Friday, July 30, 2010

RHCE Tips : Samba

Setting Up a Simple Samba Share which can be accessed by anyone who has account on the Machine.

Backup the smb.conf file
------------------------------------------

Locating the Correct Samba configuration File:

[root@rhel samba]# smbd -b | grep smb.conf
CONFIGFILE: /etc/samba/smb.conf
[root@rhel samba]#


[root@rhel ~]# cd /etc/samba/
[root@rhel samba]# cp smb.conf smb.conf.orig
[root@rhel samba]# > smb.conf
[root@rhel samba]# vi smb.conf

Add a simple Homes Share in smb.conf
------------------------------------------------------

[root@rhel samba]# cat smb.conf

[global]
workgroup = MIDEARTH
[homes]
guest ok = no
read only = no

[root@rhel samba]#

[root@rhel samba]# service smb restart
Shutting down SMB services: [FAILED]
Shutting down NMB services: [FAILED]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@rhel samba]#

Add a user called Jen
-----------------------------

[root@rhel samba]# useradd jen
[root@rhel samba]# passwd jen
Changing password for user jen.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

Provide him with smb credentials(this is different from normal user/pass credentials)


[root@rhel samba]# smbpasswd -a jen
New SMB password:
Retype new SMB password:
Added user jen.
[root@rhel samba]#


Go to Start > Run > \\MachineIP
Login in through user/pass
Successfull !!!

You can see home directory [homes] and jen own home directory


Testing Your Samba Share 
-------------------------

[root@rhel samba]# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
workgroup = MIDEARTH

[homes]
read only = No
[root@rhel samba]#

List Shares Available on the Server
-----------------------------------------------

[root@rhel samba]# smbclient -L rhel -U jen
Password:
Domain=[rhel] OS=[Unix] Server=[Samba 3.0.25b-0.4E.6]

Sharename Type Comment
--------- ---- -------
homes Disk
IPC$ IPC IPC Service (Samba 3.0.25b-0.4E.6)
jen Disk Home directory of jen
Domain=[rhel] OS=[Unix] Server=[Samba 3.0.25b-0.4E.6]

Server Comment
--------- -------

Workgroup Master
--------- -------
MIDEARTH BL07DL380G5



We learnt in our Last lecture about the Samba shares.In this tutorial we will try with these further:

Connnect to Your Own Samba Server through Own Client Software on the same machine


[root@rhel samba]# smbclient //localhost/ -U jen


Password:
Domain=[rhel] OS=[Unix] Server=[Samba 3.0.25b-0.4E.6]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
[root@rhel samba]# smbclient //localhost/jen -U jen

Password:
Domain=[rhel] OS=[Unix] Server=[Samba 3.0.25b-0.4E.6]
smb: \>


You will see lots of commands here:

smb: \> ?
? altname archive blocksize cancel
case_sensitive cd chmod chown close
del dir du exit get
getfacl hardlink help history lcd
link lock lowercase ls mask
md mget mkdir more mput
newer open posix posix_open posix_mkdir
posix_rmdir posix_unlink print prompt put
pwd q queue quit rd
recurse reget rename reput rm
rmdir showacls setmode stat symlink
tar tarmode translate unlock volume
vuid wdel logon listconnect showconnect
!
smb: \>

Example:

Lets Put A file called text1 from the share to a directory /tmp
Here it goes:

[root@rhel samba]# cd /home/jen/
[root@rhel jen]# ls
[root@rhel jen]# touch text <<----- Lets Create a file called text1
[root@rhel jen]# vi text
[root@rhel jen]# smbclient //localhost/jen -U jen

Password:
Domain=[rhel] OS=[Unix] Server=[Samba 3.0.25b-0.4E.6]
smb: \> ls
. D 0 Mon Aug 3 17:16:20 2009
.. D 0 Mon Aug 3 17:02:24 2009
.bash_logout H 24 Mon Aug 3 17:02:24 2009
.kde DH 0 Mon Aug 3 17:02:24 2009
.gtkrc H 120 Mon Aug 3 17:02:24 2009
.bash_profile H 191 Mon Aug 3 17:02:24 2009
text 6 Mon Aug 3 17:16:20 2009 <<--- Here is a file
.bashrc H 124 Mon Aug 3 17:02:24 2009

50521 blocks of size 262144. 27714 blocks available
smb: \>

Remember We are now in /tmp directory
[root@rhel jen]# cd /tmp
[root@rhel tmp]# smbclient //localhost/jen -U jen

Password:
Domain=[rhel] OS=[Unix] Server=[Samba 3.0.25b-0.4E.6]
smb: \> ls
. D 0 Mon Aug 3 17:16:20 2009
.. D 0 Mon Aug 3 17:02:24 2009
.bash_logout H 24 Mon Aug 3 17:02:24 2009
.kde DH 0 Mon Aug 3 17:02:24 2009
.gtkrc H 120 Mon Aug 3 17:02:24 2009
.bash_profile H 191 Mon Aug 3 17:02:24 2009
text 6 Mon Aug 3 17:16:20 2009
.bashrc H 124 Mon Aug 3 17:02:24 2009

50521 blocks of size 262144. 27714 blocks available
smb: \> get text
getting file \text of size 6 as text (60000.0 kb/s) (average inf kb/s)
smb: \>

Now, When I browse /tmp directory i can see:

[root@rhel tmp]# ls
mapping-root text
[root@rhel tmp]#

Seting up a Samba Server which avials documents and printer to only the system regular users and not to anyone outside.

WorkOut:

1. Share Point ==> /export
2. All files owned by user called Ajeet Raina

Lets create a user :

[root@rhel tmp]# useradd -c "Ajeet Raina" -m -g users -p Oracle9ias ajeetr
[root@rhel tmp]# mkdir /export
[root@rhel tmp]# chmod u+rw,g+rw,o+rw /export
[root@rhel tmp]# chown ajeetr.users /export
[root@rhel tmp]#

Copy the files that should be shared to the /export directory.
..to be updated..

Samba Ldap Integration


Introduction.

LDAP (Lightweight Directory Access Protocol) is an application layer protocol that allows access to a directory service ordered and distributed to find different information in a network environment. LDAP can be considered a database (although the storage system may be different) to make inquires.
URL: http://es.wikipedia.org/wiki/LDAP
SMB (short for Server Message Block) network protocol that enables file and printer sharing (among other things) between nodes in a network. It is mainly used on computers with Microsoft Windows. SMB was originally invented by IBM, but the most common today is largely modified by Microsoft. Microsoft renamed SMB toCommon Internet File System (CIFS) in 1998 and added more features, including support for symbolic links, hard links (hard links), and larger file sizes.
URL: http://es.wikipedia.org/wiki/SMB
OpenLDAP is a free and open source implementation of protoloco Lightweight Directory Access Protocol (LDAP) developed by theOpenLDAP Project. It is released under its own license OpenLDAP Public License. LDAP is a platform independent protoloco. Many Linux distributions include OpenLDAP Software for your support.

SAMBA is a suite of programs originally set up by Andrew Tridgell and currently maintained by The Samba Team under the GNU General Public License, and implemented in UNIX ® systems based on the protocol SMB. Serves as a complete replacement for Windows ® NT, Warp ®, NFS ® and Netware ® servers.
 Software required
• 
openldap-03.02.1927
• 
openldap-clients-03.02.1927
• 
openldap-servers-2.3.
• 
authconfig-03.05.1912
samba-common
samba-client
• 
samba-3.0. 
• 
smbldap-tools-0.9.1-1
Installing via yum.

 yum-y install openldap openldap-clients openldap-servers authconfig authconfig-gtk-client samba samba samba-common 

Procedures:

To start using this tutorial assumes could successfully implement the tutorial: a openLDAP as authentication server, and the tutorial: How to configure SAMBA Joel Barrios. Some small fractions and configuration of this document were extracted from the aforementioned manual to provide a better understanding and background of the tutorial.  

This manual is an updated version of a pre-requisite for CentOS 4, differ in some obvious details of the update packages. We will also make use of packages from a repository that contains the smbldap-tools in our case the DAG. (While we wait for the AL Desktop)

1. OpenLDAP AUTHENTICATION 


We will copy the directory schema samba OpenLDAP schema:

cp / usr/share/doc/samba- * / LDAP / samba.schema / etc / openldap / schema /

After this edit the file / etc / openldap / slapd.conf and add one more line to support the scheme openldap samba. The file would be as follows:

# # See slapd.conf (5) for details on configuration options. 
# This file should NOT be world readable. 

include / etc / openldap / schema / core.schema 
include / etc / openldap / schema / cosine.schema 
include / etc / openldap / schema / inetorgperson.schema 
include / etc / openldap / schema / nis.schema
include / etc / openldap / schema / samba.schema

Add at end of file / etc / openldap / slapd.conf: 

database bdb 
suffix "dc = your-network-local, dc = com"
rootdn "cn = Administrator, dc = your-network-local, dc = com"
# This password previously obtained by typing slappasswd
(SSHA) XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX rootpw 
directory / var / lib / ldap / authentication 
# Indices to Maintain for this database
# Index objectClass eq, pres
# Index ou, cn, mail, surname, givenname eq, pres, sub
# Index uidNumber, gidNumber, loginShell eq, pres
# Index uid, memberUid eq, pres, sub
# Index nisMapName, nisMapEntry eq, pres, sub
index objectClass eq
index cn pres, sub, eq
index sn pres, sub, eq
index uid pres, sub, eq
index displayName pres, sub, eq
index uidNumber eq
index gidNumber eq
memberUid index eq
sambaSID index eq
sambaPrimaryGroupSID index eq
sambaDomainName index eq
index default sub

We have to configure the global parameters as client (NSS), the same server localhost in / etc / ldap.conf:

host 127.0.0.1
base dc = your-network-local, dc = com

We also have to configure the LDAP client in / etc / openldap / ldap.conf:

HOST 127.0.0.1
BASE dc = your-network-local, dc = com

We start and configure the LDAP service starts by default:

service ldap start 
chkconfig ldap on
2. SAMBA and LDAP integration

Now configure Samba in / etc / samba / smb.conf

 # Samba PDC openLDAP for CentOS 5
 # X Jaime M. Nozawa Tan

 # Name Domain might be the name of the company.
 workgroup = DOMAIN
 server string = Samba Server
 netbios name = LINUX
 # ----- ----- LDAP Parameters

 # Who will be the domain administrator user
 admin users = Administrator @ "Domain Admins" 
 passdb backend = ldapsam: ldap: / / localhost

 #? Ldap suffix for all entries following
 ldap suffix = dc = your-network-local, dc = com

 User # OU netbios
 ldap user suffix = ou = People

 OU # netbios Groups
 ldap group suffix = ou = Group 

 # Accounts machines netbios
 ldap machine suffix = ou = Computers

 # The account administrator openLDAP 
 ldap admin dn = cn = Administrator, dc = your-network-local, dc = com

 # Synchronization of LDAP accounts, NT and LM   
 ldap passwd sync = yes

 # Adding machine accounts automatically
 add machine script = / usr / sbin / smbldap-useradd-w% u
 # Here I leave commented on by if necessary or use your own criteria 
 # Ldap ssl = start tls
 # Add user script = / usr / sbin / smbldap-useradd-m "% u"
 # Ldap delete dn = Yes
 # Delete user script = / usr / sbin / smbldap-userdel "% u"
 # Add group script = / usr / sbin / smbldap-groupadd-p "% g"
 # Delete group script = / usr / sbin / smbldap-groupdel "% g"
 # Add user to group script = / usr / sbin / smbldap-groupmod-m "% u" "% g"
 # Delete user from group script = / usr / sbin / smbldap-groupmod-x "% u" "% g"
 # Set primary group script = / usr / sbin / smbldap-usermod-g "% g" "% u"
 # Ldap replication sleep = 1000 # time-server replication 
 # ----- END OF PARAMETERS LDAP 

 # Make sure you have enabled the following parameters of the siguiete form: 
 security = user
 encrypt passwords = yes
 os level = 65
 domain master = yes
 preferred master = yes
 domain logons = yes
 # ... other options.

Now we need to know what the samba user's password openLDAP Manager so you can connect to the directory (This was done in CentOS 4, I think now is not necessary): 

smbpasswd-w password

We aparecererá the message and confirm that samba and openldap to authenticate:  

Setting stored password for "cn = Administrator, dc = your-network-local, dc = com" in secrets.tdb

We test and restart samba:

testparm
service smb restart


3. Smbldap-tools and repositories extras.

Up to this point will be necessary to use the openldap-tools, for some reason the samba that came with did not work so I decided to use the DAG repository. 

NOTE: After you have installed the perl-LDAP-based repository (in my tests Tutorial CentOS 4), gave me conflicts with the perl-ldap from DAG, so I would recommend uninstalling it previously.

In our case we installed the RPM http://dag.wieers.com/
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm-Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Now we can check in / etc / yum.repos.d / rpmforge.repo:

[Rpmforge]
name = Red Hat Enterprise $ releasever - RPMforge.net - dag
# Baseurl = http://apt.sw.be/redhat/el5/en/ $ basearch / dag
mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
# Mirrorlist = file: / / / etc / yum.repos.d / mirrors-rpmforge
enabled = 0
Protect = 0
gpgkey = file: / / / etc / pki / rpm-gpg / RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

I leave the default repository disabled (enabled = 0).

Now you can install the smbldap-tools:

yum install smbldap-tools - enablerepo = rpmforge

With the following final result of dependencies, I put in bold those of the "extra repository"

Installed: 0:0.9.1-1.2 smbldap-tools.noarch. El5.rf
Dependency Installed: perl-Compress-Zlib.i386 0:1.42-1. Fc6 perl-Convert-ASN1.noarch 0:0.20-1.1 perl-Crypt-SmbHash.noarch 0:0.12-1.2. El5.rf perl-Digest-SHA1 . 0:2.11-1.2.1 i386 perl-HTML-Parser.i386 0:3.55-1. fc6 perl-HTML-Tagset.noarch 0:3.10-2.1.1 perl-IO-Socket-SSL.noarch 0:1.01 - 1.fc6 perl-Net-SSLeay.i386 0:1.30-4. fc6 perl-URI.noarch 0:1.35-3 perl-XML-NamespaceSupport.noarch 0:1.09-1.2.1 perl-XML-SAX.noarch 0: ldap.noarch 0:0.33-1 perl-0.14-5. el5.rf perl-libwww-perl.noarch 0:5.805-1.1.1
Complete!

Now we find out the SID of the Samba server:

net getlocalsid

We will display a message similar to this and we should write it down or copy: 

    LINUX for domain SID is: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX 

Proceed to configure the smbldap-tools access to the DB openLDAP in / etc / smbldap-tools / smbldap_bind.conf:

# Password is the unencrypted password openLDAP Manager
slaveDN = "cn = Administrator, dc = your-network-local, dc = com"
slavePw = "password"
masterDN = "cn = Administrator, dc = your-network-local, dc = com"
masterpw = "password"

And the main settings in / etc / smbldap-tools / smbldap.conf:

# Here we copy the SID
SID = "S-1-5-21-XXXXXXXXXXX-XXXXXXX-XXXXXXX"
# The name of the SAMBA workgroup = DOMAIN DOMAIN
sambaDomain = "DOMAIN"
slaveLDAP = "127.0.0.1"
slavePort = "389"
masterLDAP = "127.0.0.1"
masterPort = "389"
# To use TLS with LDAP
# (Also use port 389)
# LdapTLS = "1"
# I put optional I do not want the connection is mandatory
# Verify = "optional"
# Cafile = "/ etc / smbldap-tools / ca.pem"
# Clientcert = "/ etc / smbldap-tools / smbldap-tools.pem"
# Clientkey = "/ etc / smbldap-tools / smbldap-tools.key"
# Suffix by default to all subsequent entries
suffix = "dc = your-network-local, dc = com"
# Domain Users
usersdn = "ou = People, $ (suffix)"
# Domain Computers accounts
computersdn = "ou = Computers, $ (suffix)"
# Accounts Group
groupsdn = "ou = Group, $ (suffix)"
# If you are a Samba Domain Member Server
idmapdn = "ou = idmap, $ (suffix)"
# Important: nextUID to calculate the user or group code
sambaUnixIdPooldn = "sambaDomainName = DOMAIN, $ (suffix)"
scope = "sub"
hash_encrypt = "SSHA"
crypt_salt_format = "% s"
userLoginShell = "/ bin / bash"
userHome = "/ home /% U"
userHomeDirectoryMode = "700"
userGecos = "System User"
defaultUserGid = "513"
defaultComputerGid = "515"
skeletonDir = "/ etc / skel"
# The comment to that password expires every 45 days, unless you want otherwise
# DefaultMaxPasswordAge = "45"
#
# LINUX is the NetBIOS name netbios name = LINUX SERVER
userSmbHome = "\ \ LINUX \% U"
# Profiles
userProfile = "\ \ LINUX \ profiles \% U"
# Letter of the unit to your personal folder
userHomeDrive = "Z"
# I discuss why not use a starter bat for my case
# User script = "logon.bat"
# For the domain attribute for the default email
# MailDomain = "your-net-local.com"
with_smbpasswd = "0"
smbpasswd = "/ usr / bin / smbpasswd"
with_slappasswd = "0"
slappasswd = "/ usr / sbin / slappasswd"

Now we must create the domain structure in openldap with the command and type the Administrator password is the administrator of the domain:
smbldap-populate-a Administrator

With a result like this:

Populating LDAP directory for domain DOMAIN (S-1-5-21-XXXXXXXXXXX-XXXXXXXXXX-XXXXX)
(Using builtin directory structure)
Adding new entry: dc = your-network-local, dc = com
Adding new entry: ou = People, dc = your-network-local, dc = com
Adding new entry: ou = Group, dc = your-network-local, dc = com
Adding new entry: ou = Computers, dc = your-network-local, dc = com
Adding new entry: ou = idmap, dc = your-network-local, dc = com
Adding new entry: uid = Administrator, ou = People, dc = your-network-local, dc = com
Adding new entry: uid = nobody, ou = People, dc = your-network-local, dc = com
Adding new entry: cn = Domain Admins, ou = Group, dc = your-network-local, dc = com
Adding new entry: cn = Domain Users, ou = Group, dc = your-network-local, dc = com
Adding new entry: cn = Domain Guests, ou = Group, dc = your-network-local, dc = com
Adding new entry: cn = Domain Computers, ou = Group, dc = your-network-local, dc = com
Adding new entry: cn = Administrators, ou = Group, dc = your-network-local, dc = com
Adding new entry: cn = Account Operators, ou = Group, dc = your-network-local, dc = com
Adding new entry: cn = Print Operators, ou = Group, dc = your-network-local, dc = com
Adding new entry: cn = Backup Operators, ou = Group, dc = your-network-local, dc = com
Adding new entry: cn = replicators, ou = Group, dc = your-network-local, dc = com
Adding new entry: sambaDomainName = DOMAIN, dc = your-network-local, dc = com
Please Provide a password for the domain Administrator:
Changing password for Administrator
New password:
Retype new password:

In this case I do not want to be called root by default, so I changed the parameter-a Administrator.

Now we will see the association of the builtin groups SAMBA domain with openldap groups created:
groupmap net list

With a result like this:

Domain Admins (S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-512) -> Domain Admins
Domain Users (S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-513) -> Domain Users
Domain Guests (S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-514) -> Domain Guests
Domain Computers (S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-515) -> Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> replicators

Now we can create a Windows user account (-a), you create your home directory (-m), specifying that does not have a route Profile (option-F) and assign it a password:

 smbldap-useradd-a-m-F "" usuariowin
 smbldap-passwd usuariowin

More detail smbldap-useradd command in the following Annex: Annex 1: smbldap-useradd
Restart Samba and OpenLDAP: 

service ldap restart
service smb restart

Connecting machines to the domain's primary domain controller.

