diff options
Diffstat (limited to 'docs-xml/smbdotconf/logon/logonscript.xml')
-rw-r--r-- | docs-xml/smbdotconf/logon/logonscript.xml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/logon/logonscript.xml b/docs-xml/smbdotconf/logon/logonscript.xml new file mode 100644 index 0000000..cf02466 --- /dev/null +++ b/docs-xml/smbdotconf/logon/logonscript.xml @@ -0,0 +1,54 @@ +<samba:parameter name="logon script" + context="G" + type="string" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This parameter specifies the batch file (<filename>.bat</filename>) or NT command file + (<filename>.cmd</filename>) to be downloaded and run on a machine when a user successfully logs in. The file + must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended. + </para> + + <para> + The script must be a relative path to the <smbconfsection name="[netlogon]"/> service. If the [netlogon] + service specifies a <smbconfoption name="path"/> of <filename + moreinfo="none">/usr/local/samba/netlogon</filename>, and <smbconfoption name="logon + script">STARTUP.BAT</smbconfoption>, then the file that will be downloaded is: +<programlisting> + /usr/local/samba/netlogon/STARTUP.BAT +</programlisting> + </para> + + <para> + The contents of the batch file are entirely your choice. A suggested command would be to add <command + moreinfo="none">NET TIME \\SERVER /SET /YES</command>, to force every machine to synchronize clocks with the + same time server. Another use would be to add <command moreinfo="none">NET USE U: \\SERVER\UTILS</command> + for commonly used utilities, or +<programlisting> +<userinput>NET USE Q: \\SERVER\ISO9001_QA</userinput> +</programlisting> + for example. + </para> + + <para> + Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users + write permission on the batch files in a secure environment, as this would allow the batch files to be + arbitrarily modified and security to be breached. + </para> + + <para> + This option takes the standard substitutions, allowing you to have separate logon scripts for each user or + machine. + </para> + + <para> + This option is only useful if Samba is set up as a logon server in a classic domain controller role. + If Samba is set up as an Active Directory domain controller, LDAP attribute <filename moreinfo="none">scriptPath</filename> + is used instead. For configurations where <smbconfoption name="passdb backend">ldapsam</smbconfoption> is in use, + this option only defines a default value in case LDAP attribute <filename moreinfo="none">sambaLogonScript</filename> + is missing. + </para> +</description> +<value type="default"></value> +<value type="example">scripts\%U.bat</value> +</samba:parameter> |