Adam Tauno Williams
2016-Sep-19 13:15 UTC
[Samba] Upgraded SAMBA4 DC's, now no logon scripts
Logon scripts assigned to a user do not execute when the user logs on; it did before the upgrade. I can run the script from the command line and it completes OK [like \\{DOMAIN}\netlogon\logon.bat]. I can also browse to the [netlogon] share without issue. Upgrade was from a late 4.0.x to 4.1.x to current 4.2.x. User's can logon without other issues [apparently]. Platform: CentOS7 Package: sernet-samba-4.2.14-23.el6.x86_64 Any tips? -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
Adam Tauno Williams
2016-Sep-19 17:43 UTC
[Samba] Upgraded SAMBA4 DC's, now no logon scripts
On Mon, 2016-09-19 at 09:15 -0400, Adam Tauno Williams via samba wrote:> Logon scripts assigned to a user do not execute when the user logs > on; it did before the upgrade. > I can run the script from the command line and it completes OK [like > \\{DOMAIN}\netlogon\logon.bat]. I can also browse to the [netlogon] > share without issue. > Upgrade was from a late 4.0.x to 4.1.x to current 4.2.x. User's can > logon without other issues [apparently]. > Platform: CentOS7 > Package: sernet-samba-4.2.14-23.el6.x86_64 > Any tips?What is the recommended mechanism for debugging login script issues? I have run a Win7 VM with "nltest /DBFlag:2080FFFF" and looked at the netlogon.log file. It never even mentions attempting to run a login script. -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
Hello Adam, Am 19.09.2016 um 15:15 schrieb Adam Tauno Williams via samba:> Logon scripts assigned to a user do not execute when the user logs on; > it did before the upgrade.* What kind of upgrade are you talking about? NT4 to AD? (migration) x.y to 4.2?> I can run the script from the command line and it completes OK [like > \\{DOMAIN}\netlogon\logon.bat]. I can also browse to the [netlogon] > share without issue. > > Upgrade was from a late 4.0.x to 4.1.x to current 4.2.x. User's can > logon without other issues [apparently]. > > Platform: CentOS7 > Package: sernet-samba-4.2.14-23.el6.x86_64* Is this an PDC or DC? * Where have you configured the logonscript? smb.conf, GPO, scriptPath attribute? Regards, Marc
Adam Tauno Williams
2016-Sep-19 18:57 UTC
[Samba] Upgraded SAMBA4 DC's, now no logon scripts
On Mon, 2016-09-19 at 13:43 -0400, Adam Tauno Williams via samba wrote:> On Mon, 2016-09-19 at 09:15 -0400, Adam Tauno Williams via samba > wrote: > > Logon scripts assigned to a user do not execute when the user logs > > on; it did before the upgrade. > > I can run the script from the command line and it completes OK > > [like \\{DOMAIN}\netlogon\logon.bat]. I can also browse to the > > [netlogon] share without issue. > > Upgrade was from a late 4.0.x to 4.1.x to current 4.2.x. User's > > can logon without other issues [apparently].Falling back to Wireshark I see attempts to access the file fail as STATUS_ACCESS_DENIED. (1) why would this happen at logon when I can run the script after login without pertmission issues? (2) why would upgrading the DC have an impact on accessing the content of the [netlogon] share [netlogon] path = /var/lib/samba/sysvol/micore.us/scripts read only = No acl allow execute always = yes [sysvol] path = /var/lib/samba/sysvol read only = No acl allow execute always = yes -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
Adam Tauno Williams
2016-Sep-19 19:17 UTC
[Samba] Upgraded SAMBA4 DC's, now no logon scripts
On Mon, 2016-09-19 at 20:57 +0200, Marc Muehlfeld wrote:> > Logon scripts assigned to a user do not execute when the user logs > > on; it did before the upgrade. > * What kind of upgrade are you talking about? > NT4 to AD? (migration) > x.y to 4.2?AD 4.0.21 -> 4.2.x This worked prior to the upgrade.> * Is this an PDC or DC?They are DCs.> * Where have you configured the logonscript? > smb.conf, GPO, scriptPath attribute?In the scriptPath attribute; which is what we have used for years. -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
Adam Tauno Williams
2016-Sep-20 01:08 UTC
[Samba] Upgraded SAMBA4 DC's, now no logon scripts
On Tue, 2016-09-20 at 09:24 +1200, Clint Dilks wrote:> > (1) why would this happen at logon when I can run the script after > > login without pertmission issues? > In relation to this I am just wondering if you have SELinux enabled? > If so you may want to set it to permissive and see if the issue > disappears.SELINUX is disabled. Frustrating... i can't even find evidence clients are attempting to run the script. Sifting through "debug level = 10" now with a single DC running. -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
Reasonably Related Threads
- Upgraded SAMBA4 DC's, now no logon scripts
- Persisting Routes In A Routing Table Other Than The Default
- Failed to modify SPNs on error in module acl: Constraint violation during LDB_MODIFY (19)
- OpenVPN server and firewalld
- Sysvol "incorrect parameter" on some new DC's