hi , i did it like this [netlogon] sharemodes = No rootpreexec = /var/lib/samba/netlogon/login.pl %U %G %m %L comment = Netlogon Share browseable = No path = /var/lib/samba/netlogon guestok = Yes writelist = @ntadmin locking = no public = no cscpolicy = disable
#!/usr/bin/perl # # login.pl # User $ARGV[0], Group $ARGV[1], client machine $ARGV[2], server $ARGV[3] # creation on the fly logon scripts by [EMAIL PROTECTED] inspired by genlogon.pl # Log client connection #($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); open LOG, ">>/smbmonitor/user/netlogon.txt"; print LOG "$mon/$mday/$year $hour:$min:$sec - User $ARGV[0] Group $ARGV[1]\n from $ARGV[2] in $ARGV[3]"; close LOG; # Start generating logon script for user open LOGON, ">/var/lib/samba/netlogon/$ARGV[0].bat"; print LOGON "[EMAIL PROTECTED] OFF\r\n echo %USERNAME%\r\n call send.bat\r\n"; # Start generating logon script for machine for different security monitoring open LOGON, ">/var/lib/samba/netlogon/$ARGV[2].bat"; print LOGON "[EMAIL PROTECTED] OFF\r\n call chkdir.bat\r\n call listapp.bat > \\\\$ARGV[3]\\smbmonitor\\machines\\$ARGV[2]\\software\\$A$ # Start generating logon script for group open LOGON, ">/var/lib/samba/netlogon/$ARGV[1].bat"; print LOGON "[EMAIL PROTECTED] OFF\r\n"; # Connect shares for group users if ($ARGV[1] eq "users") { print LOGON "NET USE X: \\\\$ARGV[3]\\files\r\n"; } # Connect shares for group ntadmin if ($ARGV[1] eq "ntadmin") { print LOGON "NET USE Y: \\\\$ARGV[3]\\smbmonitor\r\n"; } logonscript = login.bat login.bat @echo off net time \\files /set /yes rem by [EMAIL PROTECTED] leave to public as it is , dont think of asking me rem created for samba 3 login, the bat files were creted on the fly by rem genlogin.pl rem this script is only valid for win2000/NT/XP rem exec bat for logged in machine ( maybe software status or machine data ) echo %COMPUTERNAME% call %COMPUTERNAME%.bat rem exec bat for login user echo %USERNAME% call %USERNAME%.bat rem exec bat for different groups rem ifmember.exe must be in the netlogon share download it at microschrott rem be aware that ifmember will give result in the current win language rem unlike normal dos, positive result from ifmember will match in errorlevel 1 ifmember /v /l "MUSI\Domain Users" if errorlevel 1 call users.bat ifmember /v /l "MUSI\Domain Admins" if errorlevel 1 call ntadmin.bat ifmember /v /l "MUSI\kids" if errorlevel 1 call kids.bat i advice you to study genlogin.pl in the smb source on ms technet load down ifmember.exe and final sec policies are a good combination with this scripts for a log of installed software you can use this @echo off regedit /a %TEMP%\filename.reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" for /f "Skip=1 Tokens=*" %%i in ('type %TEMP%\Filename.reg') do set line="%%i"&call :parse goto :EOF :parse set work=%line:~2,11% set work=%work:"=% If NOT "%work%" EQU "DisplayName" goto :EOF set work=%line:~16,120% set work=%work:"=% @echo %work% psinfo ( load down at pstools) PsInfo 1.34 - local and remote system information viewer Copyright (C) 2001-2002 Mark Russinovich Sysinternals - www.sysinternals.com Querying information for BUERO...^M ^MSystem inf$ Uptime: Error reading uptime Kernel version: Microsoft Windows 2000, Uniprocessor Free Product type: Professional Product version: 5.0 Service pack: 4 Kernel build number: 2195 Registered organization: musi Registered owner: musi Install date: 13.11.2003, 14:31:32 IE version: 6.0000 System root: C:\WINNT Processors: 1 Processor speed: 865 MHz Processor type: Intel Pentium III Physical memory: 640 MB Volume Type Format Label Size Free Free A: Removable 0% C: Fixed NTFS 38.2 GB 33.7 GB 88% D: CD-ROM 0% E: CD-ROM 0% Z: Remote NTFS root 9.1 GB 6.1 GB 67% OS Hot Fix Installed KB329115 13.11.2003 KB820888 13.11.2003 KB822831 13.11.2003 KB823182 13.11.2003 KB823559 13.11.2003 KB824105 13.11.2003 KB824141 13.11.2003 KB824146 13.11.2003 KB825119 13.11.2003 KB826232 13.11.2003 KB828035 13.11.2003 KB828749 13.11.2003 also this will produce monitor files like this from buero in files0/29/104 14:53:40 - User lothar Group users from buero in files0/29/104 16:4:30 - User kind Group users from herren in files0/29/104 16:13:39 - User team Group users from buero in files0/30/104 11:30:11 - User team Group users from buero in files0/30/104 11:39:17 - User lothar Group users from buero in files0/30/104 14:44:26 - User team Group users from buero in files0/30/104 15:38:18 - User lothar Group users and Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion AntiVir/XP hp officejet g series Microsoft Internet Explorer 6 SP1 Microsoft Internet Explorer Administration Kit 5 Internet Explorer Q824145 Ahead InCD Electronic Arts Product Registration IrfanView (remove only) Windows 2000-Hotfix - KB329115 Windows 2000-Hotfix - KB820888 Windows 2000-Hotfix - KB822831 Windows 2000-Hotfix - KB823182 Windows 2000-Hotfix - KB823559 Windows 2000-Hotfix - KB824105 Windows 2000-Hotfix - KB824141 Windows 2000-Hotfix - KB824146 Windows 2000-Hotfix - KB825119 Windows 2000-Hotfix - KB826232 Windows 2000-Hotfix - KB828035 Windows 2000-Hotfix - KB828749 Ahead InCD EasyWrite Reader Outlook Express Update Q330994 PuTTY version 0.53b Windows 2000-Hotfix (SP5) Q818043 Windows Media Player-Hotfix [Weitere Informationen finden Sie in wm828026] QuickTime TightVNC 1.2.9 Tweak UI UltimateZip 2.6 Winamp3 (remove only) WinSCP 3.3 Windows Media Player-Systemupdate (9-Reihe) Microsoft Office 2000 SR-1 Small Business Harry Potter TM log files can look like this [2004/01/29 14:33:00, 2] smbd/open.c:open_file(250) team opened file profile/Anwendungsdaten/Microsoft/Office/Zuletzt verwendet/OLK39A.LNK read=Yes write=No (numopen=34) [2004/01/29 14:33:00, 2] smbd/open.c:open_file(250) so you can see , everything ,hardware,software,login,action on the server share can be logged and you can create logon scripts on the fly for different users groups and machines additional use of security policies makes the smb pdc acting nearly like ( may be better than a nt pdc ) regards ----- Original Message ----- From: "Anders Norrbring" <[EMAIL PROTECTED]> To: "'Samba user list'" <[EMAIL PROTECTED]> Sent: Sunday, February 01, 2004 4:35 PM Subject: [Samba] Several logon script bat files? > I simply wonder if I can have several different logon script bat files for > MS Win users that validates through my Samba PDC? > > Let's say that group "users" should have logon batch users.bat and the > members of the group "sales" should have both users.bat and sales.bat > executed at logon? Or can I in some way use ONE script with parameters that > knows about what groups the user is a member of and execute the correct > drive mappings on their Windows workstation? > > Anders Norrbring > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba