+# Perl script to generate user logon scripts on the fly, when users
+# connect from a Windows client. This script should be called from smb.conf
+# with the %U, %G and %L parameters. I.e:
+# root preexec = %U %G %L
+# The script generated will perform
+# the following:
+# 1. Log the user connection to /var/log/samba/netlogon.log
+# 2. Set the PC's time to the Linux server time (which is maintained
+# daily to the National Institute of Standard's Atomic clock on the
+# internet.
+# 3. Connect the user's home drive to H: (H for Home).
+# 4. Connect common drives that everyone uses.
+# 5. Connect group-specific drives for certain user groups.
+# 6. Connect user-specific drives for certain users.
+# 7. Connect network printers.
+# Log client connection
+#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
+($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
+open LOG, ">>/var/log/samba/netlogon.log";
+print LOG "$mon/$mday/$year $hour:$min:$sec - User $ARGV[0] logged into $ARGV[1]\n";
+close LOG;
+# Start generating logon script
+open LOGON, ">/shared/netlogon/$ARGV[0].bat";
+print LOGON "\@ECHO OFF\r\n";
+# Connect shares just use by Software Development group
+if ($ARGV[1] eq "SOFTDEV" || $ARGV[0] eq "softdev")
+ print LOGON "NET USE M: \\\\$ARGV[2]\\SOURCE\r\n";
+# Connect shares just use by Technical Support staff
+if ($ARGV[1] eq "SUPPORT" || $ARGV[0] eq "support")
+ print LOGON "NET USE S: \\\\$ARGV[2]\\SUPPORT\r\n";
+# Connect shares just used by Administration staff
+if ($ARGV[1] eq "ADMIN" || $ARGV[0] eq "admin")
+ print LOGON "NET USE L: \\\\$ARGV[2]\\ADMIN\r\n";
+ print LOGON "NET USE K: \\\\$ARGV[2]\\MKTING\r\n";
+# Now connect Printers. We handle just two or three users a little
+# differently, because they are the exceptions that have desktop
+# printers on LPT1: - all other user's go to the LaserJet on the
+# server.
+if ($ARGV[0] eq 'jim'
+ || $ARGV[0] eq 'yvonne')
+ print LOGON "NET UsE LPT2: \\\\$ARGV[2]\\LJET3\r\n";
+ print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
+ print LOGON "NET USE LPT1: \\\\$ARGV[2]\\LJET3\r\n";
+ print LOGON "NET USE LPT3: \\\\$ARGV[2]\\FAXQ\r\n";
+# All done! Close the output file.
+close LOGON;
+# Mapping should be kept in the form
+# username(USER) or groupname(WEBUSERS) = driveletter (W:), samba share name (WEB)
+# ie. user = W:,WEB or webusers = W:,WEB
+# Problem found when testing, if there is a duplicate entry only the last one is used,
+# not the first or both, another problem is that when testing I found a bug in Config::Simple, if you have a tab
+# infront of your # on a comment it breaks ...
+# logging = yes # Should Logging be enabled (YES,ON,1 or NO,OFF,0)(if not specified defaults to no)
+# logdir = "/root/perl" # What is the base directory the logs should be stored.
+# logfile = "userlist.txt" # What should the file be named.
+# VERY IMPORTANT anything that has a "\" (backslash) in it ex. "C:\" MUST be changed to a double "\\" for
+# it to be used in the script. ex. "C:\\"
+logging = yes
+logdir = "/home/samba/netlogon"
+logfile = "UserLogs.txt"
+mkprofile = 1
+timesync = yes
+sambaconf = "/etc/samba/smb.conf"
+logtype = file
+# Change and uncomment the below value to force the servername, some clients ocassionally
+# have trouble picking up the right servername so it may need to be set. It CANNOT be left blank AND uncommented.
