| bdirkx |
| (Fresh Scripter) |
| 2009-07-13 12:13 PM |
|
Loginscript whit ini file
|
Dear forum members.
I'm working in a very big enverment and now i want to make a kix script whit variable for reading a ini file for drive mappings. The drive mapping ar varaible whit groupmambership in AD.
I have made a script but it dosn't work. Can any body help me whit my problem.
Iám not a verry good scripter but i used a tool for making my script.
Here is a sample of my script.
Drivemapping.kix
Code:
;=============================================================== Call "MyFunctions.kix" $aryGroups = GroupArray() $strIniFile = "c:\kixwork\mappings.ini" For Each $ae in $aryGroups GroupMap($strIniFile,$ae) Next ;=============================================================== Myfunction.kix ;=============================================================== Function GroupArray() ;=============================================================== Dim $i Dim $strGrpLst Dim $gName $i = 0 $strGrpLst = "" Do $gName = EnumGroup($i) $i = $i + 1 If Len($gName) > 0 If Len($strGrpLst) > 0 $strGrpLst = $strGrpLst + "," EndIf $strGrpLst = $strGrpLst + $gName EndIf Until Len($gName) = 0 $ary = Split($strGrpLst,",",-1) ;? "Before return array size is:" + Ubound($ary) $GroupArray = $ary EndFunction ;=============================================================== ;=============================================================== Function GroupMap($inFile,$inSec) ;=============================================================== Dim $tmpDrv $Sec = ReadProfileString($inFile,$inSec,"") $aMaps = Split($Sec,Chr(10),-1) For Each $a in $aMaps $tmpDrv = ReadProfileString($inFile,$inSec,$a) $aParms = Split($tmpDrv,",") $act = UBound($aParms) Use $aParms[0] + ":" $aParms[1] Next $GroupMap = 1 EndFunction ;===============================================================
Mapping.ini
Quote:
;===============================================================
;====================================
; Bebouw
;=Start==============================
[GS_bebouw_acad]
MapDrive1=F,\\dc-073\netapps$
MapDrive2=g,\\dc-073\usr$\%username%
MapDrive3=N,\\dc-073\acad$
MapDrive4=O,\\dc-073\acad direct$
;=End================================
;====================================
; IBB Kondor
;=Start==============================
[GS_IBB KONDOR_ACAD]
MapDrive1=F,\\dc-034\netapps$
MapDrive2=g,\\dc-034\usr$\%username%
MapDrive3=M,\\dc-034\acad$
MapDrive4=O,\\dc-034\acad direct$
;=End================================
I hope somebody can help me whit my problem.
Greetings
Bart Dirkx
| Mart |
| (KiX Supporter) |
| 2009-07-13 01:20 PM |
|
|
Re: Loginscript whit ini file
|
Hi Bart,
Welcome to the board.
First:
Please use the code tags when posting code (the # button when creating a post). This time I added them for you.
Second:
Below is a small example of a logon script that enumerates all groups belongs to and then mapps drive based on data in the ini file.
Third:
Be careful with hidden shares because kix might interpret the dollar sign as a variable. You can fix this with Setoption("NoVarsInStrings", "On") at the top of the script our you can double the dollar signs.
Script:
Code:
;Enumerate all group for the current user.
$goups = arrayenumgroup()
;Start the magic for each group.
For Each $group in $groups
;Read the number of drives to be mapped for each group.
$drives = ReadProfileString("c:\kixwork\mappings.ini", $goup, "NumberOfDrives")
;Map each drive.
For $i = 1 to $drives
;Read drive data from ini file.
$drive = ReadProfileString("c:\kixwork\mappings.ini", $goup, "MapDrive" + $i)
$drive = Split($drive, ",")
Use $drive[0] + ': "' + $drive[1] + '"'
Next
Next
;DO NOT MODIFY ANYTHING BELOW THIS LINE.
;IT IS A UDF AND IT COMES READY FOR USE.
