Pardon me if I misunderstand your post...
I think you want to present a logon script to the user based on her/
his group membership.
In other words, ( I surmise ) currently Fred gets an invitation to
logon to finsvcs, but it will necessarily fail unless he is a member
of the finance group. So you want him to have a logon script that
DOES NOT mount finsvcs share if he is not a member of finance.

I note that the "logon script" directive in you [global] settings has
no value. In a small environment, you can make that
logon script = /some/path/%u.bat
and give each user a unique logon script. In a larger environment
you want to control scripts by group membership---
check out
as an example of ways to control logon by group.

On Dec 4, 2005, at 12:19 PM, Eric Hines wrote:

> Folks,
> I'm trying to achieve control over who logs into a share according
> to the group to which that person belongs, but with no luck. I'm
> running SUSE Pro 9.3 and Samba 3.0.13, with a Win2k machine on one
> subnet and an XP laptop on another subnet. In all cases, the user,
> instead of getting into his share transparently, gets invited to
> log in, and then the login is rejected. I've run the login.bat
> from the Windows machines, and that also only gets access denied.
> Share valid users is set to %G (%U lets the user in just fine, but
> that's inadequate security). Users get into their home directories
> just fine.
> My login.bat is
> net time \\lserver0 /set /yes
> net use \\lserver0\accounts
> net use \\lserver0\finsvcs
> net use x: /home
> My [netlogon] share is
> [netlogon]
> comment = Network logon service
> path = /data/%U
> valid users = %S
> read only = No
> My [global] is
> [global]
> workgroup = ASTRA_ENT
> username map = /etc/samba/smbusers
> syslog = 0
> name resolve order = wins bcast hosts
> printcap name = CUPS
> show add printer wizard = No
> add user script = /usr/sbin/useradd -m '%u'
> delete user script = /usr/sbin/userdel -r '%u'
> add group script = /usr/sbin/groupadd '%g'
> delete group script = /usr/sbin/groupdel '%g'
> add user to group script = /usr/sbin/groupmod -G '%g' '%u'
> add machine script = /usr/sbin/useradd -s /bin/false -d /
> var/lib/nobody '%u'
> logon script = scripts\login.bat
> logon path =
> logon drive = X:
> domain logons = Yes
> preferred master = Yes
> wins support = Yes
> ldap ssl = no
> I've placed the login.bat file in the share accounts (\data
> \accounts and /data/financials in this case), and I've placed the
> login.bat file in each user's home directory. Nothing has worked.
> I've been through the TOSHARG2 with no luck, and Googleing hasn't
> brought me anything I recognized, either. Any help would be
> greatly appreciated.
> Eric Hines
> There is no nonsense so errant that it cannot be made the creed of
> the vast majority by adequate governmental action.
> --Bertrand Russell
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:

To unsubscribe from this list go to the following URL and read the