Le 31.12.2014 17:19, Ricky Nance a ?crit :> On Wed, Dec 31, 2014 at 3:02 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote: > > Le 29.12.2014 20:46, Ricky Nance a ?crit : > > On Sat, Dec 27, 2014 at 8:39 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote: > > Dear Ricky, > > Yes, in my original post, below, I gave some details about smb.conf, but to summarize: > > * I am using Samba 4.1.11. > * server role = classic primary domain controller > * domain logons = yes > * domain master = yes > > * When I define a fixed-name as logon script in smb.conf, it works : > * logon script = employee.bat > * But if I try either %g.bat or %G.bat, or even "%G.bat", it doesn't work : > > * logon script = %g.bat > * logon script = %G.bat > * logon script = "%G.bat" > > I can give more details, now: > > * > > I tried this, which proves that while only %U is working, all others (%G, %g, %u) are broken : > logon script = %G%g%U%u.bat > And the associated logs : > > [2014/12/26 10:58:44.958812, 5] ../source3/smbd/filename.c:258(unix_convert) > unix_convert called on file "%G%gdbucher%u.bat" > [2014/12/26 10:58:44.958863, 5] ../source3/smbd/filename.c:421(unix_convert) > unix_convert begin: name = %G%gdbucher%u.bat, dirpath = , start = %G%gdbucher%u.bat > [2014/12/26 10:58:44.958956, 5] ../source3/smbd/filename.c:816(unix_convert) > New file %G%gdbucher%u.bat > [2014/12/26 10:58:44.959002, 3] ../source3/smbd/vfs.c:1137(check_reduced_name) > check_reduced_name [%G%gdbucher%u.bat] [/data/shares/netlogon] > [2014/12/26 10:58:44.959052, 3] ../source3/smbd/vfs.c:1267(check_reduced_name) > check_reduced_name: %G%gdbucher%u.bat reduced to /data/shares/netlogon/%G%gdbucher%u.bat > [2014/12/26 10:58:44.959106, 5] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb > [2014/12/26 10:58:44.959185, 5] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb > [2014/12/26 10:58:44.959230, 5] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 491426714 (5 used) > [2014/12/26 10:58:44.959276, 3] ../source3/smbd/dosmode.c:163(unix_mode) > unix_mode(%G%gdbucher%u.bat) returning 0744 > > Denis > > Le 26.12.2014 23:41, Ricky Nance a ?crit : > > Sorry for not replying earlier Dennis, but its been a bit crazy the last week or two with the holidays. Can you explain more about your configuration setup (smb.conf would be handy)? > > Thanks, > Ricky > > On Fri, Dec 26, 2014 at 3:13 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote: > > Dear all, > > As nobody seems to know what the problem could be, I think it must be an > important bug in Samba 4 that "forget" to replace %G or %g with the > group name. > > Could someone confirm that it is a bug and that I should fill one, in > samba bugzilla ? > > Thank you very much, > > Denis > > -------- Message original -------- > > OBJET: > Re: [Samba] Samba "%G" replacement not working in "Logon script" ? > > DATE: > 24.12.2014 00:33 > > DE: > Denis BUCHER <dbucherml at hsolutions.ch> > > ?: > samba at lists.samba.org > > Dear all, > > Do you think I should fill a bug report about this problem or does > someone has experienced the same problem ? > > Thanks a lot for any help :-) > > Denis > > Le 21.12.2014 02:06, Denis BUCHER a ?crit : > >> P. S. I tried to display %ACCOUNTNAME% and %WORKGROUP% in cmd.exe on a logged PC (User in domain, roaming profile) but both values were unset : >> >>> echo %ACCOUNTNAME% %ACCOUNTNAME% >> Denis Le 21.12.2014 01:25, Denis BUCHER a ?crit : >> >>> Dear Ricky, Thanks a lot for your answer. But I still have two problems: 1. I am not using samba as AD DC but as PDC. 2. What I would need is the primary group... Do you thinks %WORKGROUP% could work ? 