Jinx
10-08-2000, 08:22 PM
Anyone had any experience with getting a win95 machine to logon to a Linux server by tricking it into thinking it is a NT domain and running a logon script that maps the networked drives?
Cya round
Jinx
Cya round
Jinx
Click to See Complete Forum and Search --> : Windows logon...
furrycat
10-08-2000, 10:20 PM
Set up Samba on the Linux machine. Add the following in your smb.conf:
domain logons = yes
encrypted passwords = yes
logon script = /path/to/scripts/%U.bat
logon home = \\%L\%U\profile
[homes]
path = /winhome
browseable = no
writable = yes
For each user that needs to log on to the
domain, make a DOS batch file in /path/to/scripts/USERNAME.bat (this is what the %U in the smb.conf is for). Make sure the batch file is in proper Messy DOS format, ie with \r\n at the end of lines instead of just \n. Put all the stuff you want in the script for mapping drives "net /use x: \\server\share" etc. The logon home line in the config above lets you use "net /use home" and store roaming profiles correctly.
Then you need to add the users that will log on to your domain to the Samba user database "smbpasswd username"
Aside
Another useful thing you can do is save the ridiculous, defeats-the-object-of-roaming-profiles copying of profile information to and from the local drive. To do this, log in on the Win9x box and set up the profile then log out and press escape to bypass the login screen and run regedit. Then find all occurrences of C:\windows\profiles\username and replace them with \\linuxbox\username\profile. Delete C:\windows\profiles\username. Next time you log in as username, all the profile information stays remote. Hurrah. I wasn't able to find a way to get this to happen automatically. I tried getting the logon script to run a registry patch to do it but the registry is built up AFTER the first logon. Oh well.
edisA
If all this is done correctly you should be able to log on to the domain from a Win9x box. Yippee!
The Bad News: one thing that Samba doesn't yet do is let you enumerate users. In other words if you choose to share a directory on the Win9x box it will ask you to choose the users who can have access to the share. With a real NT server you'd get a list of all users in the domain and you'd choose the ones you want to have full access and those who should have read-only access. But Samba won't return the list of users so you won't be able to share the drive UNLESS you share it out with share level passwords and not use the domain level sharing.
I think that being able to enum users is the single most useful bit about being a domain controller, which is why after I had figured out how to set it all up I was tempted just to shut it all down again. But the second most useful bit is having roaming profiles because it saves you having to reset your start menu every time you reinstall
Windows. In any case, the latest CVS version of Samba-TNG may have user enumeration support. Better check and see.
Disclaimer: although I have actually set up and done everything I describe above, I'm remembering how to do it off the top of my head so I might have forgotten something very important. I found out how to do it by studying the documentation that comes with Samba. So can you!
domain logons = yes
encrypted passwords = yes
logon script = /path/to/scripts/%U.bat
logon home = \\%L\%U\profile
[homes]
path = /winhome
browseable = no
writable = yes
For each user that needs to log on to the
domain, make a DOS batch file in /path/to/scripts/USERNAME.bat (this is what the %U in the smb.conf is for). Make sure the batch file is in proper Messy DOS format, ie with \r\n at the end of lines instead of just \n. Put all the stuff you want in the script for mapping drives "net /use x: \\server\share" etc. The logon home line in the config above lets you use "net /use home" and store roaming profiles correctly.
Then you need to add the users that will log on to your domain to the Samba user database "smbpasswd username"
Aside
Another useful thing you can do is save the ridiculous, defeats-the-object-of-roaming-profiles copying of profile information to and from the local drive. To do this, log in on the Win9x box and set up the profile then log out and press escape to bypass the login screen and run regedit. Then find all occurrences of C:\windows\profiles\username and replace them with \\linuxbox\username\profile. Delete C:\windows\profiles\username. Next time you log in as username, all the profile information stays remote. Hurrah. I wasn't able to find a way to get this to happen automatically. I tried getting the logon script to run a registry patch to do it but the registry is built up AFTER the first logon. Oh well.
edisA
If all this is done correctly you should be able to log on to the domain from a Win9x box. Yippee!
The Bad News: one thing that Samba doesn't yet do is let you enumerate users. In other words if you choose to share a directory on the Win9x box it will ask you to choose the users who can have access to the share. With a real NT server you'd get a list of all users in the domain and you'd choose the ones you want to have full access and those who should have read-only access. But Samba won't return the list of users so you won't be able to share the drive UNLESS you share it out with share level passwords and not use the domain level sharing.
I think that being able to enum users is the single most useful bit about being a domain controller, which is why after I had figured out how to set it all up I was tempted just to shut it all down again. But the second most useful bit is having roaming profiles because it saves you having to reset your start menu every time you reinstall
Windows. In any case, the latest CVS version of Samba-TNG may have user enumeration support. Better check and see.
Disclaimer: although I have actually set up and done everything I describe above, I'm remembering how to do it off the top of my head so I might have forgotten something very important. I found out how to do it by studying the documentation that comes with Samba. So can you!
Jinx
10-17-2000, 09:29 PM
Thanks for that... trying it out now... just gotta get the shares and script to run properly... bit more tweaking. http://discussions.linuxplanet.com/smile.gif
Will keep ya posted...
Cya round
Jinx
Will keep ya posted...
Cya round
Jinx
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.