w2k, samba and su - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » w2k, samba and su

Page 1 of 2

1

Topic Options

#102412 - 2003-06-27 03:07 PM w2k, samba and su
MarcoG60 MarcoG60 Fresh Scripter Registered: 2003-03-28 Posts: 23 Loc: Netherlands	I can't seem to get my script working! i've got a samba pdc wich runs kixtart. but my regist5ry settings won't be processed unles i'm the user is a member of domain admin group. with this function everything works fine. but when a user who isn't a domain admin logs in it al goes wong. the script wont write into de register i have settings for hkcu and hklm but it just won't write in it. i've installed the su command and got it working only i stil wont see the registry entry's i tried su with the -l option and then the script puts everything in the .default but this also doesn't work it won't be proecessed but i can see the hacks. but i just cant write the registry for the user who logged in? could you please help me
Top

#102413 - 2003-06-27 03:13 PM Re: w2k, samba and su
MarcoG60 MarcoG60 Fresh Scripter Registered: 2003-03-28 Posts: 23 Loc: Netherlands	When i open the regeistry as administrator i can see the adjustments i made. but as soon as the shell terminates it takes the hkcu of the user who logged in so no adjustements. i heard also that a normal user could write to the hkcu, but it doesn't work. please help i'm desperate
Top

#102414 - 2003-06-27 03:13 PM Re: w2k, samba and su
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	don't believe this has nothing to do with samba or the pdc at all... what kind of script you have? does it work if you manually start it? _________________________ ! download KiXnet
Top

#102415 - 2003-06-27 03:22 PM Re: w2k, samba and su
MarcoG60 MarcoG60 Fresh Scripter Registered: 2003-03-28 Posts: 23 Loc: Netherlands	It also doesn't work when i start it manually. i'll put up a piece of the code it's just for testing ------netlogon.kix $userid="administrator" $password="test" setl "SU_COMMANDLINE=c:\kixstart\WKIX32.EXE c:\kixnetlogon\netw2000register.kix" setl "SU_PASSWORD=$password" go c: shell "%comspec% /c su $userid -v" -------- ------netw200register.kix WritePolicy($hkcusmwcvps,NoDispBackgroundPage,1,REG_DWORD) WritePolicy($hkcusmwcvps,NoDispScrSavPage,1,REG_DWORD) WritePolicy($hkcusmwcvps,NoDispSettingsPage,1,REG_DWORD) WritePolicy($hkcusmwcvps,NoDispCPL,1,REG_DWORD) WritePolicy($hkcusmwcvps,NoDispAppearancePage,1,REG_DWORD) Function WritePolicy($subkey,$entry,$expres,$type) IF EXISTKEY($subkey)<>0 ADDKEY($subkey) ENDIF WRITEVALUE($subkey,"$entry","$expres","$type") EndFunction ---------- this works when i'm a domain admin
Top

#102416 - 2003-06-27 03:33 PM Re: w2k, samba and su
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	sure. you are trying to modify policies with non-admin account via registry-hacking. that's no go. for some policies in NT it works but with w2k or newer they should all fail. if you are not using proper policies, you indeed need su or similar. you might want to add some sort of checks to see how deep your script runs with the current script. I suggest you change to real policies thus you don't need to hack everything and expose passwords etc. check out: http://de.samba.org/samba/devel/docs/html/policymgmt.html _________________________ ! download KiXnet
Top

#102417 - 2003-06-27 04:34 PM Re: w2k, samba and su
MarcoG60 MarcoG60 Fresh Scripter Registered: 2003-03-28 Posts: 23 Loc: Netherlands	Thanks for the tip. do you know any forum on which i can find people with the same pdc,samba policy problems. i checked the site but it didn't yet answer al my questions. the file talks about active directory but i don't have active directory on my samba server.
Top

#102418 - 2003-06-27 04:37 PM Re: w2k, samba and su
MarcoG60 MarcoG60 Fresh Scripter Registered: 2003-03-28 Posts: 23 Loc: Netherlands	i also blocked in my script the abbility to run registry editor. so if i could give the users more rights in the registry it could be fixed. if anyone knows how to do this please let me now
Top

#102419 - 2003-06-27 05:02 PM Re: w2k, samba and su
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	there is no use doing policy that the user can override. if the user can set it (even though via script) he can also remove it. sure, it talked about active-directory as that's the cutting edge of samba PDC if your samba runs as NT PDC, things should be quite much simpler. what questions you weren't answered with that document? _________________________ ! download KiXnet
Top