3. And should I use %WORKGROUP% in smb.conf or in batch login script... Thanks a lot in advance for your help... Denis Le 18.12.2014 21:58, Ricky Nance a ?crit : Dennis, if you are running samba as an AD DC, you will need to use the new variable names %ACCOUNTNAME% and %WORKGROUP%. Ricky On Tue, Dec 16, 2014 at 1:23 PM, Denis BUCHER <dbucherml at hsolutions.ch>wrote: Dear all, I experience now a strange bug with Samba 4.1.11 : When I define a fixed-name as logon script in smb.conf, it works : logon script = employee.bat But if I try either %g.bat or %G.bat, or even "%G.bat", it doesn't work : * logon script = %g.bat * logon script = %G.bat * logon script = "%G.bat" In the logs, there was a message showing that Samba was trying to open the "%G.bat" file and that the file was no> > t found > on the disk. (Of course) Denis P.S. Logfiles: [2014/11/21 > 20:53:36.616573, 5] ../source3/smbd/filename.c:258(unix_convert) > unix_convert called on file "%g.bat" [2014/11/21 20:53:36.616622, 5] > ../source3/smbd/filename.c:421(unix_convert) unix_convert begin: name > %g.bat, dirpath = , start = %g.bat [2014/11/21 20:53:36.616705, 5] > >> ../source3/smbd/filename.c:816(unix_convert) New file %g.bat [2014/11/21 20:53:36.616747, 3] ../source3/smbd/vfs.c:1137(check_reduced_name) check_reduced_name [%g.bat] [/data/shares/netlogon] [2014/11/21 20:53:36.616794, 3] ../source3/smbd/vfs.c:1267(check_reduced_name) check_reduced_name: %g.bat reduced to /data/shares/netlogon/%g.bat [2014/11/21 20:53:36.616838, 5] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2014/11/21 20:53:36.616906, 5] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2014/11/21 20:53:36.616950, 5] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 2158460712 (2 used) [2014/11/21 20:53:36.616995, 3] ../source3/smbd/dosmode.c:163(unix_mode) unix_mode(%g.bat) returning 0744 [2014/11/21 20:53:36.617034, 5] ../source3/smbd/open.c:2168(open_file_ntcreate) open_file_ntcreate: FILE_OPEN requested> > f > >> or file %g.bat and file doesn't exist. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [1] [1] [1] [1] [1] Links: ------ [1] https://lists.samba.org/mailman/options/samba [1] [1] [1] [1] Links: ------ [1] https://lists.samba.org/mailman/options/samba [1] [1] [1] > > Links: > ------ > [1] https://lists.samba.org/mailman/options/samba [1] [1] > > Links: > ------ > [1] https://lists.samba.org/mailman/options/samba [1] > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba [1]Denis, Can you provide us with either a full smb.conf or at a minimum the [global] section, you can mask the names and ip's if you need to. I am interested in the backend as well as a couple of other things. Ricky Dear Ricky, Yes of course ! I just replaced domainname, servername and ourdomain. [global] log level = 2 workgroup = DOMAINNAME netbios name = SERVERNAME wins support = yes dns proxy = no interfaces = 127.0.0.0/8 [2] eth0 bind interfaces only = yes allow insecure wide links = yes wide links = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = classic primary domain controller security = user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 remote announce = 172.16.7.255/domainname [3] passdb backend = ldapsam:ldap://172.16.1.232 [4] ldap suffix = dc=ourdomain,dc=ch ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=ourdomain,dc=ch ldap delete dn = no ldap ssl = no obey pam restrictions = yes unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* . pam password change = yes map to guest = bad user map acl inherit = yes logon path = \servernameprofiles logon home = \servernameprofiles logon drive = Z: logon script = employees.bat [netlogon] comment = Network Logon Service path = /data/shares/netlogon guest ok = no read only = yes writeable = no browseable = no Denis Ok, can you also show us your /etc/nsswitch.conf as well. Thanks, Ricky Yes of course, it's the standard/unchanged Debian file: # /etc/nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Denis Links: ------ [1] https://lists.samba.org/mailman/options/samba [2] http://127.0.0.0/8 [3] http://172.16.7.255/domainname [4] http://172.16.1.232
On Sun, Jan 4, 2015 at 8:55 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote:> Le 31.12.2014 17:19, Ricky Nance a ?crit : > > > > On Wed, Dec 31, 2014 at 3:02 AM, Denis BUCHER <dbucherml at hsolutions.ch> > wrote: > >> Le 29.12.2014 20:46, Ricky Nance a ?crit : >> >> >> On Sat, Dec 27, 2014 at 8:39 AM, Denis BUCHER <dbucherml at hsolutions.ch> >> wrote: >> >>> Dear Ricky, >>> >>> Yes, in my original post, below, I gave some details about smb.conf, but >>> to summarize: >>> >>> - I am using Samba 4.1.11. >>> - server role = classic primary domain controller >>> - domain logons = yes >>> - domain master = yes >>> >>> >>> - When I define a fixed-name as logon script in smb.conf, it works : >>> - logon script = employee.bat >>> - But if I try either %g.bat or %G.bat, or even "%G.bat", it doesn't >>> work : >>> >>> >>> - logon script = %g.bat >>> - logon script = %G.bat >>> - logon script = "%G.bat" >>> >>> I can give more details, now: >>> >>> - >>> >>> I tried this, which proves that while only %U is working, all others (%G, %g, %u) are broken : >>> logon script = %G%g%U%u.bat >>> And the associated logs : >>> >>> [2014/12/26 10:58:44.958812, 5] ../source3/smbd/filename.c:258(unix_convert) >>> unix_convert called on file "%G%gdbucher%u.bat" >>> [2014/12/26 10:58:44.958863, 5] ../source3/smbd/filename.c:421(unix_convert) >>> unix_convert begin: name = %G%gdbucher%u.bat, dirpath = , start = %G%gdbucher%u.bat >>> [2014/12/26 10:58:44.958956, 5] ../source3/smbd/filename.c:816(unix_convert) >>> New file %G%gdbucher%u.bat >>> [2014/12/26 10:58:44.959002, 3] ../source3/smbd/vfs.c:1137(check_reduced_name) >>> check_reduced_name [%G%gdbucher%u.bat] [/data/shares/netlogon] >>> [2014/12/26 10:58:44.959052, 3] ../source3/smbd/vfs.c:1267(check_reduced_name) >>> check_reduced_name: %G%gdbucher%u.bat reduced to /data/shares/netlogon/%G%gdbucher%u.bat >>> [2014/12/26 10:58:44.959106, 5] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) >>> check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >>> [2014/12/26 10:58:44.959185, 5] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) >>> release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb >>> [2014/12/26 10:58:44.959230, 5] ../source3/smbd/files.c:128(file_new) >>> allocated file structure fnum 491426714 (5 used) >>> [2014/12/26 10:58:44.959276, 3] ../source3/smbd/dosmode.c:163(unix_mode) >>> unix_mode(%G%gdbucher%u.bat) returning 0744 >>> >>> >>> Denis >>> >>> Le 26.12.2014 23:41, Ricky Nance a ?crit : >>> >>> Sorry for not replying earlier Dennis, but its been a bit crazy the last >>> week or two with the holidays. Can you explain more about your >>> configuration setup (smb.conf would be handy)? >>> >>> Thanks, >>> Ricky >>> >>> >>> On Fri, Dec 26, 2014 at 3:13 AM, Denis BUCHER <dbucherml at hsolutions.ch> >>> wrote: >>> >>>> >>>> >>>> Dear all, >>>> >>>> As nobody seems to know what the problem could be, I think it must be an >>>> important bug in Samba 4 that "forget" to replace %G or %g with the >>>> group name. >>>> >>>> Could someone confirm that it is a bug and that I should fill one, in >>>> samba bugzilla ? >>>> >>>> Thank you very much, >>>> >>>> Denis >>>> >>>> -------- Message original -------- >>>> >>>> OBJET: >>>> Re: [Samba] Samba "%G" replacement not working in >>>> "Logon script" ? >>>> >>>> DATE: >>>> 24.12.2014 00:33 >>>> >>>> DE: >>>> Denis BUCHER <dbucherml at hsolutions.ch> >>>> >>>> ?: >>>> samba at lists.samba.org >>>> >>>> Dear all, >>>> >>>> Do you think I should fill a bug report about this problem or does >>>> someone has experienced the same problem ? >>>> >>>> Thanks a lot for any help :-) >>>> >>>> Denis >>>> >>>> Le 21.12.2014 02:06, Denis BUCHER a ?crit : >>>> >>>> > P. S. I tried to display %ACCOUNTNAME% and %WORKGROUP% in cmd.exe on >>>> a logged PC (User in domain, roaming profile) but both values were unset : >>>> > >>>> >> echo %ACCOUNTNAME% %ACCOUNTNAME% >>>> > Denis Le 21.12.2014 01:25, Denis BUCHER a ?crit : >>>> > >>>> >> Dear Ricky, Thanks a lot for your answer. But I still have two >>>> problems: 1. I am not using samba as AD DC but as PDC. 2. What I would need >>>> is the primary group... Do you thinks %WORKGROUP% could work ? 3. And >>>> should I use %WORKGROUP% in smb.conf or in batch login script... Thanks a >>>> lot in advance for your help... Denis Le 18.12.2014 21:58, Ricky Nance a >>>> ?crit : Dennis, if you are running samba as an AD DC, you will need to use >>>> the new variable names %ACCOUNTNAME% and %WORKGROUP%. Ricky On Tue, Dec 16, >>>> 2014 at 1:23 PM, Denis BUCHER <dbucherml at hsolutions.ch>wrote: Dear >>>> all, I experience now a strange bug with Samba 4.1.11 : When I define a >>>> fixed-name as logon script in smb.conf, it works : logon script >>>> employee.bat But if I try either %g.bat or %G.bat, or even "%G.bat", it >>>> doesn't work : * logon script = %g.bat * logon script = %G.bat * logon >>>> script = "%G.bat" In the logs, there was a message showing that Samba was >>>> trying to open the "%G.bat" file and that the file was no >>>> >>>> t found >>>> on the disk. (Of course) Denis P.S. Logfiles: [2014/11/21 >>>> 20:53:36.616573, 5] ../source3/smbd/filename.c:258(unix_convert) >>>> unix_convert called on file "%g.bat" [2014/11/21 20:53:36.616622, 5] >>>> ../source3/smbd/filename.c:421(unix_convert) unix_convert begin: name >>>> %g.bat, dirpath = , start = %g.bat [2014/11/21 20:53:36.616705, 5] >>>> >>>> > ../source3/smbd/filename.c:816(unix_convert) New file %g.bat >>>> [2014/11/21 20:53:36.616747, 3] >>>> ../source3/smbd/vfs.c:1137(check_reduced_name) check_reduced_name [%g.bat] >>>> [/data/shares/netlogon] [2014/11/21 20:53:36.616794, 3] >>>> ../source3/smbd/vfs.c:1267(check_reduced_name) check_reduced_name: %g.bat >>>> reduced to /data/shares/netlogon/%g.bat [2014/11/21 20:53:36.616838, 5] >>>> ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for >>>> /var/run/samba/smbXsrv_open_global.tdb [2014/11/21 20:53:36.616906, 5] >>>> ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock >>>> order 1 for /var/run/samba/smbXsrv_open_global.tdb [2014/11/21 >>>> 20:53:36.616950, 5] ../source3/smbd/files.c:128(file_new) allocated file >>>> structure fnum 2158460712 (2 used) [2014/11/21 20:53:36.616995, 3] >>>> ../source3/smbd/dosmode.c:163(unix_mode) unix_mode(%g.bat) returning 0744 >>>> [2014/11/21 20:53:36.617034, 5] >>>> ../source3/smbd/open.c:2168(open_file_ntcreate) open_file_ntcreate: >>>> FILE_OPEN requested >>>> >>>> f >>>> >>>> > or file %g.bat and file doesn't exist. -- To unsubscribe from this >>>> list go to the following URL and read the instructions: >>>> https://lists.samba.org/mailman/options/samba [1] [1] [1] [1] Links: >>>> ------ [1] https://lists.samba.org/mailman/options/samba [1] [1] [1] >>>> Links: ------ [1] https://lists.samba.org/mailman/options/samba [1] [1] >>>> >>>> Links: >>>> ------ >>>> [1] https://lists.samba.org/mailman/options/samba [1] >>>> >>>> >>>> >>>> Links: >>>> ------ >>>> [1] https://lists.samba.org/mailman/options/samba >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> >>> >>> >> >> >> Denis, >> >> Can you provide us with either a full smb.conf or at a minimum the >> [global] section, you can mask the names and ip's if you need to. I am >> interested in the backend as well as a couple of other things. >> >> Ricky >> >> >> >> Dear Ricky, >> >> Yes of course ! >> >> I just replaced domainname, servername and ourdomain. >> >> [global] >> log level = 2 >> workgroup = DOMAINNAME >> netbios name = SERVERNAME >> wins support = yes >> dns proxy = no >> interfaces = 127.0.0.0/8 eth0 >> bind interfaces only = yes >> allow insecure wide links = yes >> wide links = yes >> log file = /var/log/samba/log.