logon script not executed by simple users [SOLVED]

[DWAM]

Hi!

I have a problem with the logon script not being executed by "simple users" (not having administrators rights).

Using Zentyal 2.0.22 and XP SP3 clients (correctly joined to the domain)

Everything works as expected for admin accounts, but when my users are simply users, the logon script is not even executed at all!

I'm using the default conf proposed by Zentyal (netlogon share and perms, zentyal-logon.bat script...). I only modified the logon.bat.mas template to add my shares and installed tofrodos package to be able to unix2dos the generated logon.bat script.

Is this "normal" ?
What is to be done so that it works for simple users ?

Thanks in advance. Any help appreciated...

[NapaEs]

Hi!

I new with zentyal.

But I think I am seraching for similar the same solution/problem as you! With logon script do you mean the webinterface? I want to login as "simple user" via webinterface to change the own password of the user. But it don't run. Is there a other solution for Windows user / clients, for example your logon script?

 

[DWAM]

Hi NapaEs

no what I'm talking about is completely different. Logon scripts have no relation with the web interface.

If you want your users to change their password, you need to activate the "usercorner" module which provides you with a special web interface (not the main zentyal one) for users. The UserCorner may then be browsed at https://yourserver:8888/

[NapaEs]

Hi DWAM!

Thank's a lot! It runs!
Refer to your origin problem! Is there a solution to connect win xp as client at zentyal like in a windows domain?

Or whats the function of your login script solution?

Thank you for answering because I will learn more about zentyals abilities!

[greavette]

Hi DWAM,

I didn't notice your thread about your logon.bat problem until today.  I posted a comment in the thread I started in the General Support forum...but in case you have a notify on your thread, I'll add my comment to this one too.

I've tested my logon.bat script using a limited user (only the USER group) and the script worked without error.  I used the same script as my Admin users in our office, net use statements to connect to shares.

What error are you getting when you run your logon.bat script for your limited users?  Add some pause statements to your .bat file and test running the script directly in windows (not using the script in home/samba/netlogon in Zentyal when the computer starts) and see if there are any errors.

[DWAM]

Hi Greavette and thanks for your concern. Sorry for the delay, I just came back from my client.

Good to know it can work...

Already tried to add a pause in the script : for admins the script runs fine until the pause, waiting for a key stroke as expected.
For users, I already tried to execute the script by double-clicking it but nothing happens, no alerts, just as if there were nothing in it to execute. The window opens and closes at once. The pause statement is not interpreted even when I place it at the very start... before the net use statements.

Zentyal does not log anything (or I couldn't find)... Nor the windows client... !! ??

I had to install the server and the XP clients at my client today... I gave admin rights to all the users so that the shares mount, but the whole security strategy is reduced to zero... and I have lost (and will lose) a lot of time trying to solve this problem.

Now the server is in production I cannot test things easily but I will certainly setup another server this week-end to check this annoying problem.

Could you please copy the parameters of your netlogon share ?
I'm using the Zentyal defaults... Do you remember anything that you modified ?

One last precision : I'm using the 64 bits version of Zentyal. What about you ?

Thanks again...

[greavette]

I don't think this has anything to do with Zentyal...but to answer your question, I'm running Zentyal on ubuntu lucid (10.04) 32 bit. 

I think this is purely a windows problem.  When I get home I'll post the code I have in my .bat file.  Please post your code (remove anything private) and I'll take a look and see if I can replicate your problem on my server.  The fact that windows isn't even starting the process (opens dos window and immediately closes without recognizing your pause statement) is strange, but I've seen this happen before.  Hopefully we can get this straightened out for you.

[fuse]

Check for typos, it have happened to me.
The script stopped because of a typo when checking group memberships and did not go forward that point.

[DWAM]

Thanks for the suggestion, Onze. However, typos would prevent the script from working for both admins and users, which is not the case... If I give admin rights to the users, the logon script as is works fine...

