @echo off REM # In this example it is assumed the smb.conf handles home drive mapping REM # All users get access to Common drive net use Y: \\192.168.155.20\common REM # Lastly lets set the davidc's time to 192.168.155.20's time net time \\192.168.155.20 /set /yes Updated info The user can run the batch file manually from the netlogon share, so the issue seems to be with it running automatically, is there any logs that would capture an attempt to execute this file? Determined by the "log file" and "log level" parameters, usually located in /var/log/samba. The preexec script actually creates a netlogon.bat file for each user when they log in and sets the file ownership to that of the user logging in. So the batch file is being created by the Linux server. Since I can execute the bat files manually via a command line on an XP host, wouldn't that mean that the file is ok? Everything I've read says the logon scripts have to be in DOS format. Here's one example of that admonition: http://oreilly.com/catalog/samba/chapter/book/ch06_06.html To keep it automated, you could add a unix2dos command in the script. I commented everything you mentioned out and changed the file permissions, still not playing fair. The other parameters you provided look fairly standard. Dale David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon.bat issues
Hallo, Dale, Du meintest am 20.08.09: > Check that the execute bit is set on the .bat files. I used 755 > permissions with root:root ownership. That's not necessary. It has to be run (read) under DOS/Windows from a Windows client, not run under Linux. Therefore 644 is enough (maybe 640 does reach). Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon.bat issues
Hallo, David, Du meintest am 20.08.09: > The preexec script actually creates a netlogon.bat file for each user > when they log in and sets the file ownership to that of the user > logging in. Can DOS/Windows run this batch file? If it's created under Linux maybe it has Linux LF and not DOS CRLF. A simple check is "opening" it with "notepad" (not with "wordpad"). > So the batch file is being created by the Linux server. > Since I can execute the bat files manually via a command line on an > XP host, wouldn't that mean that the file is ok? That's the minimum. I can't believe that your way is useful. I'd prefer 1 logon.bat for all users with some "if ... then" parts for special cases. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon.bat issues
Dale Schroeder wrote: > David, > > Your netlogon share is more complicated than most. > Consider initially commenting out all the mask and mode parameters and the > valid users parameter. > If it then works, add them back one at a time until it breaks. > > Depending on what the global preexec script does, you may want to initially > disable that also. > > Check that the execute bit is set on the .bat files. I used 755 permissions > with root:root ownership. > Check the permissions throughout the entire netlogon path > (/mnt/samba/netlogon). > Were the files created in a DOS/Windows editor? > > Dale > > > David Christensen wrote: > > David Christensen wrote: > > > I have samba configured so that users have their own netlogon.bat file > (e.g. %U.bat) and each user has a .bat with their username in the > netlogon share. > > So far I have been unable to get any of the shares that I have defined > in the batch file to be mounted when a user logs in. Here is a snapshot > of both the netlogon section of my smb.conf file and the %U.bat file I > am using: > > smb.conf: > > [global] > ... > preexec = /usr/local/bin/netlogon %U > logon script = %U.bat > logon home = \\%L\%U\.profiles > logon path = \\%L\profiles$\%U > logon drive = Z: > > > > [netlogon] > path = /mnt/samba/netlogon > admin users = root, Administrator, Admin > valid users = %U > read only = no > browsable = no > create mask = 0770 > force create mode = 0060 > create directory mask = 0770 > force directory mode = 0070 > security mask = 0777 > directory security mask = 0777 > > %U.bat: > @echo off > REM # In this example it is assumed the smb.conf handles home drive mapping > REM # All users get access to Common drive > net use Y: \\192.168.155.20\common > > > REM # Lastly lets set the davidc's time to 192.168.155.20's time > net time \\192.168.155.20 /set /yes > > > > Updated info > > The user can run the batch file manually from the netlogon share, so the > issue seems to be with it running automatically, is there any logs that > would capture an attempt to execute this file? The preexec script actually creates a netlogon.bat file for each user when they log in and sets the file ownership to that of the user logging in. So the batch file is being created by the Linux server. Since I can execute the bat files manually via a command line on an XP host, wouldn't that mean that the file is ok? I commented everything you mentioned out and changed the file permissions, still not playing fair. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon.bat issues
David, Your netlogon share is more complicated than most. Consider initially commenting out all the mask and mode parameters and the valid users parameter. If it then works, add them back one at a time until it breaks. Depending on what the global preexec script does, you may want to initially disable that also. Check that the execute bit is set on the .bat files. I used 755 permissions with root:root ownership. Check the permissions throughout the entire netlogon path (/mnt/samba/netlogon). Were the files created in a DOS/Windows editor? Dale David Christensen wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Christensen wrote: I have samba configured so that users have their own netlogon.bat file (e.g. %U.bat) and each user has a .bat with their username in the netlogon share. So far I have been unable to get any of the shares that I have defined in the batch file to be mounted when a user logs in. Here is a snapshot of both the netlogon section of my smb.conf file and the %U.bat file I am using: smb.conf: [global] ... preexec = /usr/local/bin/netlogon %U logon script = %U.bat logon home = \\%L\%U\.profiles logon path = \\%L\profiles$\%U logon drive = Z: [netlogon] path = /mnt/samba/netlogon admin users = root, Administrator, Admin valid users = %U read only = no browsable = no create mask = 0770 force create mode = 0060 create directory mask = 0770 force directory mode = 0070 security mask = 0777 directory security mask = 0777 %U.bat: @echo off REM # In this example it is assumed the smb.conf handles home drive mapping REM # All users get access to Common drive net use Y: \\192.168.155.20\common REM # Lastly lets set the davidc's time to 192.168.155.20's time net time \\192.168.155.20 /set /yes Updated info The user can run the batch file manually from the netlogon share, so the issue seems to be with it running automatically, is there any logs that would capture an attempt to execute this file? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkqNhR4ACgkQ5B+8XEnAvquZCwCfcTAt+U42bdHe2B2+3MmmH/Lh W3YAn1r5esG75qWSOLrcoZseuHeuL1SJ =1Ir4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon.bat issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Christensen wrote: > I have samba configured so that users have their own netlogon.bat file > (e.g. %U.bat) and each user has a .bat with their username in the > netlogon share. > > So far I have been unable to get any of the shares that I have defined > in the batch file to be mounted when a user logs in. Here is a snapshot > of both the netlogon section of my smb.conf file and the %U.bat file I > am using: > > smb.conf: > > [global] > ... > preexec = /usr/local/bin/netlogon %U > logon script = %U.bat > logon home = \\%L\%U\.profiles > logon path = \\%L\profiles$\%U > logon drive = Z: > > > > [netlogon] > path = /mnt/samba/netlogon > admin users = root, Administrator, Admin > valid users = %U > read only = no > browsable = no > create mask = 0770 > force create mode = 0060 > create directory mask = 0770 > force directory mode = 0070 > security mask = 0777 > directory security mask = 0777 > > %U.bat: > @echo off > REM # In this example it is assumed the smb.conf handles home drive mapping > REM # All users get access to Common drive > net use Y: \\192.168.155.20\common > > > REM # Lastly lets set the davidc's time to 192.168.155.20's time > net time \\192.168.155.20 /set /yes Updated info The user can run the batch file manually from the netlogon share, so the issue seems to be with it running automatically, is there any logs that would capture an attempt to execute this file? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkqNhR4ACgkQ5B+8XEnAvquZCwCfcTAt+U42bdHe2B2+3MmmH/Lh W3YAn1r5esG75qWSOLrcoZseuHeuL1SJ =1Ir4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba