How do I setup logon.bat scripts for my AD users?

profiles
domain
v7
activedirectory

(Charles) #1

Hello Team,

After a long break from tasks over the summer I’m back into Nethserver. Looking forward to using and perhaps contributing more to the Nethserver community.

I’m setting up new users on our Nethserver domain and I’m looking for assistance on having my new users map a drive at login to a share used in our office. What are the marketplace apps and steps I use to set up a login.bat by user?

I found this post - Trying to map network drives to groups during login and it appears I need Samba. Does this mean I install the File Sharing App in Marketplace and then add a login.bat file to the templates-custom/samba folder?

Any help or pointers this community can give me are greatly appreciated.

Thank you.


Automatically mount shares
Network Drive Mapping Policy & Drive Letter Assignment
Logon scripts question
(Markus Neuberger) #2

Hello @greavette,

Partially. You have to have Nethserver Samba DC(http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-dc.html) installed and running. Now Samba 4 is used and there is no “logon script = netlogon.bat” directive anymore. So you have to map the logon script via RSAT Tools. Here an example of user markus having netlogon.bat set as logon script(Win 7 VM screenshot):

On your Nethserver:

mkdir -p /var/lib/machines/nsdc/var/lib/samba/sysvol/cmb.local/scripts
touch /var/lib/machines/nsdc/var/lib/samba/sysvol/cmb.local/scripts/netlogon.bat
chmod 777 /var/lib/machines/nsdc/var/lib/samba/sysvol/cmb.local/scripts/netlogon.bat

Even if I set the rights to 777 only domain admins can access the netlogon share, but you may set it to 755 when you are ready with your netlogon.bat script, just for security.

Now you have access as domain admin from a Windows PC to “\\nsdc-server\netlogon\netlogon.bat” and may edit the netlogon.bat script to your needs to avoid dealing with different line breaks. Here you can see an example how to manage everything in a single logon script with if %username%. I put a pause in the logon script for testing.

Hope this will help you…


Cifs on nethserver 7
(Stéphane de Labrusse) #3

A bit OT, excuse me for hijacking your post.

For sme server you have this contrib, does it can help or be a good module for nethserver ???

I’m not good with windows, I probably need help here


Network Drive Mapping Policy & Drive Letter Assignment
(Markus Neuberger) #4

Yes, for sure and Windows admins are used to mapping drives, so a central point to do this like web UI would be great! Tested it on SME now and I think it would be a nice feature. I saw there are per group scripts which is pretty real life scenario, another approach would be having it per user in one editable batch file(like “if %username==admin net use…”) or as web UI like in the SME module with the possibilty to edit the batchfile per user.

My windows vms are always ready for party…


(Alessio Fattorini) #5

Honestly I don’t know how much these scripts are used, I guess that @nrauso @CharlieWhiting and @lucag know the matter better than me.


(Nicola) #6

In my experience in almost all cases the need is to mount user home directory and you can do it easily with a proper AD policy.


(Charles) #7

Hello @mrmarkuz and thank you for these useful instructions! Exactly what I needed. I’ve installed RSAT on a Windows 2012 R2 server and applied my logon.bat to each user for our shared folder. Works perfect!

Hey @stephdl…I’m game to try out any new Nethserver modules that may help me administer my office. But honestly I have to agree with @nrauso, using AD works very well. But for those installations where they don’t want to have to purchase another server to install RSAT on, perhaps Nethserver Tools would work best for those use cases. :slight_smile:


(Markus Neuberger) #8

You don’t even need a Windows Server, a client is enough, see https://wiki.samba.org/index.php/Installing_RSAT.

If someone needs Samba then he needs it for Windows so he has the possibility to install RSAT on his Windows systems. But I still like the idea to do our own AD/GPO thing on Nethserver, with just changing ldap attributes and no dependence on Windows tools: https://wiki.samba.org/index.php/User_Home_Folders#Using_ldbedit_on_a_Domain_Controller.
It’s maybe more a “nice to have” than a “need to have”.


(fpausp) #9

I use the Smeserver-tw-logonscript Contrib (https://wiki.contribs.org/Smeserver-tw-logonscript) very often on SME 9.2, for my customers.

Would be great to have this functionality on NethServer…