When a user successfully logs in to the network, Novell Login executes one or more login scripts that automatically set up the workstation environment. Login scripts are similar to batch files and are executed by the Novell Login utility. You can use login scripts to map drives and search drives to directories, display messages, set environment variables, and execute programs or menus. Login scripts are properties of specific eDirectory objects.
There are four types of login scripts:
Container—Sets the general environment for all users in that container. Novell Login executes container login scripts first. Container login scripts can be associated with organization or organizational unit objects. A user login will use only the container login script for the container in which its object resides.
Profile—Sets environments for several users at the same time. Novell Login executes a profile login script after the container login script. Profile login scripts are associated with profile objects. A user can be assigned only one profile login script but can choose other profile login scripts.
User—Sets environments (such as printing options or an email username) specific to a single user. Novell Login executes the user login script after any container and profile login scripts have executed. User login scripts are associated with user objects. A user can have only one user login script.
Default—Contains only essential commands, such as drive mappings to NetWare utilities, and cannot be edited. It runs if a user (including user admin) doesn’t have a user login script, even if a container or profile login script exists. You can prevent the default login script from running by placing the NO_DEFAULT command in a container or profile login script.
To create or modify a login script with ConsoleOne, follow these steps:
1. Launch iManager and click View Objects in the header frame.
2. Browse to the object whose login script you want to create or modify.
3. Click the object and select Modify Object. Select the Login Script tab to open the login script editor.
4. Enter the login script commands and information into the Login Script text box, or specify a profile script to associate with this object. Click OK to save your changes when finished.
Maintaining many user login scripts can be time-consuming. Therefore, you should try to include as much customization information as possible in the container and profile login scripts, which are fewer in number and easier to maintain. For example:
If all users need access to the NetWare utilities in the same volume, put the search drive mapping to that volume in a single container login script rather than in every user login script.
Create profile login scripts if multiple objects have identical login script needs.
In user login scripts, include only those individual items that can’t be included in profile or container login scripts.
If you don’t want to create any user login scripts and you don’t want the default login script to execute for any users, you can disable the default login script by including the NO_DEFAULT command in the container or profile login script.
Warning
Because up to three login scripts can execute whenever a user logs in, conflicts can occur and consecutive login scripts can overwrite drive mappings. It is important to note that the last login script to execute (usually the user login script) overrides any conflicting commands in a previous login script.
When creating login scripts, you must follow certain conventions:
Minimum login script—There is no minimum. You may choose whether to use login scripts, and all types of login scripts are optional. Login scripts can vary in length from one line to many lines and can be quite complex. There are no required commands.
Case—You can use uppercase or lowercase when writing login scripts. There is one exception to this rule. Identifier variables enclosed in quotation marks and preceded by a percent sign (%) must be uppercase.
Characters per line—You can have a maximum of 512 characters per line, including any variables after they are replaced by their values. However, it’s probably better to limit line length for readability.
Punctuation and symbols—You must type all symbols (#, %, “, _) and punctuation exactly as shown in examples and syntax.
Commands per line—You should use one command per line. Start each command on a new line. It is important to note that lines that wrap automatically are considered one command.
Sequence of commands—You should enter commands in the order you want them to execute. If you use # (or @) to execute an external program, the command must follow any necessary MAP commands. If sequence is not important, group similar commands, such as MAP and WRITE, to make the login script easier to read.
Blank lines—Blank lines don’t affect login script execution. You can use them to separate groups of commands visually.
Remarks (REMARK, REM, asterisks, and semicolons)—As with all scripts, lines beginning with REMARK, REM, an asterisk, or a semicolon are comments and are not displayed when the login script executes. You can use remarks to record the purpose of each command or group of commands or to temporarily keep certain lines from executing.
Identifier variables—Identifier variables enable you to replace the variable with specific information, such as a user’s last name or the workstation’s operating system. This makes the login script more flexible. When the login script executes, it substitutes real values for the identifier variables. By using the variable, you can make the same login script command applicable to multiple users. More information on identifier variables appears later in this appendix.
eDirectory attributes—Any eDirectory attribute value can be read from a login script. This includes extended names. The login utility does not store the Novell names, but it takes the attribute name and tries to read it. The syntax for accessing eDirectory attributes is identical to common script variables with the following exceptions:
If the name contains a space, you can replace it with an underscore (_).
The eDirectory attribute must be at the end of the string.
If multiple variables are required, such as in a WRITE statement, they must be in separate strings.
You must use the actual eDirectory attribute value names. You cannot use localized names or nicknames.
You must have Read rights to read the value of objects other than values associated with your own.
Following these conventions will help you develop well-written login scripts and avoid potential difficulties.