#102420 - 2003-06-27 05:08 PM Re: w2k, samba and su
MarcoG60 MarcoG60 Fresh Scripter Registered: 2003-03-28 Posts: 23 Loc: Netherlands	if i read your post right you tell me i can let my samba server act as a active directory server? is this possible?
Top

#102421 - 2003-06-27 05:24 PM Re: w2k, samba and su
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	no, not just server. but you can use it as replacement of all wintosh ad-servers! sure, AD PDC (samba 3.0) has minor issues still but the good old 2-series works fine with AD as a member. _________________________ ! download KiXnet
Top

#102422 - 2003-06-27 07:06 PM Re: w2k, samba and su
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Policies can also be set through the .POL files located in the NETLOGON shares if AD is not available (even under Samba). BTW, there's a reason that users cannot write to HKLM and the policy sections of HKCU, correct procedure is to use GPOs or .POL files, not to soften registry permissions. See also the FAQ Forum under Installing an Application as an Admin _________________________ There are two types of vessels, submarines and targets.
Top

#102423 - 2003-06-27 09:22 PM Re: w2k, samba and su
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	gpo is not suitable in this situation. anyway, one should read the other topics related to get the full situation-picture. _________________________ ! download KiXnet
Top

#102424 - 2003-06-27 09:32 PM Re: w2k, samba and su
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	GPO was never proposed as an option as it is not supported. The other thread made no mention of SAMBA. The GPO stle policy can be translated into NT4 style policies by creating custom ADM files. An admin script could reach out over the network and modify the registry locations albeit not as HKCU. You would have to walk the SIDs of the user's hives. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#102425 - 2003-06-27 09:50 PM Re: w2k, samba and su
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	didn't? quote: We use a UNIX environment with an SAMBA server as PDC directly from http://www.kixtart.org/board/ultimatebb.php?ubb=get_topic;f=1;t=007409 _________________________ ! download KiXnet
Top

#102426 - 2003-06-27 09:54 PM Re: w2k, samba and su
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I am talking about the other post. quote: I have a script thats runs on login of the users into w2k professional. in this script i restrict user rights by changing the registry. only it doesn't work when the user isn't in domain admins group. i thought a script always was superuser! how can i go around this and write to the registry? thkx Marco That was where I mention GPO. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#102427 - 2003-06-27 10:03 PM Re: w2k, samba and su
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	oh les... sure, but just above in this topic you see jens suggesting it as option. _________________________ ! download KiXnet
Top

#102428 - 2003-06-27 10:20 PM Re: w2k, samba and su
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Yes, I did. However, I mention both options, being fully aware that he cannot use GPOs. However, he is trying to implement some kind of policy, thus GPO/.POL both do this. _________________________ There are two types of vessels, submarines and targets.
Top

#102429 - 2003-06-27 10:25 PM Re: w2k, samba and su
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	aah... sure sure... but the flame is not just mine even though I started it! as he explained that he uses samba without AD, the proper way would be with pol. once he upgrades to AD version of samba, it's different. but reg-hacks for policies are always just kinda-policies. _________________________ ! download KiXnet
Top

#102430 - 2003-06-30 10:30 AM Re: w2k, samba and su
MarcoG60 MarcoG60 Fresh Scripter Registered: 2003-03-28 Posts: 23 Loc: Netherlands	Ah i'm back at work and getting a lot of good reactions. great thkx Oke i'm a bit new in the in this situation. But i understand that you lonkero also have a simular situation? AD ? Don't understand what this option is. I have also tried to use the .pol files but my workstations wouldn't pick it up. I used a pol editor from w98 (we don't have NT4) if you could give me any suggestions of solving this problem. wich poleditor to use and what this AD is
Top

#102431 - 2003-06-30 10:46 AM Re: w2k, samba and su
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	Follow the link that Lonkero provided above so that you have some understanding of policies - how they work, where to put them and what tools to use. Specifically, Win9x and NT use different policy files. They have different names and use different templates. Depending on your clients you may need to maintain both.
Top

Page 1 of 2

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 657 anonymous users online.

Newest Members

M_Moore, BeeEm, min_seow, Audio, Hoschi
17883 Registered Users

Generated in 0.214 seconds in which 0.135 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking