3

My server is Debian-based, running Samba as the Primary Domain Controller. I have verified the permissions on the netlogon share (drwxrwsr-x) and the login.bat (-rwxrwxr-x) file, to allow all users Read and Execute permissions. On some of the systems, the script simply does not run; no drives mapped, no Program Update checks, etc. However, I can manually navigate to \\server\netlogon\login.bat, run the file, and all the drive mappings appear!

I wish I could see a pattern, but it seems to only happen to a few PCs, then it happens to different PCs, and is never constant. All the PCs are Windows 7 Pro, and the users logging in are regular users, no Administrators (other then myself) log in to them for day-to-day use. In the Group Policy Editor, the Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon parameter is set to Enabled.

I cannot think of any recent changes that may have occurred in the vicinity of these computers, and they always have Internet access, and can manually connect to the server. What else can I look for? Below is the result of testparm -s:

[global]
        workgroup = DOMAIN
        netbios name = SERVER
        server string = server
        interfaces = eth1
        bind interfaces only = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *new*password* %n\n *new*password* %n\n *updated*
        unix password sync = Yes
        log level = 1
        name resolve order = host wins lmhosts bcast
        printcap name = /dev/null
        disable spoolss = Yes
        logon script = login.bat
        logon path = \\server\netlogon
        preferred master = yes
        logon drive = h:
        domain logons = Yes
        os level = 255
        domain master = Yes
        wins support = Yes
        path = /var/spool/lpd/samba
        admin users = machine
        write list = @domainadmins
        printing = lprng
        print command = lpr -r -P'%p' %s
        lpq command = lpq -P'%p'
        lprm command = lprm -P'%p' %j
        lppause command = lpc hold '%p' %j
        lpresume command = lpc release '%p' %j
        queuepause command = lpc stop '%p'
        queueresume command = lpc start '%p'

[netlogon]
        path = /usr/local/share/netlogon

UPDATE - I had to restart the Samba daemon on the server. Some computers that were working fine are now showing issues, and ones that were showing issues seem fine. Is this helpful in narrowing down the issue?

Canadian Luke
  • 885
  • 14
  • 41

1 Answers1

1

Some thoughts... with this sort of problem, I'd want to gather as much info as possible, including the boot sequence of the PC. I'd first turn on boot logging, and turn off all the "glitz" from the Windows 7 boot process:

%SystemRoot%\System32\bcdedit.exe /set quietboot off
%SystemRoot%\System32\bcdedit.exe /set bootlog on
%SystemRoot%\System32\bcdedit.exe /set sos on

(Boot logs get written to %WINDIR%\ntbtlog.txt)

I'd then use Process Monitor to monitor the boot and logon process ("enable boot logging" in the menus). From here, you'll see interaction with your SMB server. Process Monitor generates a lot of data, so clever filtering is key. However, with such a vague problem, you may need to start without any filtering.

Out of interest, are you absolutely sure your logon script isn't running, i.e.: have you tried getting it to echo a date/time to a file somewhere, or something similarly simple? Just a thought.

Also, I appreciate you won't be running Group Policy, as you don't have AD, but there's a registry value somewhere to control whether the logon script runs asynchronously, or synchronously. The former can cause a logon script to fail if the network stack isn't fully up. I've seen this happen when the client has a cached copy of the logon script available...

This is where I'd start, anyway.

Simon Catlin
  • 5,222
  • 3
  • 16
  • 20