+servername = "TIGER"
+public = P:, public
+home = H:, /home
+teachers = S:, RECORDS, X:, SIS
+plato = T:, PLATO
+webpage = W:, WEB
+hsoffice = N:, HSOFFICE, Q:, COMMON, X:, SIS
+suoffice = N:, super, Q:, COMMON, X:, SIS
+emoffice = N:, emOFFICE, Q:, COMMON, X:, SIS
+tech = O:, utils
+yearbook = Y:, yearbook
+rnance = G:, GHOST, I:, TTL, Y:, ARCHIVES, R:, NETLOGON, X:, SIS
+lwatts = G:, GHOST, I:, TTL, Y:, ARCHIVES, R:, NETLOGON, X:, SIS
+droot = U:, stuhomes
+2007mbk = Y:, yearbook
+2008mll = Y:, yearbook
+2008jtj = Y:, yearbook
+2007tja = Y:, yearbook
+2007hms = Y:, yearbook
+2006dpv = Y:, yearbook
+2006jwb2 = Y:, yearbook
+2007npd = Y:, yearbook
+astewart = Y:, yearbook
+# Here is where things get confusing, you can assign a computer, or make a group of computers.
+# The same context will go for ip address's as well, however you can also specify ip ranges,
+# but I have not yet figured out how to do multiple ranges.
+# Use the following examples for help.
+# To define a single computer to do commands
+# mymachinename = command1, command2
+# To define a group of computers to do commands
+# mymachinegroup = machinename1, machinename2
+# [performcommands]
+# mymachinegroup = command1,command2
+# iprangegroup1 = -
+sixthemints = -
+common = "XCOPY P:\\TYPEN32.INI C:\\WINDOWS\\ /Y \>NUL", "XCOPY P:\\ARPROGRAMS\\DBLOCATION\\\*\.\* C:\\WINDOWS\\ /Y \>NUL", "XCOPY P:\\EMACTIVITIES\\EMGAMESPREFS.INI C:\\WINDOWS\\ /Y \>NUL", "PATH\=\%PATH\%;p:\\PXPerl\parrot\\bin;p:\\PXPerl\\bin"
+sixthemints = "start \\\\\\printer"
+#!/usr/bin/perl -w
+# 05/01/2005 - 18:07:10
+# - Login Script Generator
+# Copyright (C) 2005 Ricky Nance
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <>.
+# Version: 1.0 (Stable)
+# Revised: 07/28/2005
+# Comments...
+# Working on logging to the system logs, Logs user activity, but not errors yet.
+use strict;
+use Getopt::Long;
+eval { require Config::Simple; };
+if ($@) {
+ print("\n");
+ print( "It appears as though you don't have the Config Simple perl module installed.\n" );
+ print("The package is typically called 'Config::Simple' \n");
+ print("and it needs to be installed, before you can use this utility\n");
+ print("Most PERL installations will allow you to use a command like\n");
+ print("\ncpan -i Config::Simple\n");
+ print("from the command line while logged in as the root user.\n");
+ print("\n");
+ exit(1);
+# use Data::Dumper; #Used for debugging purposes
+# This variable should point to the external conf file, personally I would set
+# it to /etc/samba/mklogon.conf
+my $configfile;
+foreach my $dir ( ( '/etc', '/etc/samba', '/usr/local/samba/lib' ) ) {
+ if ( -e "$dir/mklogon.conf" ) {
+ $configfile = "$dir/mklogon.conf";
+ last;
+ }
+# This section will come directly from the samba server. Basically it just makes the script easier to read.
+my $getopts = GetOptions(
+ 'u|username=s' => \my $user,
+ 'm|machine=s' => \my $machine,
+ 's|servername=s' => \my $server,
+ 'o|ostype=s' => \my $os,
+ 'i|ip=s' => \my $ip,
+ 'd|date=s' => \my $smbdate,
+ 'h|help|?' => \my $help
+if ($help) {
+ help();
+ exit(0);
+# We want the program to error out if its missing an argument.