;NAME ARRAYENUMGROUP
;
;AUTHOR Jens Meyer (sealeopard@usa.net)
;
;ACTION Creates an array of groups of which the current user is a member
;
;SYNTAX ARRAYENUMGROUP()
;
;PARAMETERS none
;
;RETURNS Array containing the group names
;
;REMARKS none
;
;DEPENDENCIES none
;
;EXAMPLE $retcode=arrayenumgroup()
;
Function arrayenumgroup()
Dim $retcode, $valuecounter, $currentvalue, $valuearray
$valuecounter=0
Do
$currentvalue=EnumGroup($valuecounter)
If $currentvalue<>259 And @ERROR=0
ReDim preserve $valuearray[$valuecounter]
$valuearray[$valuecounter]=$currentvalue
$valuecounter=$valuecounter+1
EndIf
Until $currentvalue=259 Or @ERROR
$arrayenumgroup=$valuearray
EndFunction
Ini file:
Quote:
[GS_bebouw_acad]
NumberOfDrives=4
MapDrive1=F,\\dc-073\netapps$
MapDrive2=g,\\dc-073\usr$\%username%
MapDrive3=N,\\dc-073\acad$
MapDrive4=O,\\dc-073\acad direct$
| bdirkx |
| (Fresh Scripter) |
| 2009-07-13 01:38 PM |
|
|
|
Re: Loginscript whit ini file
|
Thanks for jour help Mart
If a read the script of you i understand that this is a hole new script and i don't need my own script any more is this correct or must i past jour scriptin my own.
I have test this script but it is hanging in my dos screen.
Is this normale or must i put a exit on the end of this script to close the dos screen.
Glenn Barnas
|
| (KiX Supporter) |
| 2009-07-13 02:50 PM |
|
|
Re: Loginscript whit ini file
|
Welcome to KORG!
You can download a fully functional Kix-based login script from my web site. No coding needed - it has been used in large enterprise environments with many sites and thousands of users. In one large (3000 users across 250+ sites) the script performs 35 action decisions, maps the resulting drives and printers, displays an optional message, and runs two external commands in just 9 to 20 seconds (depending on the remote site link speed). The core code has been in use for well over a decade at over 100 sites around the world.
It uses an INI file for configuration, allows per-site and per-user config files, and supports mapping by group(s), OU, subnets. Group and OU processing can be "member of" or "not member of" one or more groups, including combinations (must be member of "Site1" group and not a member of "sales" group). It can also use a lookup table to modify the resource path (server name, share name, path, or any combination) based on userID, OU, Group, or Subnet.
The script is free, with full documentation and two free email support incidents. We do provide commercial, fee-based support for implementation, customization, and additional support.
For a no-code enterprise quality solution that you can have operational in just a few hours, give it a look. Select the Products page, go to the Admin Toolchest and click the Login Scripts link.
Glenn
| Mart |
| (KiX Supporter) |
| 2009-07-13 03:50 PM |
|
|
|
Re: Loginscript whit ini file
|
Originally Posted By: bdirkx
....
If a read the script of you i understand that this is a hole new script and i don't need my own script any more is this correct or must i past jour scriptin my own.
....
Yes it is a whole new script and it can replace your script.
Originally Posted By: bdirkx
....
I have test this script but it is hanging in my dos screen.
Is this normale or must i put a exit on the end of this script to close the dos screen.
The command window should close when the script is done.
It might hang on groups that that the user is a member of but are not in the ini file. A check to see if $numberofdrives holds any data before trying to map drives would be best. Something like:
Code:
For Each $groups in $groups
$drives = ReadProfileString("c:\kixwork\mappings.ini", $goup, "NumberOfDrives")
If $drives <> ""
;do all the magic here
Else
;no drives to map for this groups so move on the the next group.
EndIf
Next
As Glenn said he has a fully working version on his website that you might want to give a go. Sure, making something from scratch is a way to learn it but if someone has it done already it's also worth a shot.
| Benny69 |
| (MM club member) |
| 2009-07-13 03:54 PM |
|
|
Re: Loginscript whit ini file
|
Mart, that Mod Flag next to your name sure looks nice,
| bdirkx |
| (Fresh Scripter) |
| 2009-07-13 04:10 PM |
|
|
|
Re: Loginscript whit ini file
|
Thanks for the help.
I will take a look at your script mart and i will take a look at the script of Glenn.
Thanks so far guy i will report my conclusion.
Greetings
Bart
| Mart |
| (KiX Supporter) |
| 2009-07-13 04:34 PM |
|
|
|
Re: Loginscript whit ini file
|
Originally Posted By: Benny69
Mart, that Mod Flag next to your name sure looks nice,
LOL
|
Jochen
|
| (KiX Supporter) |
| 2009-07-13 04:40 PM |
|
|
Re: Loginscript whit ini file
|
It shure looks nice!
Now you should ask for the custom title
| Mart |
| (KiX Supporter) |
| 2009-07-13 04:46 PM |
|
|
|
Re: Loginscript whit ini file
|
What’s in a name? I don’t really care about titles.
But being a mod I have to tell us that this is going off topic
|
NTDOC
|
| (KiX Master) |
| 2009-07-13 07:46 PM |
|
|
Re: Loginscript whit ini file
|
Yes I would say that most of Glenn's scripts are excellent but also a bit daunting for a new coder that isn't even familiar with all the commands and functions of KiXtart. Definitely worth looking at though as it is well documented and a good source of further learning KiXtart.
oh... and I've fixed your Title Mart
|
Glenn Barnas
|
| (KiX Supporter) |
| 2009-07-13 07:58 PM |
|
|
|
Re: Loginscript whit ini file
|
No more "daunts"!!!
Since we began providing commercial support last year, the login script is now delivered in tokenized format. It's plug & play!
The user manual is a 27-page PDF file with detailed explainations and many examples. Of course, we do have hooks for user-defined code for the message screen, authorization logic, and custom language messages. By default it currently supports 5 languages. The next revision will actually adapt the language of the messages based on the current user's internationalization setting.
Glenn
|
NTDOC
|
| (KiX Master) |
| 2009-07-14 02:59 AM |
|
|
|
Re: Loginscript whit ini file
|
Oh well, there goes that idea of learning from it. But I can assure you that Glenn does create some excellent code.
| bdirkx |
| (Fresh Scripter) |
| 2009-07-16 10:19 AM |
|
|
|
Re: Loginscript whit ini file
|
Glenn
It's a great script and it's working.
But i still got some issues that won't work.
Can i post here a exsampele of my custom ini file or must i mail it to you.
Greetings
Bart Dirkx
| Mart |
| (KiX Supporter) |
| 2009-07-16 10:33 AM |
|
|
|
Re: Loginscript whit ini file
|
Hi Bart,
If you post what you have here then everyone can help you fix the issues or benefit from it later on.
BTW: Nice picture of my home town in your avatar.
| bdirkx |
| (Fresh Scripter) |
| 2009-07-16 02:43 PM |
|
|
|
Re: Loginscript whit ini file
|
Glenn - removed long/duplicate post to maintain thread clarity
| bdirkx |
| (Fresh Scripter) |
| 2009-07-16 02:44 PM |
|
|
|
Re: Loginscript whit ini file
|
Mart
I will put a sample of the ini file on the forum.
Here is the sample of my inin file.
# login.ini file for login processing V2.6.1
#
# Format of resource records is:
#
# [RESOURCE]
# Type of Resource
# CLASS=DISK|PRINT|COMMAND|MESSAGE
#
# Target ID to map share to
# TARGET=drive: | [LPT#:]
#
# Path to shared resource
# PATH=\\server\share[\path]
#
# Description of resource - renames drive map or displays a short message during mapping
# DESC=Description
#
# Process record if admin / if not guest / if guest
# PRIV=Admin|NoGuest|(blank)
#
# Process record only if member of at least one of listed groups
# GROUPS=CSV list of permitted group memberships
#
# Process record only if member of at least one of listed OUs
#
# By default, access is permitted if the user is a member of a defined Group or OU
# Set the logic to AND to require membership of both Group and OU specifications
# LOGIC=AND | OR
#
# Priority if multiple resources match - higher value wins. Used only for Drive and LPT#: mapping
# to resove target conflicts
# PRIORITY=#
#
# Process record only if one of the defined Connection Types
# CONNTYPE=CON ICA RDP
#
# Process if the local computer is a laptop, is not a laptop, or always
# LAPTOP = Y | N | (blank)
#
# Delay the specified number of seconds after displaying a message file
# DELAY=number
#
#
[COMMON]
# A short message to display when there's an error mapping a resource
HDMessage=Neem aub contact op met de helpdesk 088-1861300 als u een fout melding krijgt met inloggen!
# ConnType can be a list of session types - CON, RDP, and ICA - that are allowed to run login scripts
# Define as CON RDP to run only with direct Console and Terminal Service connections, and not Citrix
# Runs on all types if not defined.
ConnType=
# ClearDriveMappings is a boolean value that indicates if all drive mappings should be cleared
# when the login script starts
ClearDriveMappings=y
# IgnoreDriveMappings is a comma-delimited string listing the drive letters that should not be unmapped
# when ClearDriveMappings is true. This permits a set of drive letters that can be used for ad-hoc
# connections that will not be unmapped. Valid only when ClearDriveMappings is true.
# IgnoreDriveMappings=k
# ClearPrinterMappings is a boolean value that indicates if all printer mappings should be cleared
# when the login script starts. This is currently under development and has no effect.
ClearPrinterMappings=n
# ForceVisible is a boolean value that forces the login script to run in a maximized window
ForceVisible=y
# Minimum tune to display the login script window (in seconds)
# Insures that the window is displayed for at least "n" seconds in fast environments
MinimumDisplayTime=6
# FlushTokenCache defines the number of days before the Kixtart domain token cache should be cleared.
# If the value is 0 or not defined, the cache is never cleared. A value of -1 always clears the cache.
# The default value is 7. The actual value should be based on the number of AD changes made within
# a defined time, lowering this number when many changes are made.
FlushTokenCache=7
# OUOffset is a value that defines the field offset of the LDAP string where the user's OU is defined
# For example, if the DN is OU=users,OU=department xx,OU=DepartmentGroup,DC=domain,DC=com - the most specific
# OU field is "department xx", which has an index offset of 1. Most structures that have this format would
# use an offset of 1, if the structure looks like OU=department xx,OU=DepartmentGroup,OU=users... the offset
# would be zero instead.
OUOffset=1
# Version 2.6.0 introduces internationalization of messages. If the languageID is not specified,
# it defaults to 0 (US English). This setting only affects user messages and not debug messages.
# If LanguageID=-1 (negative one), then the language definitions in UserLang.kix will be loaded
# if present. If the file is not present, English will be used. You can also use the standard
# rewrite / lookup processing - &SITE:table&, &OU:table&, or &SUBNET:table& - to define languages
# by AD Site, OU, or network subnet. Failed or invalid lookups default to English.
LanguageID=0
# RunSilent will suppress all output when set to True (Y/N) - default is Display Messages (N)
# Even if RunSilent is true, MESSAGE class resources will display, and resource processing
# errors will cause an error message to display. RunSilent will also turn off the ForceVisible
# setting, but will not force the window to be minimized
RunSilent=N
# Allowed / Denied domains - comma-delimited lists of AD domain names that are allowed or denied
# This is useful in trusted domain situations where a user logs into a computer with trusted
# credentials. The computer does not have access to the user's home domain resources, so mapping
# of those resources should not be done. A list of allowed or denied domains can be defined, but
# only one or the other really makes sense - both are provided to permit using the shortest list.
AllowedDomains=DM001
DeniedDomains=ThatTrustedDomain
DEBUG=Y
########################################
# #
# resource mapping definitions follow #
# #
########################################
# [RESOURCE_ID]
# CLASS=DISK | PRINT | MESSAGE | COMMAND
# TARGET=drive letter | printer id (LPT#:)
# PATH=UNC path to resource | HOME
# DESC=description
# PRIV=Admin | Guest | NoGuest
# GROUPS=list of groups permitted to connect
# OUS=list of OUs permitted to connect
# PRIORITY=priority of resource when multiple PATHS are defined for one TARGET
# LAPTOP=Y|N|
# LOGIC=AND|OR Defines the logic used to process both Group and OU access restrictions
[IBB Kondor]
CLASS=DISK
TARGET=F:
PATH=\\dc-034\netapps$
DESC=Netapps
CLASS=DISK
TARGET=G:
PATH=\\dc-034\USR$\%USERNAME%
DESC=USERSHARE AUTOCAD
CLASS=M:
PATH=\\dc-034\acad$
DESC=Autocad
CLASS=O:
PATH=\\DC-034\ACAD DIRECT$
DESC=AUTOCAD SYNCHRONISATIE
PRIV=GUEST
GROUPS=GS_IBB Kondor_ACAD
OUS=
[BEBOUW]
CLASS=DISK
TARGET=F:
PATH=\\dc-073\netapps$
DESC=Netapps
CLASS=DISK
TARGET=G:
PATH=\\dc-073\USR$\%USRENAME%
DESC=USERSHARE AUTOCAD
CLASS=N:
PATH=\\dc-073\acad$
DESC=Autocad
CLASS=O:
PATH=\\DC-073\ACAD DIRECT$
DESC=AUTOCAD SYNCHRONISATIE
PRIV=
GROUPS=GS_BEBOUW_ACAD
OUS=
[Van Agtmaal]
CLASS=DISK
TARGET=F:
PATH=\\dc-075\netapps$
DESC=Netapps
CLASS=DISK
TARGET=G:
PATH=\\dc-075\USR$\%USRENAME%
DESC=USERSHARE AUTOCAD
CLASS=N:
PATH=\\dc-075\acad$
DESC=Autocad
CLASS=O:
PATH=\\DC-075\ACAD DIRECT$
DESC=AUTOCAD SYNCHRONISATIE
PRIV=
GROUPS=GS_Van Agtmaal_ACAD
OUS=
#==========================================================
# MESSAGE OF THE DAY Definitions
# users will see all that they are allowed to, up to the first 10 defined
# MOTD for Admin group members
#[MOTD_ADMINS]
#CLASS=MESSAGE
#PRIV=ADMIN
#PATH=\\server\users\ADMIN.txt
#DESC=Admin Alert
# MOTD for associates group members
#[MOTD_Work]
#CLASS=MESSAGE
#PATH=\\server\users\MOTD.txt
#DESC=Message of the day
#GROUPS=associates
#==========================================================
# PRINT definitions
# CLASS=PRINT
# TARGET=LPT1: - LPT9: for 16b systems, null for 32b systems
# If TARGET is null, the resource will only be mapped on 32b systems
# PATH=\\server\printer_share
# PATH can also be the reserved word "DEFAULT", and the path defined in the LP
# environment variable will be used.
# PRIV=null (anybody) | ADMIN | NOGUEST
# GROUPS=comma-delimited list of groups whose members are allowed to connect to this resource
#
# Systems are prevented from mapping to localy defined printers.
# Lexmark Optra Se 3455 - HP/PCL
#[OPTRA_HP]
#CLASS=PRINT
#PATH=\\printserver\Optra
#GROUPS=+Site0 Users
#SETDEFAULT=Y
# Lexmark Optra Se 3455 - PostScript
#[OPTRA_PS]
#CLASS=PRINT
#PATH=\\printserver\OptraPS
#GROUPS=+Site0 Users
# Printer at site 1
#[Site1_Printer]
#CLASS=PRINT
#PATH=\\s1ps00\printer
#GROUPS=+Site1 Users
#SETDEFAULT=Y
#==========================================================
# COMMAND definitions
# CLASS=COMMAND
# PATH=\path\to\command
# PATH can be a physical path or a UNC
# PRIV=null (anybody) | ADMIN | NOGUEST
# GROUPS=comma-delimited list of groups whose members are allowed to execute this command
When i run the kixtart what's came with the download from glenn.
It will start reading the login.ini script and it stops by the first f: and says the script is done. But i don't see the mapping in net use and don't see the other drive mappings.
Can anybody see the error.
And sorry but the avatar is also my home town.
|
Glenn Barnas
|
| (KiX Supporter) |
| 2009-07-16 05:59 PM |
|
|
|
Re: Loginscript whit ini file
|
Since that config file is proprietary to our script, posting it here likely won't have too much value. I'll look it over and let you know what I find.
Glenn
|
Glenn Barnas
|
| (KiX Supporter) |
| 2009-07-16 06:12 PM |
|
|
|
Re: Loginscript whit ini file
|
Quick look
Code:
[IBB Kondor] CLASS=DISK TARGET=F: PATH=\\dc-034\netapps$ DESC=Netapps CLASS=DISK TARGET=G: PATH=\\dc-034\USR$\%USERNAME% DESC=USERSHARE AUTOCAD CLASS=M: PATH=\\dc-034\acad$ DESC=Autocad CLASS=O: PATH=\\DC-034\ACAD DIRECT$ DESC=AUTOCAD SYNCHRONISATIE PRIV=GUEST GROUPS=GS_IBB Kondor_ACAD OUS=
will not work as defined. You have multiple duplicate values in a single resource definition.
"CLASS=M:" is incorrect. CLASS can only be one of DISK, PRINTER, MESSAGE, or COMMAND. You should change these to CLASS=DISK and TARGET=d: values.
"[IBB Kondor]" represents a single resource definition - it can have only ONE set of CLASS, TARGET, PATH, DESC, and similar attribute values. It seems like you're using it as a grouping of similar resources. If this is what you intend, you should do this instead:
Code:
[IBB Kondor 1] CLASS=DISK TARGET=F: PATH=\\dc-034\netapps$ DESC=Netapps [IBB Kondor 2] CLASS=DISK TARGET=G: PATH=\\dc-034\USR$\%USERNAME% DESC=USERSHARE AUTOCAD [IBB Kondor 3] CLASS=DISK TARGET=M: PATH=\\dc-034\acad$ DESC=Autocad [IBB Kondor 4] CLASS=DISK TARGET=O: PATH=\\DC-034\ACAD DIRECT$ DESC=AUTOCAD SYNCHRONISATIE PRIV=GUEST GROUPS=GS_IBB Kondor_ACAD OUS=
Start by making a copy of the config file and then remove all of the entries and comments except ONE resource record (and the COMMON section) - see if it works. Duplicate the resource record and modify it to create the second record & test. Repeat this until you get comfortable with the format of the config file and add the remaining resources.
Also, I don't believe that %USERNAME% will work - reread the section on Path Rewriting. The format for these should be
PATH=\\dc-034\USR$\&USER&
not
PATH=\\dc-034\USR$\%USERNAME%
Let's fix these issues and see if we can't get things working.
Glenn
|
Glenn Barnas
|
| (KiX Supporter) |
| 2009-07-16 06:40 PM |
|
|
|
Re: Loginscript whit ini file
|
The reason that it stops mapping after F: is that you have only three resource records defined - IBB Kondor, BEBOUW, & Van Agtmaal. The first valid CLASS is "Disk", and the TARGET is F: for each. Thus it sees that there is only one drive (F:) to map.
The logic that does the resource mapping can be exposed by creating a LOGINDEBUG.LOG file in the users %USERPROFILE% folder. Create that file, run the login script, and post the contents of the debug logfile. we will be able to see how the script is (mis)interpreting your config entries.
Also - you will need to distinguish how the script should process the F: drive for different groups of users. I didn't see any OUS= or GROUPS= entries.
Glenn
| Björn |
| (Korg Regular) |
| 2009-07-25 04:41 AM |
|
Re: Loginscript whit ini file
|
I've noticed that you've received a bunch of assistance, still I'd like to inform you of a different approach - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Main=24889&Number=183687#Post183687
This is a somewhat complete way - with ini's and others, with a simple layout.
One thing I did notice - is that I have not uploaded the newest release of this script-repo. Soon to be done tho.
| bdirkx |
| (Fresh Scripter) |
| 2009-07-27 07:44 AM |
|
|
|
Re: Loginscript whit ini file
|
Glenn
Sorry for the late reaction. I had a crash with my pc and i had to reinstall. No i have a geustion where do i make the the logindebug.log on the server or on my local machine and where must i set the file on my local machine under windows xp.
| bdirkx |
| (Fresh Scripter) |
| 2009-07-27 08:05 AM |
|
|
|
Re: Loginscript whit ini file
|
Glenn
Here is a sample of my logindebug.log.
Can you tell me why i dont se my mappings in explorer.
The script give no errors.
Updating cache...