%m >> max log size = 1000 >> syslog = 0 >> panic action = /usr/share/samba/panic-action %d >> server role = classic primary domain controller >> security = user >> domain logons = yes >> domain master = yes >> local master = yes >> preferred master = yes >> os level = 255 >> remote announce = 172.16.7.255/domainname >> passdb backend = ldapsam:ldap://172.16.1.232 >> ldap suffix = dc=ourdomain,dc=ch >> ldap machine suffix = ou=machines >> ldap user suffix = ou=users >> ldap group suffix = ou=groups >> ldap admin dn = cn=admin,dc=ourdomain,dc=ch >> ldap delete dn = no >> ldap ssl = no >> obey pam restrictions = yes >> unix password sync = no >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* >> %n\n *password\supdated\ssuccessfully* . >> pam password change = yes >> map to guest = bad user >> map acl inherit = yes >> logon path = \\servername\profiles >> logon home = \\servername\profiles >> logon drive = Z: >> logon script = employees.bat >> >> [netlogon] >> comment = Network Logon Service >> path = /data/shares/netlogon >> guest ok = no >> read only = yes >> writeable = no >> browseable = no >> >> Denis >> >> >> >> > > Ok, can you also show us your /etc/nsswitch.conf as well. > > Thanks, > Ricky > > > > Yes of course, it's the standard/unchanged Debian file: > > > # /etc/nsswitch.conf > passwd: compat ldap > group: compat ldap > shadow: compat ldap > hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 > networks: files > protocols: db files > services: db files > ethers: db files > rpc: db files > netgroup: nis > > Denis > > > >So far this all looks good, what kind of output do you see if you do the command 'id ldapgroupname' (where ldapgroupname is a group that exists in ldap). If this command doesn't work, the problem could lie in your ldap.conf, I am also trying to get a test environment setup here to see if I can duplicate your results. Ricky
Le 05.01.2015 20:36, Ricky Nance a ?crit :> On Sun, Jan 4, 2015 at 8:55 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote: > > Le 31.12.2014 17:19, Ricky Nance a ?crit : > > On Wed, Dec 31, 2014 at 3:02 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote: > > Le 29.12.2014 20:46, Ricky Nance a ?crit : > > On Sat, Dec 27, 2014 at 8:39 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote: > > Dear Ricky, > > Yes, in my original post, below, I gave some details about smb.conf, but to summarize: > > * I am using Samba 4.1.11. > * server role = classic primary domain controller > * domain logons = yes > * domain master = yes > > * When I define a fixed-name as logon script in smb.conf, it works : > * logon script = employee.bat > * But if I try either %g.bat or %G.bat, or even "%G.bat", it doesn't work : > > * logon script = %g.bat > * logon script = %G.bat > * logon script = "%G.bat" > > I can give more details, now: > > * > > I tried this, which proves that while only %U is working, all others (%G, %g, %u) are broken : > logon script = %G%g%U%u.bat > And the associated logs : > > [2014/12/26 10:58:44.958812, 5] ../source3/smbd/filename.c:258(unix_convert) > unix_convert called on file "%G%gdbucher%u.bat" > [2014/12/26 10:58:44.958863, 5] ../source3/smbd/filename.c:421(unix_convert) > unix_convert begin: name = %G%gdbucher%u.bat, dirpath = , start = %G%gdbucher%u.bat > [2014/12/26 10:58:44.958956, 5] ../source3/smbd/filename.c:816(unix_convert) > New file %G%gdbucher%u.bat > [2014/12/26 10:58:44.959002, 3] ../source3/smbd/vfs.c:1137(check_reduced_name) > check_reduced_name [%G%gdbucher%u.bat] [/data/shares/netlogon] > [2014/12/26 10:58:44.959052, 3] ../source3/smbd/vfs.c:1267(check_reduced_name) > check_reduced_name: %G%gdbucher%u.bat reduced to /data/shares/netlogon/%G%gdbucher%u.bat > [2014/12/26 10:58:44.959106, 5] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) > check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb > [2014/12/26 10:58:44.959185, 5] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) > release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb > [2014/12/26 10:58:44.959230, 5] ../source3/smbd/files.c:128(file_new) > allocated file structure fnum 491426714 (5 used) > [2014/12/26 10:58:44.959276, 3] ../source3/smbd/dosmode.c:163(unix_mode) > unix_mode(%G%gdbucher%u.bat) returning 0744 > > Denis > > Le 26.12.2014 23:41, Ricky Nance a ?crit : > > Sorry for not replying earlier Dennis, but its been a bit crazy the last week or two with the holidays. Can you explain more about your configuration setup (smb.conf would be handy)? > > Thanks, > Ricky > > On Fri, Dec 26, 2014 at 3:13 AM, Denis BUCHER <dbucherml at hsolutions.ch> wrote: > > Dear all, > > As nobody seems to know what the problem could be, I think it must be an > important bug in Samba 4 that "forget" to replace %G or %g with the > group name. > > Could someone confirm that it is a bug and that I should fill one, in > samba bugzilla ? > > Thank you very much, > > Denis > > -------- Message original -------- > > OBJET: > Re: [Samba] Samba "%G" replacement not working in "Logon script" ? > > DATE: > 24.12.2014 00:33 > > DE: > Denis BUCHER <dbucherml at hsolutions.ch> > > ?: > samba at lists.samba.org > > Dear all, > > Do you think I should fill a bug report about this problem or does > someone has experienced the same problem ? > > Thanks a lot for any help :-) > > Denis > > Le 21.12.2014 02:06, Denis BUCHER a ?crit : > >> P. S. I tried to display %ACCOUNTNAME% and %WORKGROUP% in cmd.exe on a logged PC (User in domain, roaming profile) but both values were unset : >> >>> echo %ACCOUNTNAME% %ACCOUNTNAME% >> Denis Le 21.12.2014 01:25, Denis BUCHER a ?crit : >> >>> Dear Ricky, Thanks a lot for your answer. But I still have two problems: 1. I am not using samba as AD DC but as PDC. 2. What I would need is the primary group... Do you thinks %WORKGROUP% could work ? 3. And should I use %WORKGROUP% in smb.conf or in batch login script... Thanks a lot in advance for your help... Denis Le 18.12.2014 21:58, Ricky Nance a ?crit : Dennis, if you are running samba as an AD DC, you will need to use the new variable names %ACCOUNTNAME% and %WORKGROUP%. Ricky On Tue, Dec 16, 2014 at 1:23 PM, Denis BUCHER <dbucherml at hsolutions.ch>wrote: Dear all, I experience now a strange bug with Samba 4.1.11 : When I define a fixed-name as logon script in smb.conf, it works : logon script = employee.bat But if I try either %g.bat or %G.bat, or even "%G.bat", it doesn't work : * logon script = %g.bat * logon script = %G.bat * logon script = "%G.bat" In the logs, there was a message showing that Samba was trying to open the "%G.bat" file and that the file was no> > t found > on the disk. (Of course) Denis P.S. Logfiles: [2014/11/21 > 20:53:36.616573, 5] ../source3/smbd/filename.c:258(unix_convert) > unix_convert called on file "%g.bat" [2014/11/21 20:53:36.616622, 5] > ../source3/smbd/filename.c:421(unix_convert) unix_convert begin: name > %g.bat, dirpath = , start = %g.bat [2014/11/21 20:53:36.616705, 