+if ( !defined($user) ) { error("username"); }
+if ( !defined($machine) ) { error("machine name") }
+if ( !defined($server) ) { error("server name") }
+if ( !defined($os) ) { error("operating system") }
+if ( !defined($ip) ) { error("ip address") }
+if ( !defined($smbdate) ) { error("date") }
+# This section will be read from the external config file
+my $cfg = new Config::Simple($configfile) or die "Could not find $configfile";
+# Read this part from the samba config
+my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst ) = localtime(time);
+my $sambaconf = $cfg->param("global.sambaconf") or die "Couldn't find your samba config! \n";
+my $smbcfg = new Config::Simple( filename => $sambaconf, syntax => "ini" );
+my $smbprof = $smbcfg->param("profiles.path");
+my $smbnetlogdir = $smbcfg->param("netlogon.path");
+my $logging = lc( $cfg->param("global.logging") );
+my $mkprofile = lc( $cfg->param("global.mkprofile") );
+my $logdir = $cfg->param("global.logdir");
+my $logfile = $cfg->param("global.logfile");
+my $logs = "$logdir\/$logfile";
+my $logtype = $cfg->param("global.logtype");
+my $usermap = "usermap.$user";
+my $osmap = "os.$os";
+my @ostype = $cfg->param($osmap);
+my @username = $cfg->param($usermap);
+my $compname = $cfg->param( -block => "machines" );
+my $ipname = $cfg->param( -block => "ip" );
+my $timesync = $cfg->param("global.timesync");
+my $altserver = $cfg->param("global.servername");
+if ( defined($altserver) ) { $server = $altserver; }
+$server = uc($server);
+# Lets start logging stuff if it is turned on in the config
+if ( $logging =~ m/on|yes|1/i ) {
+ if ($logtype =~ m/file/i) {
+ print "----- Logging is turned on in the config. -----\n";
+ print "----- Location of the logfile is \"$logs\" -----\n";
+ open LOG, ">>$logs";
+ printf LOG "Date: $smbdate Time: ";
+ printf LOG '%02d', $hour;
+ print LOG ":";
+ printf LOG '%02d', $min;
+ print LOG ".";
+ printf LOG '%02d', $sec;
+ print LOG " -- User: $user - Machine: $machine - IP: $ip -- \n";
+ close(LOG);
+ } elsif ($logtype =~ m/syslog|system/i){
+ use Sys::Syslog;
+ my $alert = "User: $user Logged into $machine ($ip) at $hour:$min.$sec on $smbdate.";
+ openlog($0, 'cons', 'user');
+ syslog('alert', $alert);
+ closelog();
+ }
+} else {
+ print "----- Logging is turned off in the config. -----\n";
+# If the user wants to make profiles with this script lets go
+if ( defined($smbprof) ) {
+ if ( $mkprofile =~ m/on|yes|1/i ) {
+ print "----- Automatic making of user profiles is turned on in the config. ----- \n";
+ ( my $login, my $pass, my $uid, my $gid ) = getpwnam($user)
+ or die "$user not in passwd file \n";
+ $smbprof =~ s/\%U/$user/g;
+ my $dir2 = "$smbprof\/$user";
+ print "$smbprof \n";
+ print "$dir2 \n";
+ if ( !-e $dir2 ) {
+ print "Creating " . $user . "'s profile with a uid of $uid\n";
+ mkdir $smbprof;
+ mkdir $dir2;
+ chomp($user);
+# chown $uid, $gid, $smbprof;
+ chown $uid, $gid, $dir2;
+ } else {
+ print $user . "'s profile already exists \n";
+ }
+ } else {
+ print "----- Automatic making of user profiles is turned off in the config. ----- \n";
+ }
+# Lets start making the batch files.
+open LOGON, ">$smbnetlogdir\/$user.bat" or die "Unable to create userfile $smbnetlogdir\/$user.bat";
+print LOGON "\@ECHO OFF \r\n";
+if ( $timesync =~ m/on|yes|1/i ) {
+ print LOGON "NET TIME /SET /YES \\\\$server \r\n";
+} else {
+ print "----- Time syncing to the client is turned off in the config. -----\n";
+# Mapping from the common section
+my $common = $cfg->param( -block => "common" );
+for my $key ( keys %$common ) {
+ drive_map( @{ $common->{$key} } );
+my @perform_common = $cfg->param("performcommands.common");
+if ( defined( $perform_common[0] ) ) {
+ foreach (@perform_common) {
+ print LOGON "$_ \r\n";
+ }
+# Map shares on a per user basis.
+# Map shares based on the Operating System.
+# Map shares only if they are in a group
+# This line checks against the unix "groups" command, to see the secondary groups of a user.
+my @usergroups = split( /\s/, do { open my $groups, "-|", groups => $user; <$groups> } );
+foreach (@usergroups) {
+ my $groupmap = "groupmap.$_";
+ my @groupname = $cfg->param($groupmap);
+ drive_map(@groupname);
+#Here is where we check the machine name against the config...
+for my $key ( keys %$compname ) {
+ my $test = $compname->{$key};
+ if ( ref $test eq 'ARRAY' ) {
+ foreach (@$test) {
+ if ( $_ eq $machine ) {
+ my $performit = $cfg->param("performcommands.$key");
+ if ( defined($performit) ) {
+ if ( ref $performit ) {
+ foreach (@$performit) { print LOGON "$_ \r\n"; }
+ } else {
+ print LOGON "$performit \r\n";
+ }
+ }
+ }
+ }
+ }
+ elsif ( $test eq $machine ) {
+ my $performit = $cfg->param("performcommands.$key");
+ if ( defined($performit) ) {
+ if ( ref $performit ) {
+ foreach (@$performit) { print LOGON "$_ \r\n"; }
+ } else {
+ print LOGON "$performit \r\n";
+ }
+ }
+ }
+# Here is where we test the ip address against the client to see if they have "Special Mapping"
+# A huge portion of the ip matching code was made by
+# Carsten Schaub (rcsu in the #samba chan on
+my $val;
+for my $key ( sort keys %$ipname ) {
+ if ( ref $ipname->{$key} eq 'ARRAY' ) {
+ foreach ( @{ $ipname->{$key} } ) {
+ getipval( $_, $key );
+ }
+ } else {
+ getipval( $ipname->{$key}, $key );
+ }
+sub getipval {
+ my ( $range, $rangename ) = @_;
+ if ( parse( $ip, ipmap($range) ) ) {
+ if ( $val eq 'true' ) {
+ my $performit = $cfg->param("performcommands.$rangename");
+ if ( defined($performit) ) {
+ if ( ref $performit ) {
+ foreach (@$performit) { print LOGON "$_ \r\n"; }
+ } else {
+ print LOGON "$performit \r\n";
+ }
+ }
+ } elsif ( $val eq 'false' ) {
+ }
+ } else {
+ }
+sub ipmap {
+ my $pattern = shift;
+ my ( $iprange, $iprange2, $ipmask );
+ if ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d{1,2})$/ ) {
+ # notation
+ $iprange = pack( "U4", $1, $2, $3, $4 );
+ $ipmask = pack( "U4", 0, 0, 0, 0 );
+ my $numbits = $5;
+ for ( my $i = 0 ; $i < $numbits ; $i++ ) {
+ vec( $ipmask, int( $i / 8 ) * 8 + ( 8 - ( $i % 8 ) ) - 1, 1 ) = 1;
+ }
+ $iprange &= "$ipmask";
+ } elsif ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/ ) {
+ # notation
+ $iprange = pack( "U4", $1, $2, $3, $4 );
+ $ipmask = pack( "U4", $5, $6, $7, $8 );
+ $iprange &= "$ipmask";
+ } elsif ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ ) {
+ # notation
+ $iprange = pack( "U4", $1, $2, $3, $4 );
+ $ipmask = pack( "U4", 255, 255, 255, 255 );
+ } elsif ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\s*\-\s*(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ ) {
+ # - notation
+ $iprange = pack( "U4", $1, $2, $3, $4 );
+ $iprange2 = pack( "U4", $5, $6, $7, $8 );
+ $ipmask = pack( "U4", 255, 255, 255, 255 );
+ } else {
+ return;
+ }
+ return $iprange, $ipmask, $iprange2;
+sub parse {
+ my ( $origip, $ipbase, $ipmask, $iprange2 ) = @_;
+ $origip =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/;
+ $origip = pack( "U4", $1, $2, $3, $4 );
+ if ( defined($iprange2) ) {
+ if ( $ipbase le $origip && $origip le $iprange2 ) {
+ return $val = 'true';
+ } else {
+ return $val = 'false';
+ }
+ } elsif ( ( "$origip" & "$ipmask" ) eq $ipbase ) {
+ return $val = 'true';
+ } else {
+ return $val = 'false';
+ }
+# This sub will distinguish the drive mappings
+sub drive_map {
+ my @data = @_;
+ for ( my $i = 0 ; $i < scalar(@data) ; ) {
+ if ( $data[$i] =~ m/^[a-z]\:$/i ) {
+ my $driveletter = $data[$i];
+ $i++;
+ my $sharename = $data[$i];
+ $i++;
+ if ( $sharename eq '/home' ) {
+ print LOGON uc("NET USE $driveletter \\\\$server\\$user \/Y \r\n");
+ } else {
+ print LOGON
+ uc("NET USE $driveletter \\\\$server\\$sharename \/Y \r\n");
+ }
+ } else {
+ print LOGON uc("$data[$i] \r\n");
+ $i++;
+ }
+ }
+sub error {
+ my $var = shift(@_);
+ help();
+ print "\n\tCritical!!! \n\n\tNo $var specified\n\n\tYou must specify a $var.\n\n";
+ exit(0);
+sub help {
+ print << "EOF" ;
+ Usage: $0 [options]
+ Options:
+ -h,--help This help screen.
+ -u,--username The name of the user from the samba server.
+ -m,--machinename The name of the client connecting to the server.
+ -s,--server The name of the server this script is running in.
+ -o,--os The clients OS -- Windows 95/98/ME (Win95), Windows NT (WinNT),
+ Windows 2000 (Win2K), Windows XP (WinXP), and Windows 2003
+ (Win2K3). Anything else will be known as ``UNKNOWN''
+ That snippet is directly from man smb.conf.
+ -i,--ip The clients IP address.
+ -d,--date Time and Date returned from the samba server.
+ All options MUST be specified.
+ The mklogon.conf file MUST be located in /etc, /etc/samba, or
+ /usr/local/samba/lib.
+ To use this file from the command line:
+ $0 -u User -m machine -s servername -o ostype -i X.X.X.X -d MM/DD/YY
+ To use this file from the samba server add these lines to your /etc/samba/smb.conf:
+ This line goes in the [global] section
+ login script = %U.bat
+ This line should be at the end of the [netlogon] section.
+ root preexec = /path/to/ -u %U -m %m -s %L -o %a -i %I -d %t
+ print "\n\n";
+This programme is released under the terms of the GNU Public License
+This programme has NO WARRANTY of any kind, use at your own risk.
+included patch that made machine name %m a macro substitution value.
+Thanks to: Nick Lopez <>
+added the ability to define substitution macros: see the useage section
+removed the large docstring from the file and moved the information to
+the USEAGE section of this file
+cleaned up the code and made more flexible
+improved the code comments
+added a -v --version switch
+added a --pause switch which will put a pause statement between each
+non-blank line of the script.
+When I originally posted v0.5 on Freshmeat, I really expected *some*
+feedback. To date this little script has been downloaded over 700 times, but
+absolutely nobody has sent me an e-mail to tell me if it is useful, or if
+it is absolutely the stupidest waste of bandwidth they have ever seen.
+I'd really love to know if even one person other than me and the other techs
+here at Avalon have found it useful.
+ rhacer (
+September 27, 2000
+Thanks to those that did respond to my plea! I'd still love to hear from
+any other users!
+As my experience with Linux and Samba increased, I had no trouble whipping up
+a custom Perl, Python or Bash script to create Samba Logon Scripts, but I
+noticed that I changed things from place to place, and that my users had *no*
+chance of ever figuring out how to modify those scripts themselves.
+In an attempt to create a company wide standard that both my co-workers and my
+customers could *easily* modify I hit upon the scheme I used here.
+I settled on an INI file feel, because most who have experience with Win boxes
+have some concept of INI files.
+The distribution archive contains three files:
+README This file The actual Python script (place in /usr/local/samba/bin)
+ntlogon.conf A sample configuration file (place in /etc)
+This script was created using Python v1.5.2, and I believe it uses only
+standard libraries.
+Your smb.conf file needs to contain a netlogon section similar to the
+following (These settings *are not* normal on a RH box. These settings
+are all based on the excellent book that I learned Samba from: Samba
+Integrating Unix and Windows by John D. Blair. It is somewhat out of
+date now, but that's the history of the strange file locations):
+ path = /usr/local/samba/netlogon
+ writeable = no
+ guest ok = no
+ root preexec = /usr/local/samba/bin/ntlogon --user=%U --os=%m
+ root postexec = rm /usr/local/samba/netlogon/%U.bat
+This programme will build a Windows NT logon script for users connecting
+to a Samba server. Samba macros that are curently understood:
+ %U user name
+ %G group name
+ %a machine architecture
+ %m machine netbios name
+This programme reads a configuration that looks strikingly similar to both
+the Samba configuration file, and a DOS "boot menu" AUTOEXEC.BAT file.
