I have a simple script that sets the time on a Windows client at startup. The one-line script: net time \\myhost /set /yes Works perfectly well when I double-click it from Windows Explorer, so I don't think the problem lies there. The relevant lines in my smb.conf file: [global] time server = yes logon script = smbtimeset.BAT [netlogon] comment = shared scripts path = /usr/share/samba/scripts public = no writable = no browseable = no I've set the log level to '3' and there aren't any messages at all relating to running a startup script. Any ideas?
try this, create a directory called Netlogon, and set your share path to the Netlogon directory, I did not see what your MASK is or DIRECTOREY MASK is ? Mark Sarria Sylmar High School Network Administrator ----- Original Message ----- From: <sfjoe@spamcop.net> To: <samba@lists.samba.org> Sent: Wednesday, September 22, 2004 1:11 PM Subject: [Samba] login scripts do not run> > I have a simple script that sets the time on a Windows client at > startup. > The one-line script: > net time \\myhost /set /yes > Works perfectly well when I double-click it from Windows Explorer, so I > don't think the problem lies there. > > The relevant lines in my smb.conf file: > > [global] > time server = yes > logon script = smbtimeset.BAT > > [netlogon] > comment = shared scripts > path = /usr/share/samba/scripts > public = no > writable = no > browseable = no > > > > I've set the log level to '3' and there aren't any messages at all > relating to running a startup script. > > Any ideas? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
sfjoe@spamcop.net wrote:> I have a simple script that sets the time on a Windows client at > startup. > The one-line script: > net time \\myhost /set /yes > Works perfectly well when I double-click it from Windows Explorer, so I > don't think the problem lies there. > > The relevant lines in my smb.conf file: > > [global] > time server = yes > logon script = smbtimeset.BAT > > [netlogon] > comment = shared scripts > path = /usr/share/samba/scripts > public = no > writable = no > browseable = no > > > > I've set the log level to '3' and there aren't any messages at all > relating to running a startup script. > > Any ideas? >Well, yes I do. I was looking into this earlier today. You don't say enough about your workgroup/domain, but I have this problem too. In my case, I am running v3.0.6 as a PDC. All of my MS clients are NT4-SP6 or better (well newer anyway). Most are WinXP. What I find in the event log of WinXP clients is a message to the effect that the client has joined a NT4 domain (in this case, my Samba PDC) and the MS NT4 generation domain server does not support NTP. A bit of searching has found this: http://groups.google.com/groups?q=ntpclient+nt4-domain&hl=en&lr=&ie=UTF-8&c2coff=1&selm=%23Oa8EadWCHA.3360%40tkmsftngp11&rnum=1 This article contains two links at the bottom which look promising too. I'm about to start playing with it, but I would be good to hear a Samba solution. I don't like hacking the registry. Ray
Hi, no the admin account and pass can be crypted so its usefull stuff reading related progs osr stuff before posting may help you out next time Regards Denis Vlasenko schrieb:> On Thursday 23 September 2004 10:15, rruegner wrote: > >>Hi, all >>you can use cpau ( run as replacement ) to make any script ( bat etc ) >>running with admin rights, theres also a little prog called hidecmd >>which makes the run of the netlogon invisible. > > > And thus make admin password visible to user??! No thank you. > > >>After alle the script must be readable under native linux and in the >>samba share and build with a dos compatible editor like notepad. > > -- > vda >
On Thursday 23 September 2004 19:50, rruegner wrote:> Hi, > no the admin account and pass can be crypted > so its usefull stuffHow will you prevent user from running this under debugger and sniffing password from the program data segment? -- vda
Hi Denis, this is nonsens , if a user wants to break your security he will do it anyway, win auth is easy enough to be breaked by any user also in native win setups. If you want be secure use no windows, i gave advice for the netlogon problem and wanted help out with the prog cpau which is very usefull as it can crypt admin account and pass, i dont want to be struggeled in security. Cpau is enough crypto to ban a normal user for seeing admin users and his pass ( which must be cool enough ), but after all having enough time you will brake any security. Security is a concept not relate to just one thing, i.e. if the user can boot the computer from a floopy or a cd he will find out the local admin account in seconds having the right tools, so dont feed me with your paranoia stuff Also any network sniffer and varias other tools may brake in security anyway i.e man in the middle etc), but this is another discussion. If you dont like this nice little tool , just let it go and wait for wonder until windows get secure in the matter nix systems are Regards Denis Vlasenko schrieb:> On Thursday 23 September 2004 19:50, rruegner wrote: > >>Hi, >>no the admin account and pass can be crypted >>so its usefull stuff > > > How will you prevent user from running this under debugger and sniffing > password from the program data segment? > -- > vda >
Mayebe I should have explained more of what is encrypted. Below is an example of what is encrypted: 5B1CC95BAF6B10DD09D42ADE1A14D8D27134E31B1FBD6BDBB90993FC9D284C730E53ABC70C7ACC4C661CE4BD6E00F8C372A3B9A2A18C142AE0D1CB23B8870C772045D1FDA1D3B13729D75B66D97FB1360B1599735F2E2FBA2B3723C10F2A81A79BD4D7B89AF2684B8D245597F89D71962786FFE9069D1D93CD8EC895C1084440D7ADE53C9A4584A0DCCDAAB86433934767E9D72A3E48ABF02B870C9BB1A657114FE340972054C578602DB4A032ED0FFFD1B83149FDBBB73A34941D13626B84DA That contains the username, password, path to command to run, domain, and an option for a directory to start in. It is used like this: rurasp.exe somefile.rap where the contents of somefile.rap is the string of characters above. Does that help? Denis Vlasenko <vda@port.imtp.ilyichevsk.odessa.ua> wrote:> On Thursday 23 September 2004 20:18, kent wrote: > > Hello, > > We have been successfully using RUNASP.exe > > (http://www.mast-computer.com/c_9-s_7-l_en.html). You have to pay forlicensing> > however. We use it for everything, running programs, udate Norton AV.Password> > is encrypted. Is very simple to use. > > If this script is runnable by the user then user can see that > encrypted password and use it to launch some malicious code > instead using this tool with admin rights. > > Correct me if im wrong. > -- > vda > >