=========================================================
2009/07/27 - 07:56:59
Kixtart: 4.53
Version: 2.6.2a
User: Bart Dirkx
LoginServer: \\DC-138
Domain: DM001
OU String: OU=VW,OU=Administrators,DC=dm001,DC=net,DC=local
OU Offset: 1
User OU: Administrators
Logon Mode: 0
Detected O/S: Windows XP Professional / Version 5.1
Privelege: USER
ScriptDir: C:\KIX
StartDir: C:\KIX
Language: 0
Session Type: Console
Processing IBB Kondor 1
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_IBB_Kondor_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-034\netapps$
Translated: \\dc-034\netapps$
MVLookup: Netapps
Translated: Netapps
Processing IBB Kondor 2
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_IBB_Kondor_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-034\USR$\&USER&
Translated: \\dc-034\USR$\AdminWPBDX
MVLookup: USERSHARE AUTOCAD
Translated: USERSHARE AUTOCAD
Processing IBB Kondor 3
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_IBB_Kondor_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-034\acad$
Translated: \\dc-034\acad$
MVLookup: Autocad
Translated: Autocad
Processing IBB Kondor 4
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_IBB_Kondor_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\DC-034\ACAD DIRECT$
Translated: \\DC-034\ACAD DIRECT$
MVLookup: AUTOCAD SYNCHRONISATIE
Translated: AUTOCAD SYNCHRONISATIE
Processing Bebouw 1
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_Bebouw_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-073\netapps$
Translated: \\dc-073\netapps$
MVLookup: Netapps
Translated: Netapps
Processing Bebouw 2
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_Bebouw_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-073\USR$\&USER&
Translated: \\dc-073\USR$\AdminWPBDX
MVLookup: USERSHARE AUTOCAD
Translated: USERSHARE AUTOCAD
Processing Bebouw 3
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_Bebouw_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-073\acad$
Translated: \\dc-073\acad$
MVLookup: Autocad
Translated: Autocad
Processing Bebouw 4
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_Bebouw_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\DC-073\ACAD DIRECT$
Translated: \\DC-073\ACAD DIRECT$
MVLookup: AUTOCAD SYNCHRONISATIE
Translated: AUTOCAD SYNCHRONISATIE
Processing Van Atmaal 1
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Van Agtmaal_ACAD - ignored.
Processing Van Agtmaal 2
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Van Agtmaal_ACAD - ignored.
Processing Van Agtmaal 3
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Van Agtmaal_ACAD - ignored.
Processing Van Agtmaal 4
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Van Agtmaal_ACAD - ignored.
Processing Wessels Rijssen 1
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Wessels Rijssen_ACAD - ignored.
Processing Wessels Rijssen 2
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Wessels Rijssen_ACAD - ignored.
Processing Wessels Rijssen 3
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Wessels Rijssen_ACAD - ignored.
Processing Wessels Rijssen 4
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Wessels Rijssen_ACAD - ignored.
Processing Wessels Zeist 1
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Wessels_Zeist_ACAD - ignored.
Processing Wessels Zeist 2
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Wessels_Zeist_ACAD - ignored.
Processing Wessels Zeist 3
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Wessels_Zeist_ACAD - ignored.
Processing Wessels Zeist 4
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Wessels_Zeist_ACAD - ignored.
Processing Goosen Almelo 1
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Goossen_Almelo_ACAD - ignored.
Processing Goosen Almelo 2
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Goossen_Almelo_ACAD - ignored.
Processing Goosen Almelo 3
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Goossen_Almelo_ACAD - ignored.
Processing Goosen Almelo 4
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Goossen_Almelo_ACAD - ignored.
Processing active resources:
Disk: F \\dc-073\netapps$
Disk: G \\dc-073\USR$\AdminWPBDX
Disk: M \\dc-034\acad$
Disk: N \\dc-073\acad$
Disk: O \\DC-073\ACAD DIRECT$
|
Glenn Barnas
|
| (KiX Supporter) |
| 2009-07-27 02:30 PM |
|
|
|
Re: Loginscript whit ini file
|
First off -
Code:
DEBUG=Y
Second, the
Code:
AllowedDomains=DM001 DeniedDomains=ThatTrustedDomain
It looks like you fixed your resource records per my earlier email, so lets look at your logindebug file:
Updating cache... Your local ini file was missing or outdated, the cached copy was updated
=========================================================
2009/07/27 - 07:56:59
Kixtart: 4.53
Version: 2.6.2a
User: Bart Dirkx
LoginServer: \\DC-138
Domain: DM001
OU String: OU=VW,OU=Administrators,DC=dm001,DC=net,DC=local
OU Offset: 1
User OU: Administrators
Logon Mode: 0 You manually ran the login script
Detected O/S: Windows XP Professional / Version 5.1
Privelege: USER
ScriptDir: C:\KIX your script & kix32 folder path
StartDir: C:\KIX
Language: 0
Session Type: Console
Since you're running from C:\Kix, make sure that "debug.txt" does not exist in that folder. This will force debug level 2, which will not map any drives.
