On 07/08/11 00:23, Chris Smith wrote:
All users whose "logon script" values have not been explicitly defined
automagically inherit the value that "logon script" is set to in
smb.conf. And one can change the "logon script" for all such users
simply by changing said value in smb.conf. However, once a logon
script value value has been explicitly defined for a user this
inheritance ability (as the explicit definition should not be
overwritten) seems forever lost. I have not found a method to undo
this tattooed state to allow for the automagic inheritance of the
smb.conf "logon script" value. Therefore said users, who have once had
an explicitly defined "logon script" value can (seemingly) no longer
returned to the state where they use whatever "logon script" is
defined in smb.conf.
Is there a way to reset said users, removing the tattooing effect?
Thanks,
Chris
Hi Chris
If this is still relavent to you, I've found a work around.
The tdbtool dump of the user entry looked identical to the original
after doing this. My user was logged out at the time.
Note the users current settings (including SID)
#pdbedit -Lvu bill
Delete their account:
#pdbedit -x -u bill
Recreate it:
#smbpasswd -a bill
Change their SID to their old one:
#pdbedit -r -u bill -U S-9-9-99-SCRAMBLED-SCRAMBLED-SCRAMBLED-FAKE
You'd also obviously change any other cusom settings they had.
This has worked for me with no noticable side effects, but it feels
very hackish, maybe others have a better way.
Also, a bit of background info I found while trying to fix this problem.
Looking at the passdb.tdb with tbdtool, you can see that there is one
extra byte (Ox01) in an entry with the logon script set to '' , compared
to a 'fresh' entry (that does use the smb.conf default logonscript)
It would be much nicer if pdbedit had an option to reset this ... hint hint)
tdbtool has a very rustic interface, a particular quirk is that you need
to append '\0' to the key name to find the user entry.
#tdbtool /var/lib/samba/passdb.tdb
show USER_bill\0
If you could figure out how to drive tdbtool's 'store KEY DATA ' you
would probably be able to modify the entry in one step, but this seems
a even more hackish.
Hope this helped
Pat
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
