Hello, I use Samba 4.4.7 on a Debian testing with bind9.9.5_DLZ. I have a DC and a test-station windows7. The execution of the login.bat was working fine and it stopped working suddently. Here is my krb5.conf : [libdefaults] default_realm = MYDOMAIN.XXX.XXX dns_lookup_realm = false dns_lookup_kdc = true Here is my smb.conf : [global] netbios name = MAMACHINE realm = MONDOMAIN.XXX.XXX server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = MIB server role = active directory domain controller idmap_ldb:use rfc2307 = yes smb ports = 139 #log level = 5 passdb:5 auth:10 log level = 0 log file = /var/log/samba/log.%m template shell = /bin/bash ldap server require strong auth = no # Full audit vfs object = full_audit full_audit:prefix = %u|%I|%m|%S full_audit:success = rmdir write pwrite connect disconnect fset_nt_acl rename full_audit:failure = connect full_audit:facility = local7 full_audit:priority = notice [netlogon] path = /var/lib/samba/sysvol/mydomain.xxx.xxx/scripts/%G comment = Network Login Script writable = no browsable = no [sysvol] path = /var/lib/samba/sysvol read only = No I have seached in the log files and made a lot of tests, Ii have no more idea. Can you rescue me ? Thank you in advance Joël
On Tue, 06 Dec 2016 17:30:48 +0100 "OLLIVIER Joël DGAC/CRNA-O" via samba <samba at lists.samba.org> wrote:> Hello, > > I use Samba 4.4.7 on a Debian testing with bind9.9.5_DLZ. > I have a DC and a test-station windows7. > The execution of the login.bat was working fine and it stopped > working suddently. > > Here is my krb5.conf : > [libdefaults] > default_realm = MYDOMAIN.XXX.XXX > dns_lookup_realm = false > dns_lookup_kdc = true > > Here is my smb.conf : > [global] > netbios name = MAMACHINE > realm = MONDOMAIN.XXX.XXX > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate workgroup = MIB > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > > smb ports = 139 > #log level = 5 passdb:5 auth:10 > log level = 0 > log file = /var/log/samba/log.%m > template shell = /bin/bash > ldap server require strong auth = no > > # Full audit > vfs object = full_audit > full_audit:prefix = %u|%I|%m|%S > full_audit:success = rmdir write pwrite connect disconnect > fset_nt_acl rename full_audit:failure = connect > full_audit:facility = local7 > full_audit:priority = notice > > [netlogon] > path = /var/lib/samba/sysvol/mydomain.xxx.xxx/scripts/%G > comment = Network Login Script > writable = no > browsable = no > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > I have seached in the log files and made a lot of tests, Ii have no > more idea. Can you rescue me ? > > Thank you in advance > > JoëlYou could start by removing the 'smb ports' line and putting '[netlogon]' back to: [netlogon] path = /var/lib/samba/sysvol/mydomain.xxx.xxx/scripts read only = No Rowland
Hello Joël, Am 06.12.2016 um 17:30 schrieb "OLLIVIER Joël DGAC/CRNA-O" via samba:> I use Samba 4.4.7 on a Debian testing with bind9.9.5_DLZ. > I have a DC and a test-station windows7. > The execution of the login.bat was working fine and it stopped working suddently.Is it not executed when a user logs in or can't you execute the file by double-clicking? Can you please verify that the Windows ACLs on that file enable users to execute it? (Windows ACLs). Regards, Marc
On Thu, 08 Dec 2016 15:45:39 +0100 "OLLIVIER Joël DGAC/CRNA-O" <joel.ollivier at aviation-civile.gouv.fr> wrote:> In my smb.conf I use the %G variable that is replaced by the primary > group : [netlogon] > path = /var/lib/samba/sysvol/mydomain.xxx.xxx/scripts/%G > > Thus I can have a login.bat different for each group. > > If I don't use a substitution variable : > [netlogon] > path = /var/lib/samba/sysvol/mydomain.xxx.xxx/scripts/ > with a login.bat in this path, the login script is executed on the > station. >No, you mean 'I used to use the %G variable', you would be better off doing this with a GPO now, try searching the internet with 'gpo logon script based on group membership' Rowland
On Thu, 08 Dec 2016 17:46:11 +0100 "OLLIVIER Joël DGAC/CRNA-O" <joel.ollivier at aviation-civile.gouv.fr> wrote:> I have tested GPO logon and it works fine. Nevertheless I would have > liked to manage to use the oldfashion method because it was > functioning fine and it worries me a little not to be able repair it. > In my mind, it means that I am not yet ready to use Samba4 instead of > Samba3. >It worries me that you don't want to stop using the old NT4 ways. Rowland
On Tue, 2016-12-06 at 18:06 +0100, Marc Muehlfeld via samba wrote:> Hello Joël, > I use Samba 4.4.7 on a Debian testing with bind9.9.5_DLZ. > > I have a DC and a test-station windows7. > > The execution of the login.bat was working fine and it stopped > > working suddently. > Is it not executed when a user logs in or can't you execute the file > by double-clicking?NETLOGON using ".bat" (batch) files is problematic - converting the logon scripts to ".vbs" (visual basic script) is recommended. There are security toggles that will prevent the workstation from running a BAT file on a network share - while VBS scripts will work. When this happened to me I spent a lot of time chasing the server side - when it was a client side thing that just happen to bite when the server upgrade was performed.> Can you please verify that the Windows ACLs on that file enable users > to execute it? (Windows ACLs).-- Meetings Coordinator, Michigan Association of Railroad Passengers 537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010 E-mail: awilliam at whitemice.org GPG#D95ED383 Web: http://www.marp.org