The commands for network connection and resource access are as follows:
ATTACH
CONTEXT
DRIVE
MAP
TREE
Each of these commands is covered in detail in the following sections.
ATTACH establishes a connection between a workstation and a NetWare server. If the server is not in the current tree, a bindery connection is made. This is mostly for NetWare 3 servers. NetWare 4 and higher servers no longer need to attach separately to multiple servers and do not need to use the ATTACH command. If users want to connect to multiple trees, use the TREE command. If users are trying to create persistent drive mappings, use the MAP command.
CONTEXT sets a user’s current context in the eDirectory tree:
CONTEXT <eDirectory context>
To change the current eDirectory context, replace context with the context you want the user to see after login. For example, to set the current context to the organizational unit Orem, under the organization Quills, add the following line to the login script:
CONTEXT .Orem.Quills
You can also type a single period instead of a container name to indicate that you want to move up one level. For example, if you are in the context SysTest.Testing.Provo.Quills and you want to move up one level to Testing.Provo.Quills, you type
CONTEXT .
You can use multiple periods to move up multiple levels in the tree.
DRIVE changes the default drive while the login script is executing. If this command is not included in the login script, the default drive will be set to the first network drive, which is often assigned to the user’s home directory. If you don’t want the default drive to be the first network drive, map a drive in the login script to the directory you want to be the default; then use the DRIVE command to change the default drive.
Instead of specifying a drive letter such as F or G, you can use an asterisk followed by a number n to represent the nth network drive (for example, *3). This allows drive letters to reorder themselves automatically if previous drive mappings are deleted or added:
DRIVE [drive letter |*n]
Replace drive letter with a local or network drive letter, or replace n with a drive number. The use of either is dependent on their already being assigned within the login script.
MAP assigns drive letters to network directories. Placing MAP statements in the login script eliminates the need to map drives every time a user logs in. If you do not want the result of each mapping to be displayed as it is executed, add the MAP DISPLAY OFF command at the beginning of the login script. When all drive map assignments have been completed, add the line MAP DISPLAY ON for a cleaner display for users as they log in.
Instead of specifying drive letters such as F or G, you can use an asterisk followed by a number n to represent the nth network drive. For example, if the first network drive is F, using MAP *3:= assigns drive H (1 2 3 = F G H). Or, if the first network drive is D, using MAP *4:= assigns G (1 2 3 4 = D E F G).
This allows drive letters to reorder themselves automatically when local drives are removed or added or when the first network drive is changed. This also allows users to log in from workstations with a different number of local drives than their regular workstation. Use the following syntax:
MAP [[options]|[parameter][drive:=path]
Replace drive with any valid network drive letter, local drive letter, or search drive number.
Replace path with a drive letter, a full directory path, or a Directory Map object. When mapping a drive to a directory on an eDirectory server, begin the path with the volume object’s name or <server name><volume name>. More than one command can be on the map line if a semicolon (;) separates the commands:
MAP *1:=SYS:PUBLIC;*2:=SYS:PUBLICDOS
Replace options with DISPLAY ON|OFF or ERRORS ON|OFF. DISPLAY ON|OFF determines whether drive mappings are displayed on the screen when the users log in. The default setting is ON. ERRORS ON|OFF determines whether MAP error messages are displayed when the users log in. MAP ERROR OFF must be placed before MAP commands in the login script. The default setting is ON.
Replace parameter with one of the following:
INS—Inserts a drive mapping between existing search mappings.
DEL—Deletes a drive mapping, making that drive letter available for other mapping assignments.
ROOT or R—Maps a fake root. Some applications require their executable files to be located in a root directory. Because you might not want users to have rights at the root directory, you can map a fake root to a subdirectory instead. The Windows NT native environment forces a map root on all drives. To prevent a forced map root in a Windows NT environment, set the MAP ROOT OFF = 1 environment variable. All drives are then mapped as specified, and only explicit map root drives are rooted.
C (CHANGE)—Changes a search drive mapping to a regular mapping, or a regular mapping to a search drive mapping.
P (PHYSICAL)—Maps a drive to the physical volume of a server, rather than to the volume object’s name. A volume object’s name might conflict with a physical volume name. (For example, object ACCT is an Accounting volume, but there is also an ACCT that is a physical volume.) Therefore, if you prefer to map a drive to the physical volume name, use MAP P.
N (NEXT)—When used without specifying a drive number or letter, maps the next available drive.
Use the TREE command to attach to another eDirectory tree within the network and to access its resources. The TREE command changes the focus of the login script so that all eDirectory object references in subsequent script commands (for drive mappings, print captures, and so on) apply to the eDirectory tree specified in the TREE command. You can include multiple TREE commands within a login script, either to attach to additional trees or to switch the login script’s focus back to a tree that the user is already attached to. Use the following syntax:
TREE tree_name[/complete_name]
Replace tree_name with the name of the eDirectory tree that you want the user to attach to.