I made the tests with only one statement to execute :
net use S: \\server\data /persistent:no

All users have read and write perms on this share...
If the user browses to the share with UNC, everything works fine...

Greavette, what do you mean by "this is purely a windows problem" ?
I made the tests with 3 different XP clients : 2 from a clean install and the third one with one of my own PC which works perfectly in my own domain (not zentyal PDC). I also checked the local GPOs.

[ichat]

create a pastebin with your login sript and  a post with al relevant settings in zentyal  (version,  users / groups   etc   so that i can mimic my virtual setup to yours... ill be happy to debug your windows setups ... if you get me enougth data to reproduce the error...

[DWAM]

Ichat, here's what I did from scratch

- server is ASRock MB Socket 775, 2Go DDR3, Intel E5400 Dual Core
- RAID1 software for Swap and /

- install Zentyal 64bits from latest iso (last week)
- after install and updates, Zentyal shows version 2.0.22

- setup samba as PDC
- created one share in File Sharing : /home/samba/shares/data

- modified /usr/share/ebox/stubs/samba/logon.bat.mas to add : net use S: \\server\data /persistent:no
- restarted samba : /etc/init.d/ebox samba restart
- checked /home/samba/netlogon/zentyal-logon.bat : my net use is properly added at the end of Zentyal default script

- installed tofrodos package > todos /home/samba/netlogon/zentyal-logon.bat

- created one Administrator account in Users and Groups module
- created one User account
- no groups defined so far
- no quotas

- joined a freshly installed XP SP3 workstation to the domain : Welcome message
- opened a session with the Administrateur account : no problem, the S: share is mounted + home share (as wanted)
- opened a session with the User account : problem, the share S: is NOT mounted but home share is OK

- many many tests... checking permissions everywhere... reboots... re-everything many times... no results...
- smbd.conf seems correct, the [netlogon] section is zentyal's one, I did not change anything.

- if I give admin rights to the very same user, then everything works as expected...

- I also tried 2 more workstations to the same effect

My config as you can see is nearly Zentyal out of the box... I didn't modify the default Zentyal setup and config files, unless necessary...

The server is no longer at my workshop and due to this logon script problem, I didn't bother to setup a VPN or remote admin facilities, so I cannot simply copy and paste the several files this setup implies. I hope this is what you expected anyway... Let me know if you need anything.

TIA

[DWAM]

Here's the copy of /home/samba/netlogon/zentyal-logon.bat

Code: [Select]

@echo off
net time \\dwamsrv /set /yes
net use P: \\dwamsrv\public /persistent:no
net use S: \\dwamsrv\data /persistent:no
net use T: \\dwamsrv\applis /persistent:no

Very basic stuff... I removed the part for mounting homeshares in W7... Useless for me.

[greavette]

Hello DWAM,

What I meant was, I don't think this is a Zentyal problem.  I'm thinking there is a script error that is not allowing the script to execute for you...but now that I see your script, I'm confused...I can't see why it won't work for you.  You've checked the permissions already so that doesn't make sense. 

What if from your limited user account on the Windows XP workstation you try accessing the share from Windows Explorer:
\\server\data

Does it ask for a user id and password?

I'm also using Net use statements in my script, but the difference in mine is, I'm adding a user and password to my net use command.  My Servers are not on our Domain (yet) and I don't want to open up my shares to everyone so I've added access to these shares (based on their Workgroup user).  I've added the user id and password to my logon.bat script and for my limited users.

@echo off
net use L: /delete

net use L: \\server1\LIMS /USER:WORKGROUP\user password /persistent:yes

[DWAM]

What I meant was, I don't think this is a Zentyal problem.

I'm not following you there... This is 100% a Zentyal problem...

I could do more testing today... I have news... Tell you later... Busy right now

What if from your limited user account on the Windows XP workstation you try accessing the share from Windows Explorer:
\\server\data
Does it ask for a user id and password?

No

[greavette]

Ok...keep me posted.  I'm interested now as to what the problem could be if it's Zentyal related.