How do I setup logon.bat scripts for my AD users?

greavette · September 11, 2017, 8:56pm

Hello Team,

After a long break from tasks over the summer I’m back into Nethserver. Looking forward to using and perhaps contributing more to the Nethserver community.

I’m setting up new users on our Nethserver domain and I’m looking for assistance on having my new users map a drive at login to a share used in our office. What are the marketplace apps and steps I use to set up a login.bat by user?

I found this post - Trying to map network drives to groups during login and it appears I need Samba. Does this mean I install the File Sharing App in Marketplace and then add a login.bat file to the templates-custom/samba folder?

Any help or pointers this community can give me are greatly appreciated.

Thank you.

mrmarkuz · September 12, 2017, 1:01am

Hello @greavette,

Partially. You have to have Nethserver Samba DC(http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-dc.html) installed and running. Now Samba 4 is used and there is no “logon script = netlogon.bat” directive anymore. So you have to map the logon script via RSAT Tools. Here an example of user markus having netlogon.bat set as logon script(Win 7 VM screenshot):

On your Nethserver:

mkdir -p /var/lib/machines/nsdc/var/lib/samba/sysvol/cmb.local/scripts
touch /var/lib/machines/nsdc/var/lib/samba/sysvol/cmb.local/scripts/netlogon.bat
chmod 777 /var/lib/machines/nsdc/var/lib/samba/sysvol/cmb.local/scripts/netlogon.bat

Even if I set the rights to 777 only domain admins can access the netlogon share, but you may set it to 755 when you are ready with your netlogon.bat script, just for security.

Now you have access as domain admin from a Windows PC to “\\nsdc-server\netlogon\netlogon.bat” and may edit the netlogon.bat script to your needs to avoid dealing with different line breaks. Here you can see an example how to manage everything in a single logon script with if %username%. I put a pause in the logon script for testing.

Hope this will help you…

stephdl · September 12, 2017, 4:15pm

A bit OT, excuse me for hijacking your post.

For sme server you have this contrib, does it can help or be a good module for nethserver ???

I’m not good with windows, I probably need help here

mrmarkuz · September 12, 2017, 6:58pm

Yes, for sure and Windows admins are used to mapping drives, so a central point to do this like web UI would be great! Tested it on SME now and I think it would be a nice feature. I saw there are per group scripts which is pretty real life scenario, another approach would be having it per user in one editable batch file(like “if %username==admin net use…”) or as web UI like in the SME module with the possibilty to edit the batchfile per user.

My windows vms are always ready for party…

alefattorini · September 13, 2017, 9:04am

Honestly I don’t know how much these scripts are used, I guess that @nrauso @CharlieWhiting and @lucag know the matter better than me.

nrauso · September 14, 2017, 8:30am

In my experience in almost all cases the need is to mount user home directory and you can do it easily with a proper AD policy.

greavette · September 15, 2017, 2:35am

Hello @mrmarkuz and thank you for these useful instructions! Exactly what I needed. I’ve installed RSAT on a Windows 2012 R2 server and applied my logon.bat to each user for our shared folder. Works perfect!

Hey @stephdl…I’m game to try out any new Nethserver modules that may help me administer my office. But honestly I have to agree with @nrauso, using AD works very well. But for those installations where they don’t want to have to purchase another server to install RSAT on, perhaps Nethserver Tools would work best for those use cases.

mrmarkuz · September 15, 2017, 7:54am

You don’t even need a Windows Server, a client is enough, see https://wiki.samba.org/index.php/Installing_RSAT.

If someone needs Samba then he needs it for Windows so he has the possibility to install RSAT on his Windows systems. But I still like the idea to do our own AD/GPO thing on Nethserver, with just changing ldap attributes and no dependence on Windows tools: https://wiki.samba.org/index.php/User_Home_Folders#Using_ldbedit_on_a_Domain_Controller.
It’s maybe more a “nice to have” than a “need to have”.

fausp · September 17, 2017, 9:42am

I use the Smeserver-tw-logonscript Contrib (https://wiki.contribs.org/Smeserver-tw-logonscript) very often on SME 9.2, for my customers.

Would be great to have this functionality on NethServer…

tkbrb · August 14, 2019, 10:21pm

Did you solve your problem about logon script like used on smeserver 9.2? I want to migrate to nethserver but not without samba logon-script.bat

pike · August 14, 2019, 10:27pm

Did you take a read on 2nd message?

It’s not an integrated feature on the interface, but with a little Windows VM you can use RSAT Tools on Samba4 DC module.

tkbrb · August 15, 2019, 5:51am

Thanks, yes i read this. But still a question: so i have to include the SME script on all clients oder does RSAT Tools modifiy samba service directly on the server? What about new users added? By assigning them to a group they automatically get drives incl the drive letters for their group? apologize for the question but i never needed RSAT Tools before Windows Version changed to 1809/1903.

complement:
I tried to access via RSAT Tools. Connect estabished but on accessing Net Logon I’m getting error message "Fehler beim Lesen der Bescheibung, Fehlercode 122). Modify not possible.
path /usr/lib64/samba/svcctl/smbd , also changing the account name ist not possible (grey)
Even if switching off firewall.
Is there any howto?

robb · August 15, 2019, 10:06am

Just to doublecheck: you try to use an account that is member of the Domain Admins group?