File: logonscript.xml

package info (click to toggle)
samba 2%3A4.9.5%2Bdfsg-5%2Bdeb10u3
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 124,560 kB
  • sloc: ansic: 1,450,921; python: 155,221; xml: 48,223; sh: 46,070; perl: 31,596; asm: 3,281; yacc: 2,332; cpp: 2,225; ada: 1,681; exp: 1,582; makefile: 1,366; pascal: 1,082; cs: 879; lex: 605; awk: 118; csh: 58; sed: 45
file content (55 lines) | stat: -rw-r--r-- 2,492 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
<samba:parameter name="logon script"
                 context="G"
                 type="string"
                 constant="1"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
	<para>
	This parameter specifies the batch file (<filename>.bat</filename>) or NT command file
	(<filename>.cmd</filename>) to be downloaded and run on a machine when a user successfully logs in.  The file
	must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended.
	</para>
		
	<para>
	The script must be a relative path to the <smbconfsection name="[netlogon]"/> service.  If the [netlogon]
	service specifies a <smbconfoption name="path"/> of <filename
	moreinfo="none">/usr/local/samba/netlogon</filename>, and <smbconfoption name="logon
	script">STARTUP.BAT</smbconfoption>, then the file that will be downloaded is:
<programlisting>
	/usr/local/samba/netlogon/STARTUP.BAT
</programlisting>
	</para>

	<para>
	The contents of the batch file are entirely your choice.  A suggested command would be to add <command
	moreinfo="none">NET TIME \\SERVER /SET /YES</command>, to force every machine to synchronize clocks with the
	same time server.  Another use would be to add <command moreinfo="none">NET USE U: \\SERVER\UTILS</command>
	for commonly used utilities, or 
<programlisting>
<userinput>NET USE Q: \\SERVER\ISO9001_QA</userinput>
</programlisting> 
	for example.
	</para>

	<para>
	Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users
	write permission on the batch files in a secure environment, as this would allow the batch files to be
	arbitrarily modified and security to be breached.	
	</para>

	<para>
	This option takes the standard substitutions, allowing you to have separate logon scripts for each user or
	machine.
	</para>

	<para>
	This option is only useful if Samba is set up as a logon server in a classic domain controller role.
       If Samba is set up as an Active Directory domain controller, LDAP attribute <filename moreinfo="none">scriptPath</filename>
       is used instead. For configurations where <smbconfoption name="passdb backend">ldapsam</smbconfoption> is in use,
       this option only defines a default value in case LDAP attribute <filename moreinfo="none">sambaLogonScript</filename>
       is missing.
	</para>
</description>
<value type="default"></value>
<value type="example">scripts\%U.bat</value>
</samba:parameter>