[SOLVED] NethServer, Active Directory and login script (logon.bat)

Hi all,

NethServer-7.6.1810 with AD installed.

I joined a Win-8.1 to the domain then installed RSAT.

  • In created a group policy to map the home directory.
  • I created a shared folder.
  • I created a group policy to map the shared folder.

All is owrking correctly.

Now I would like to create a login script (logon.bat).
I read quite a lot of information from NethServer about logon.bat but they are all a little bit old.

If I want to use a PowerShell script, it has to be signed… Too much trouble.

Is there a way to create a standard logon.bat script and how to proceed?

All suggestions appreciated,

Michel-André

You could setup a logon.bat script with RSAT:

3 Likes

If the PS script comes within a GPO the signature is optional IIRC.

Hi all,

Thank you Markus and Davide.
After a week of pulling my hair out , I finally made it to work .
The error I made was to join the station to the NetBios Domain Name “micronator-dev” instead of the DNS domain name ad.micronator-dev.org …::persevere:

In RSAT, I made a group policy named ScriptForAll then modify it under User Configuration\Windows Settings\Scripts (Logon/Logoff) and pointed the script to: \\ad.micronator-dev.org\SysVol\ad.micronator-dev.org\scripts\netlogon.bat.

On the NethServer, the file /var/lib/machines/nsdc/var/lib/samba/sysvol/ad.micronator-dev.org/scripts/netlogon.bat is now 3000000:users with 444.

I will re-install everything new and let you know…

Michel-André

It’s normal that uid/gid do not match any system user because that part of the filesystem is controlled by Samba DC in the nsdc container.

:warning: Do not alter the permissions, ACLS, group and owner set by rsat through Samba DC!

If you need to alter the permissions use a Windows client.

Hi Davide,

If I try to change the permission of the .bat file from a joined station, Windows Explorer will abort.

Michel-André

Hi all,

I had to pull a little bit more of my hair to resolve the problem of the login script.

The real best way to do is:

  1. Create a netlogon.bat file in C:\Temp
  2. Create a Group Policy,
  3. Edit the Policy.
  4. You don’t Add… the file right away, You clic Show Files… first. image

Then, you copy the file netlogon.bat from the C:\Temp into the directory displayed after clicking Show Files…
image
That way, the file will have the appropriate owner:group and it will be located inside the policy directory (created in #2 above) under …\User\Scripts\Logon.

# ls -ls /var/lib/machines/nsdc/var/lib/samba/sysvol/ad.micronator-dev.org/Policies/{F7E78A59-FB0F-4A69-826E-8B576FDF7E38}/User/Scripts/Logon
total 8
8 -rwxrwx---+ 1 **3000000 users** 317 13 déc. 20:43 Netlogon.bat

  1. Back to the 1st screen, you Add… and chose the Netlogon.bat file displayed.
  2. After, you have to APPLY then OK
    image image
  • I did all that and it never works.
  • I took a 5 minutes walk to change my mind.
  • When I came back, the script had run OK.
  • How strange…

I always use Win-8.1 and never the spyware Win-10.
Now, as you all know, M$ always makes it the hard way instead of the easy way… Why make it simple when it is possible to make it complicated and obscure?

There was a new parameter in Win-8.1. Have a look at: https://support.microsoft.com/en-us/help/2895815/logon-scripts-do-not-run-for-five-minutes-after-a-user-logs-on-to-a-wi

So I disabled that parameter and Bingo! all is working fine.
All the users have the Netlogon.bat run when they login to any station.

All my documents on NethServer & Active Directory are almost finished. I just have to find out the last little problem with the ldapsearch & ACL and I will publish all the 5 documents.

That will be my gift to the community for my first anniversary with NethServer,

Michel-André

6 Likes

You are a good documentation maker thank a lot

Hi all,

Well, this is not what is happening on all stations but only on the original station where I create the GPO.

I need advices from an AD expert.
Is it possible to have this Netlogon.bat running on all stations? If yes, then how to acheive this?

All suggestions are appreciated,

Michel-André

P.S. For Stéphanne.
I read in one of your reply that you were talking about SME login script Contrib. I used it before and it was working correctly and very easy to use.
Is it possible to adapt it to NethServer?

GPO. Nothing else.

Hi Michael,

It is already a GPO.

Can you explain more how to apply this GPO to all stations?

I hope it is not repeating the same procedures for each stations.

Michel-André

Hi all,

Googling, I found the solution: MAP and TARGET.

imageimage

image

image

Michel-André

1 Like