+The default file name is /etc/ntlogon.conf (though I really think it ought
+to be called ntlogon.batch!) You may change the filename by using the -f
+or --templatefile startup option.
+The default netlogon directory is /usr/local/samba/netlogon though this
+can be changed with the -d or --dir startup option.
+The default batch file name generated is username.bat if no username is
+specified the default value is logon.bat (e.g., if --user=fred is specified
+on the command line then the logon script generated will be stored in
+Use the --debug option to print the logon script to screen instead of the
+output file
+Use the --pause option to place a pause statement between each line of the
+script to assist in debugging a logon script.
+The file is divided into sections that have headers in square brackets
+The file may also contain user defined substitution macros. They are
+defined by placing the macro name on the left side of an equal sign,
+and the substitution text on the right side of the equal sign. They
+are also case sensitive:
+SERVERNAME = myservername
+They are referenced by prepending a "%" sign to the variable name:
+NET USE %MAINDRIVE \\\\servername\\mainshare /YES
+Nick Lopez <> for the net bios name patch.
+Author : Timothy (rhacer) Grant
+I can be reached at
+ntlogon website
+Please feel free to contact me with any suggestions, improvements, bugs you
+might find.
+# Everything in the Global section applies to all users logging on to the
+# network
+#Some substitution macro definitions
+SERVERNAME = myservername
+@ECHO "Welcome to our network!!!"
+NET TIME \\servername /SET /YES
+# Map the private user area in the global section so we don't have to
+# create individual user entries for each user!
+NET USE %USERDRIVE \\servername\%U /YES
+# Group entries, User entries and OS entries each start with the
+# keyword followed by a dash followed by--appropriately enough the Group
+# name, the User name, or the OS name.
+@ECHO "Welcome administrators!"
+NET USE G: \\servername\adminshare1 /YES
+NET USE I: \\servername\adminshare2 /YES
+@ECHO "Be grateful we let you use computers!"
+NET USE G: \\servername\peonshare1 /YES
+@ECHO "What can I do for you today great one?"
+NET USE G: \\servername\hackershare1 /YES
+NET USE I: \\servername\adminshare2 /YES
+@ECHO "Hello there Fred!"
+NET USE F: \\servername\fredsspecialshare /YES
+@ECHO "Time to upgrade isn't it?"
+# End configuration file
+X = Will this break?
+#!/usr/bin/env python
+""" written by Timothy (rhacer) Grant
+Copyright 1999 - 2002 by Timothy Grant
+is distributed under the terms of the GNU Public License.
+The format for the configuration file is as follows:
+While there is some room for confusion, we attempt to process things in
+order of specificity: Global first, Group second, User third, OS Type
+forth. This order can be debated forever, but it seems to make the most
+# Everything in the Global section applies to all users logging on to the
+# network
+@ECHO "Welcome to our network!!!"
+NET TIME \\\\servername /SET /YES
+NET USE F: \\\\servername\\globalshare /YES
+# Map the private user area in the global section so we don't have to
+# create individual user entries for each user!
+NET USE U: \\\\servername\\%U /YES
+# Group entries, User entries and OS entries each start with the
+# keyword followed by a dash followed by--appropriately enough the Group
+# name, the User name, or the OS name.
+@ECHO "Welcome administrators!"
+NET USE G: \\\\servername\\adminshare1 /YES
+NET USE I: \\\\servername\\adminshare2 /YES
+@ECHO "Be grateful we let you use computers!"
+NET USE G: \\\\servername\\peonshare1 /YES
+@ECHO "What can I do for you today great one?"
+NET USE G: \\\\servername\\hackershare1 /YES
+NET USE I: \\\\servername\\adminshare2 /YES
+@ECHO "Hello there Fred!"
+NET USE F: \\\\servername\\fredsspecialshare /YES
+@ECHO "Time to upgrade it?"
