Topic: netlogon.bat help please

[backatthepostbox]

Hi Folks,

I am fairly new to Linux and SME server, currently setting up a server for a small school and much help and knowledge has already been had from these forums - thank you very much!

I was hoping pick all your brains for some help with netlogon.bat.

1.  I realise it can map networks drivers for users etc, is there any way it can be told to map network drives for only the shares that the user logging in has access to?  Or is there a way to create a custom logon.bbat file for each user?

2.  Is there a way to get netlogon.bat to set the IE connection settings  (proxy etc) automatically at logon?

Any advice much appreciated.

Thanks
Regards
Max




 

[Stefano]

1.  I realise it can map networks drivers for users etc, is there any way it can be told to map network drives for only the shares that the user logging in has access to?  Or is there a way to create a custom logon.bbat file for each user?

search for smeserver-loginscript

2.  Is there a way to get netlogon.bat to set the IE connection settings  (proxy etc) automatically at logon?

AFAIK no.. btw, search for poledit (works only with w2k/xp, not vista)

HTH
ciao

Stefano

[mercyh]

Hi,

I think if you follow through and study the following link you can do what you want.


http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html#id424702


Samba controls a domain like Windows 2000 or NT did.

[Tib]

Max,

The smeserver-loginscript will do what you want as long as the users are joining the domain and not just a work group. Users have to be part of the domain and login to the domain ... WinXP pro is good for this ... winXP home will not be able to join the domain same goes for vista ... home versions do not join domains and therefore the script will not work for these.

The smeserver-loginscript creates a netlogon.bat for each user based on what access they have.

If you need any further assistance just let me know ... I have used this login script for a number of years now without problems.

Regards,

Tib.

[steever]

If you need any further assistance just let me know ... I have used this login script for a number of years now without problems.

HI Tib ...

Have you had any luck with this contrib and Vista Business clients?  I have been having a great deal of trouble.  Sorry to hijack the thread, Max.

Steve

[Tib]

Hi steever

Well I tried my Vista Premium out just now ... my server had been down for a number of weeks due to crashes so I never connected to the domain.

Couldn't figure out the prob so i just changed the MB and off it went.

Anyway ... back to netlogon.bat.

I deleted the old bat file out of my directory and it re-created a new one correctly ... but Vista doesn't seem to load it from login ... If I run it manually it works no prob.

I'll have to do a bit of searching to see why ... this is not a contrib problem as an SME - Vista compatibility problem I would say.

I'll see what I can find.

Regards,

Tib

[girkers]

With the IE settings, what you could do is find the registry settings for what you need and create a reg file. Then through the netlogon.bat file you can import that registry file at each boot.  A bit less complicated than Poledit, but probably not as pretty.

[Tib]

OK ... I found this ... need to check it out once I get home

http://support.microsoft.com/kb/926184

http://www.blackviper.com/WinVista/Services/Netlogon.htm

Regards,

Tib

[Tib]

steever

Please make sure you log into the domain and not your local account ... like I did just now  before I realized what I was doing.

Once you login to the domain all works as it should.

Hint ... you need to add a new user and the domain to the User Accounts section.

At login use yourdomainname\username    as the format for user name when logging into the domain

It was a bit of a learning curve with vista .. if you require help let me know and I can help over MSN, Yahoo or Mirc.

Regards,

Tib

[Stefano]

At login use yourdomainname\username    as the format for user name when logging into the domain

why?

if the client is joined to the domain username is enough

be shure to choose domain and not local pc

Ciao

Stefano

[Tib]

why?

if the client is joined to the domain username is enough

be shure to choose domain and not local pc

Ciao

Stefano

Because on my Vista Ultimate you don't have a drop down like on XP where you can choose the domain or local domains.

The only way to choose is to have domainname\username.

This may be able to be changed but as default that is the setup.

Regards,

Tib

[brentonv]

1.  I realise it can map networks drivers for users etc, is there any way it can be told to map network drives for only the shares that the user logging in has access to?  Or is there a way to create a custom logon.bbat file for each user?

as nenonano says use smeserver-loginscript: http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/jbennett/sme7/loginscript/RPM/smeserver-loginscript-0.2-8.noarch.rpm

this is undocumented but the syntax for passing multiple #if statements per mapping, using loginscript is:

#ifu student7
#ifg class1, class2
#ifm terminal4
REM Map something very specific:
NET USE F: \\server\veryspecificfolder /PERSISTANT:NO
#endif
#endif
#endif

the above example will only map F:\veryspecificfolder if a user meets the above criteria (student7 only if in class1 and class2 and only when using terminal4).

you may also require additional user control over Ibays. see my earlier post: http://forums.contribs.org/index.php?topic=39322.msg179704#msg179704

2.  Is there a way to get netlogon.bat to set the IE connection settings  (proxy etc) automatically at logon?

poledit is probably not the best approach as it does not seem to update user profiles after making changes to your policy file (NTConfig.pol) and therefore you have to rebuild all user profiles to apply ongoing changes to your policy, eg: change of proxy server address etc. this has been quite an issue for me in the past and i have not yet worked out a solution.

an easier option would be to configure your gateway machine (proxy server) to block all ports and only allow internet access via proxy. then configure the proxy.pac (and wpad.dat) files on your proxy server so that client machines will automatically discover the proxy server. this is a complete solution as it also applies to computers not logged onto the domain (poledit).

example:

function FindProxyForURL(url, host)
{
     if (isInNet(host, "10.0.0.1",  "255.255.255.0"))
     return "PROXY 10.0.0.1:8080";
     else
     return "DIRECT";
}

this way if your browser is set to "Auto-detect proxy settings" it will automatically discover your proxy server and if users attempt to bypass the proxy manually they won't get access because your standard ports are blocked.

proxy.pac is used in SME if in server/gateway mode however i use Endian Firewall as my gateway server and here is their how-to on the subject: http://kb.endian.com/entry/22/ further info on proxy.pac: http://en.wikipedia.org/wiki/Proxy_auto-config /// http://nscsysop.hypermart.net/proxypac.html

regards,
brentonv