1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/docs/textdocs/DOMAIN.txt
Samba Release Account 0e8fd33987 Initial version imported to CVS
(This used to be commit 291551d807)
1996-05-04 07:50:46 +00:00

69 lines
2.4 KiB
Plaintext

Samba now supports domain logons and network logon scripts. The
support is still experimental, but it seems to work.
The support is also not complete. Samba does not yet support the
sharing of the SAM database with other systems yet, or remote
administration. Support for these kind of things should be added
sometime in the future.
The domain support only works for WfWg and Win95 clients. Support for
NT and OS/2 clients is still being worked on.
Using these features you can make your clients verify their logon via
the Samba server and make clients run a batch file when they logon to
the network. The latter is particularly useful.
To use domain logons you need to do the following:
1) Setup nmbd and smbd and configure the smb.conf so that Samba is
acting as the master browser. See INSTALL.txt and BROWSING.txt for
details.
2) create a share called [netlogon] in your smb.conf. This share should
be readable by all users, and probably should not be writeable. This
share will hold your network logon scripts.
For example I have used:
[netlogon]
path = /data/dos/netlogon
writeable = no
guest ok = yes
3) in the [global] section of smb.conf set the following:
domain logons = yes
logon script = %U.bat
the choice of batch file is, of course, up to you. The above would
give each user a separate batch file as the %U will be changed to
their username automatically. The other standard % macros may also be
used. You can make the btch files come from a subdirectory by using
soemthing like:
logon script = scripts\%U.bat
4) create the batch files to be run when the user logs in. If the batch
file doesn't exist then no batch file will be run.
In the batch files you need to be careful to use DOS style cr/lf line
endings. If you don't then DOS may get confused. I suggest you use a
DOS editor to remotely edit the files if you don't know how to produce
DOS style files under unix.
5) Use smbclient with the -U option for some users to make sure that
the \\server\NETLOGON share is available, the batch files are visible
and they are readable by the users.
6) you will probabaly find that your clients automatically mount the
\\SERVER\NETLOGON share as drive z: while logging in. You can put some
useful programs there to execute from the batch files.
NOTE: You must be using "security = user" or "security = server" for
domain logons to work correctly. Share level security won't work
correctly.