+# End configuration file
+usage: ntlogon [-g | --group=groupname]
+ [-u | --user=username]
+ [-o | --os=osname]
+ [-m | --machine=netbiosname]
+ [-f | --templatefile=filename]
+ [-d | --dir=netlogon directory]
+ [-v | --version]
+ [-h | --help]
+ [--pause]
+ [--debug]
+#" This quote mark is an artifact of the inability of my editor to
+# correctly colour code anything after the triple-quoted docstring.
+# if your editor does not have this flaw, feel free to remove it.
+import sys
+import getopt
+import re
+import string
+import os
+version = " v0.8"
+def buildScript(buf, sections, group, user, ostype, machine, debug, pause):
+ """
+ buildScript() Takes the contents of the template file and builds
+ a DOS batch file to be executed as an NT logon script. It does this
+ by determining which sections of the configuration file should be included
+ and creating a list object that contains each line contained in each
+ included section. The list object is then returned to the calling
+ routine.
+ All comments (#) are removed. A REM is inserted to show
+ which section of the configuration file each line comes from.
+ We leave blanklines as they are sometimes useful for debugging
+ We also replace all of the Samba macros (e.g., %U, %G, %a, %m) with their
+ expanded versions which have been passed to us by smbd
+ """
+ hdrstring = ''
+ script = []
+ #
+ # These are the Samba macros that we currently know about.
+ # any user defined macros will also be added to this dictionary.
+ # We do not store the % sign as part of the macro name.
+ # The replace routine will prepend the % sign to all possible
+ # replacements.
+ #
+ macros = {
+ 'U': user,
+ 'G': group,
+ 'a': ostype,
+ 'm': machine
+ }
+ #
+ # Process each section defined in the list sections
+ #
+ for s in sections:
+ # print 'searching for: ' + s
+ idx = 0
+ while idx < len(buf):
+ ln = buf[idx]
+ #
+ # We need to set up a regex for each possible section we
+ # know about. This is slightly complicated due to the fact
+ # that section headers contain user defined text.
+ #
+ if s == 'Global':
+ hdrstring = '\[ *' + s + ' *\]'
+ elif s == 'Group':
+ hdrstring = '\[ *' + s + ' *- *' + group + ' *\]'
+ elif s == 'User':
+ hdrstring = '\[ *' + s + ' *- *' + user + ' *\]'
+ elif s == 'OS':
+ hdrstring = '\[ *' + s + ' *- *' + ostype + ' *\]'
+ elif s == 'Machine':
+ hdrstring = '\[ *' + s + ' *- *' + machine + ' *\]'
+ #
+ # See if we have found a section header
+ #
+ if'(?i)' + hdrstring, ln):
+ idx = idx + 1 # increment the counter to move to the next
+ # line.
+ x = re.match(r'([^#\r\n]*)', ln) # Determine the section
+ # name and strip out CR/LF
+ # and comment information
+ if debug:
+ print 'rem ' + + ' commands'
+ else:
+ # create the rem at the beginning of each section of the
+ # logon script.
+ script.append('rem ' + + ' commands')
+ #
+ # process each line until we have found another section
+ # header
+ #
+ while not'.*\[.*\].*', buf[idx]):
+ #
+ # strip comments and line endings
+ #
+ x = re.match(r'([^#\r\n]*)', buf[idx])
+ if string.strip( != '' :
+ # if there is still content after stripping comments and
+ # line endings then this is a line to process
+ line =
+ #
+ # Check to see if this is a macro definition line
+ #
+ vardef = re.match(r'(.*)=(.*)', line)
+ if vardef:
+ varname = string.strip( # Strip leading and
+ varsub = string.strip( # and trailing spaces
+ if varname == '':
+ print "Error: No substition name specified line: %d" % idx
+ sys.exit(1)
+ if varsub == '':
+ print "Error: No substitution text provided line: %d" % idx
+ sys.exit(1)
+ if macros.has_key(varname):
+ print "Warning: macro %s redefined line: %d" % (varname, idx)
+ macros[varname] = varsub
+ idx = idx + 1
+ continue
+ #
+ # Replace all the macros that we currently
+ # know about.
+ #
+ # Iterate over the dictionary that contains all known
+ # macro substitutions.
+ #
+ # We test for a macro name by prepending % to each dictionary
+ # key.