This process is not necessary to create machine accounts because they add to the file / etc / samba / smb.conf the script except possibly for older platforms. 

Windows 95/98/ME and Windows XP Home
Since systems with Windows 95/98/ME and Windows XP Home does not include a complete implementation as domain members are not required trust accounts.The procedure to join the domain is:

• Access to Start Menu? Settings? Control Panel? Network
• Select the Configuration tab
• Select "Client for Microsoft Networks"
• Click the Properties button
• Select Access Windows NT domain and specify the appropriate domain.
• Click on all the buttons "OK" and reboot the system
• Access to a user that has been created with smbldap-useradd in the LDAP directory or a user account that belongs to the OU = Domain Admins

Windows NT
• Access to Start Menu? Settings? Control Panel? Network
• Select the tab "Identification".
• Click on the button "Change."
• Enter the domain name and the name of the system. Select "Create a machine account in the domain.
• Click "OK"
• Wait a few seconds.
• You must display a confirmation popup that says "Welcome to MY-DOMAIN"
• Restart the system
• Access to a user that has been created with smbldap-useradd in the LDAP directory or a user account that belongs to the OU = Domain Admins

Windows 2000/2003 and Windows XP Professional
• Right click on the icon 'My Computer'.
• Select "Properties"
• Click the tab of "Network ID" or "Name of the system."
• Click on the button "Properties".
• Click on the button "Domain member"
• Enter the domain name and the name of the machine and click the button "OK"
• A dialog will ask for an account and password with administrative privileges on the server. Specify the username: Administrator and password that was assigned. 
• Wait a few seconds.
• You must display a confirmation popup that says "Welcome to MY-DOMAIN"
• Restart the system
• Access to a user that has been created with smbldap-useradd in the LDAP directory or a user account that belongs to the OU = Domain Admins

Findings:
To conclude this tutorial proceeds to authenticate to a Windows machine with usuariowin user account created in the previous steps. Once inside your account by pressing CTRL + ALT + DEL and change the password.

If all went well you could change the LDAP password and therefore also the local access (if you have shell: / bin / bash), open a terminal and try to authenticate with any account usuariowin, we should be able to enter the new password.
Now try to change your password with smbldap-passwd as root. 

Developed from Lima-Peru by: 
Jaime M. As Nozawa. 

Release Notes: (18/06/2007)
I have noticed in the places I've installed it takes a lot to start the CentOS Linux. He remains in service "system bus" long, after searching a lot in internet forums, I solved doing this:

In: / etc / ldap.conf   

find the line that says:  
hard bind_policy

and change by: 
soft bind_policy

Bind_policy The directive is to show that the connection should try it once and in case of failure, not to try, something necessary for each team not too late when you start and before have network connectivity, try to access the LDAP service.

Annex 1: smbldap-useradd

/ Usr / sbin / smbldap-useradd [-awmugdsckABCDEFGHMNPST?] Username

  , Or add the user in the Organizational Unit (relative to the user suffix)
  -A is a Windows User (Otherwise, Posix stuff only)
  -W is a Windows Workstation (Otherwise, Posix stuff only)
  -I is a trust account (Windows Workstation)
  -U uid
  -G gid
  -G groups Supplementary comma-separated
  -N Do Not create a group
  -D home
  -S shell
  -C gecos
  -M Creates home directory and copy / etc / skel
  -K skeleton dir (with-m)
  -T time. Wait 'time' Seconds Before Exiting (when Adding Windows Workstation)
  -P ends by Invoking smbldap-passwd
  -A dog change password? 0 if no, 1 if yes
  -B must change password? 0 if no, 1 if yes
  -C sambaHomePath (SMB home share, like 'PDC-SRVhomes')
  -D sambaHomeDrive (letter Associated with home share, like 'H:')
  -E sambaLogonScript (DOS script to execute on login)
  -F sambaProfilePath (profile directory, like 'PDC-SRVprofilesfoo')
  -H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')
  -N canonical name
  -S surname
  -M local mailAddress (comma separated)
  MailToAddress-T (forward address) (comma separated)
  -? Show this help message