5] > >> ../source3/smbd/filename.c:816(unix_convert) New file %g.bat [2014/11/21 20:53:36.616747, 3] ../source3/smbd/vfs.c:1137(check_reduced_name) check_reduced_name [%g.bat] [/data/shares/netlogon] [2014/11/21 20:53:36.616794, 3] ../source3/smbd/vfs.c:1267(check_reduced_name) check_reduced_name: %g.bat reduced to /data/shares/netlogon/%g.bat [2014/11/21 20:53:36.616838, 5] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2014/11/21 20:53:36.616906, 5] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2014/11/21 20:53:36.616950, 5] ../source3/smbd/files.c:128(file_new) allocated file structure fnum 2158460712 (2 used) [2014/11/21 20:53:36.616995, 3] ../source3/smbd/dosmode.c:163(unix_mode) unix_mode(%g.bat) returning 0744 [2014/11/21 20:53:36.617034, 5] ../source3/smbd/open.c:2168(open_file_ntcreate) open_file_ntcreate: FILE_OPEN requested> > f > >> or file %g.bat and file doesn't exist. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [1] [1] [1] [1] [1] Links: ------ [1] https://lists.samba.org/mailman/options/samba [1] [1] [1] [1] Links: ------ [1] https://lists.samba.org/mailman/options/samba [1] [1] [1] > > Links: > ------ > [1] https://lists.samba.org/mailman/options/samba [1] [1] > > Links: > ------ > [1] https://lists.samba.org/mailman/options/samba [1] > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba [1]Denis, Can you provide us with either a full smb.conf or at a minimum the [global] section, you can mask the names and ip's if you need to. I am interested in the backend as well as a couple of other things. Ricky Dear Ricky, Yes of course ! I just replaced domainname, servername and ourdomain. [global] log level = 2 workgroup = DOMAINNAME netbios name = SERVERNAME wins support = yes dns proxy = no interfaces = 127.0.0.0/8 [2] eth0 bind interfaces only = yes allow insecure wide links = yes wide links = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = classic primary domain controller security = user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 remote announce = 172.16.7.255/domainname [3] passdb backend = ldapsam:ldap://172.16.1.232 [4] ldap suffix = dc=ourdomain,dc=ch ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=ourdomain,dc=ch ldap delete dn = no ldap ssl = no obey pam restrictions = yes unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* . pam password change = yes map to guest = bad user map acl inherit = yes logon path = \servernameprofiles logon home = \servernameprofiles logon drive = Z: logon script = employees.bat [netlogon] comment = Network Logon Service path = /data/shares/netlogon guest ok = no read only = yes writeable = no browseable = no Denis Ok, can you also show us your /etc/nsswitch.conf as well. Thanks, Ricky Yes of course, it's the standard/unchanged Debian file: # /etc/nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Denis So far this all looks good, what kind of output do you see if you do the command 'id ldapgroupname' (where ldapgroupname is a group that exists in ldap). If this command doesn't work, the problem could lie in your ldap.conf, I am also trying to get a test environment setup here to see if I can duplicate your results. Ricky Dear Ricky, According to Debian "id" manpage, only a username can be provided as argument. Therefore I tried this : id ldapvalidusername (where ldapvalidusername is a valid user that exists in ldap) uid=1019(ldapvalidusername) gid=530(employees) groupes=513(Domain Users),535(it),538(transport),530(employees) And with another one: id ldapvalidusername2 uid=1231(ldapvalidusername2) gid=531(basic) groupes=513(Domain Users),531(basic) Denis Links: ------ [1] https://lists.samba.org/mailman/options/samba [2] http://127.0.0.0/8 [3] http://172.16.7.255/domainname [4] http://172.16.1.232