+ #
+ for varname in macros.keys():
+ line = re.sub(r'%' + varname + r'(\W)',
+ macros[varname] + r'\1', line)
+ if debug:
+ print line
+ if pause:
+ print 'pause'
+ else:
+ script.append(line)
+ idx = idx + 1
+ if idx == len(buf):
+ break # if we have reached the end of the file
+ # stop processing.
+ idx = idx + 1 # increment the line counter
+ if debug:
+ print ''
+ else:
+ script.append('')
+ return script
+# End buildScript()
+def run():
+ """
+ run() everything starts here. The main routine reads the command line
+ arguments, opens and reads the configuration file.
+ """
+ configfile = '/etc/ntlogon.conf' # Default configuration file
+ group = '' # Default group
+ user = '' # Default user
+ ostype = '' # Default os
+ machine = '' # Default machine type
+ outfile = 'logon.bat' # Default batch file name
+ # this file name WILL take on the form
+ # username.bat if a username is specified
+ debug = 0 # Default debugging mode
+ pause = 0 # Default pause mode
+ outdir = '/usr/local/samba/netlogon/' # Default netlogon directory
+ sections = ['Global', 'Machine', 'OS', 'Group', 'User'] # Currently supported
+ # configuration file
+ # sections
+ options, args = getopt.getopt(sys.argv[1:], 'd:f:g:ho:u:m:v',
+ ['templatefile=',
+ 'group=',
+ 'help',
+ 'os=',
+ 'user=',
+ 'machine=',
+ 'dir=',
+ 'version',
+ 'pause',
+ 'debug'])
+ #
+ # Process the command line arguments
+ #
+ for i in options:
+ # template file to process
+ if (i[0] == '-f') or (i[0] == '--templatefile'):
+ configfile = i[1]
+ # print 'configfile = ' + configfile
+ # define the group to be used
+ elif (i[0] == '-g') or (i[0] == '--group'):
+ group = i[1]
+ # print 'group = ' + group
+ # define the os type
+ elif (i[0] == '-o') or (i[0] == '--os'):
+ ostype = i[1]
+ # print 'os = ' + os
+ # define the user
+ elif (i[0] == '-u') or (i[0] == '--user'):
+ user = i[1]
+ outfile = user + '.bat' # Setup the output file name
+ # print 'user = ' + user
+ # define the machine
+ elif (i[0] == '-m') or (i[0] == '--machine'):
+ machine = i[1]
+ # define the netlogon directory
+ elif (i[0] == '-d') or (i[0] == '--dir'):
+ outdir = i[1]
+ # print 'outdir = ' + outdir
+ # if we are asked to turn on debug info, do so.
+ elif (i[0] == '--debug'):
+ debug = 1
+ # print 'debug = ' + debug
+ # if we are asked to turn on the automatic pause functionality, do so
+ elif (i[0] == '--pause'):
+ pause = 1
+ # print 'pause = ' + pause
+ # if we are asked for the version number, print it.
+ elif (i[0] == '-v') or (i[0] == '--version'):
+ print version
+ sys.exit(0)
+ # if we are asked for help print the docstring.
+ elif (i[0] == '-h') or (i[0] == '--help'):
+ print __doc__
+ sys.exit(0)
+ #
+ # open the configuration file
+ #
+ try:
+ iFile = open(configfile, 'r')
+ except IOError:
+ print 'Unable to open configuration file: ' + configfile
+ sys.exit(1)
+ #
+ # open the output file
+ #
+ if not debug:
+ try:
+ oFile = open(outdir + outfile, 'w')
+ except IOError:
+ print 'Unable to open logon script file: ' + outdir + outfile
+ sys.exit(1)
+ buf = iFile.readlines() # read in the entire configuration file
+ #
+ # call the script building routine
+ #
+ script = buildScript(buf, sections, group, user, ostype, machine, debug, pause)
+ #
+ # write out the script file
+ #
+ if not debug:
+ for ln in script:
+ oFile.write(ln + '\r\n')
+ if pause:
+ if string.strip(ln) != '': # Because whitespace
+ oFile.write('pause' + '\r\n') # is a useful tool, we
+ # don't put pauses after
+ # an empty line.
+# End run()
+# immediate-mode commands, for drag-and-drop or execfile() execution
+if __name__ == '__main__':
+ run()
+ print "Module imported."
+ print "To run, type:"
+ print "To reload after changes to the source, type: reload(ntlogon)"
+# End