Processing IBB Kondor 1
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1 result of authoriZation logic
No MANDATORY membership, No INVERSE MEMBERSHIP, No INVERSE ACTION, IN-GROUP is TRUE
Member of allowed group GS_IBB_Kondor_ACAD - continuing.
Logic: AND, Value: 2, Required: 2 Must meet GROUP and OU requirements!
(No OU requirement, so that defaults to OK)
OK to process this resource!
Check for path and description translations - none found!
MVLookup: \\dc-034\netapps$
Translated: \\dc-034\netapps$
MVLookup: Netapps
Translated: Netapps
Processing IBB Kondor 2
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_IBB_Kondor_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource! This indicates that the resource can be mapped
MVLookup: \\dc-034\USR$\&USER&
Translated: \\dc-034\USR$\AdminWPBDX
Note that the above path was translated to the username!
MVLookup: USERSHARE AUTOCAD
Translated: USERSHARE AUTOCAD
Processing IBB Kondor 3
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_IBB_Kondor_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-034\acad$
Translated: \\dc-034\acad$
MVLookup: Autocad
Translated: Autocad
Processing IBB Kondor 4
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_IBB_Kondor_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\DC-034\ACAD DIRECT$
Translated: \\DC-034\ACAD DIRECT$
MVLookup: AUTOCAD SYNCHRONISATIE
Translated: AUTOCAD SYNCHRONISATIE
Four resources from the IBB Kondor group were authorized
Processing Bebouw 1
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_Bebouw_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-073\netapps$
Translated: \\dc-073\netapps$
MVLookup: Netapps
Translated: Netapps
Processing Bebouw 2
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_Bebouw_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-073\USR$\&USER&
Translated: \\dc-073\USR$\AdminWPBDX
MVLookup: USERSHARE AUTOCAD
Translated: USERSHARE AUTOCAD
Processing Bebouw 3
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_Bebouw_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\dc-073\acad$
Translated: \\dc-073\acad$
MVLookup: Autocad
Translated: Autocad
Processing Bebouw 4
Eval: 1, Man: 0, IM: 0, IA: 0, InG: 1
Member of allowed group GS_Bebouw_ACAD - continuing.
Logic: AND, Value: 2, Required: 2
OK to process this resource!
MVLookup: \\DC-073\ACAD DIRECT$
Translated: \\DC-073\ACAD DIRECT$
MVLookup: AUTOCAD SYNCHRONISATIE
Translated: AUTOCAD SYNCHRONISATIE
Four resources from the Van Atmaal group were authorized.
The remaining resources were all declined because you aren't a member of the group that is allowed to access them. I've trimmed all but one of these messages.
Processing Van Atmaal 1
Eval: 0, Man: 0, IM: 0, IA: 0, InG: 0
No match in allowed group GS_Van Agtmaal_ACAD - ignored.
Here is where I see a problem.. You are authorized to map to two different sets of resources. The first set connects to DC-034, and the second set to DC-073. You were authorizd to use 8 different resources, yet only 5 show that they will be mapped. This is because 3 of the 4 have the same target drive letter. You haven't set a PRIORITY value, so the second (last) resource to be authorized will be the one that maps.
This is the list of resources that should be mapped.
Processing active resources:
Disk: F \\dc-073\netapps$
Disk: G \\dc-073\USR$\AdminWPBDX
Disk: M \\dc-034\acad$
Disk: N \\dc-073\acad$
Disk: O \\DC-073\ACAD DIRECT$
Part of the problem here may be due to the fact that you are a member of both groups, which may not be the case for other users. If you have two resource records with the same target (drive letter), obviously only one can be mapped. The resource record can have a PRIORITY value to determine which one to map. Alternatively, you need to use other methods, such as OUS or more complex group definitions (GROUPS=+,autocad,site1 for one, GROUPS=+,Autocad,site2 for the other) to handle the authorization process.
Post your updated login.ini file and a copy of the login messages. Explain how you want the mappings to work and we'll fine-tune your config file. You may need to explain your AD groups or OUs - you can PM that to me instead of publishing them here..
Glenn