Replace complete_name with the user’s Distinguished Name (DN) for the eDirectory tree that the user is attaching to. The DN establishes the user’s context in the tree. If you do not include the complete name, the user will be prompted for a DN during login script execution.
The TREE command will always prompt the users for their eDirectory password.
The following script commands are available for login script execution:
BREAK
FIRE or FIRE PHASERS
IF...THEN
INCLUDE
NO_DEFAULT
PAUSE
PROFILE
Each of these commands is covered in detail in the following sections.
BREAK ON enables the users to terminate login script execution. The default is BREAK OFF. If BREAK ON is included in a login script, the users can press Ctrl+C or Ctrl+Break to abort the normal execution of the login script.
FIRE or FIRE PHASERS emits a phaser sound by playing the phasers.wav sound file. Use FIRE or FIRE PHASERS with the IF...THEN command to make the sound execute a different number of times depending on the circumstances of the login:
FIRE n soundfile
Replace n with the number of times you want this sound to occur.
Replace soundfile with the name of the sound file you want to play when this command is executed. You can use any .WAV or platform-compatible sound file. For example:
FIRE 3 RIFLE.WAV
To use a variable as the number of times to fire, use % before the variable identifier. This enables you to vary the fire number based on some other conditional event:
FIRE %variable
For more information about using variables, see the section called “Identifier Variables” later in this appendix.
IF...THEN performs an action only under certain conditions. For example:
IF MEMBER OF "SALES" THEN
In this statement, some action is performed if the user who logged in belongs to the group object named SALES. You might also use IF...THEN to specify a specific time or date. For example:
IF DAY_OF_WEEK="MONDAY"
In this statement, the equal sign (=) indicates the relationship between the variable (DAY_OF_WEEK) and its value (MONDAY). Note that the value (MONDAY) is placed inside quotation marks. The values of conditional statements must be enclosed in quotation marks. Furthermore, when using IF...THEN statements, you can use AND or OR to include two or more conditionals in an IF...THEN statement.
Finally, values of conditional statements are compared with the assumption that the values are characters, not numeric values. The value of 21, therefore, is considered greater than the value of 100 when comparing these two characters. To ensure that the system properly calculates numeric values instead of character values, use the VALUE modifier in the IF...THEN statement.
The ELSE statement is optional. When used, the IF, ELSE, and END commands must be on separate lines. THEN does not need to be on a separate line. If you include a WRITE command as part of the IF...THEN command, the WRITE command must be on a separate line.
IF...THEN statements can be nested (up to 10 levels). If your IF...THEN statement consists of only one line, you do not need to include END even if that line wraps. If your IF...THEN statement must be on more than one line (for example, if you used ELSE or WRITE, which must be on separate lines), you must include END.
Six Boolean operators can be used between the elements of an IF...THEN statement. They are
= Equals
< > Does not equal
> Is greater than
>= Is greater than or equal to
< Is less than
<= Is less than or equal to
When using IF...THEN statements, use the following syntax:
IF conditional [AND|OR [conditional]] THEN
commands
[ELSE
command]
[END]
Replace conditional with identifier variables. Replace commands with any login script commands that you want to be executed if the specified condition is true. For example, if you place the following command in a login script, the message "Status report is due today" appears when the user logs in on Friday and "Have a nice day!" appears on other days:
IF DAY_OF_WEEK="FRIDAY" THEN
WRITE "Status report is due today."
ELSE
WRITE "Have a nice day!"
END
You can also nest IF...THEN statements. Notice that if there are multiple IF statements, each must have its own END statement:
IF DAY_OF_WEEK="FRIDAY" THEN
WRITE "Status report is due today."
IF MEMBER OF OPERATIONS THEN
WRITE "Your report is due immediately!"
END
END
Conditionals can be joined with commas, the word AND, or the word OR to form compound conditionals. The first line of the following IF...THEN statement is a compound conditional that means “If it is the evening of the first day of the month”:
IF GREETING_TIME="EVENING" AND DAY="01" THEN
WRITE "The system will be backed up tonight."
END
An IF...THEN statement can include several commands that must be executed if the conditional is true.
The following example shows two commands that are executed on Tuesdays: a WRITE command that displays a message about a staff meeting, and an INCLUDE command that tells the login script to process any commands or messages contained in the file SYS:PUBLICUPDATE.TXT:
IF DAY_OF_WEEK="TUESDAY" THEN
WRITE "Staff meeting today at 10 a.m."
INCLUDE SYS:PUBLICUPDATE.TXT
END
INCLUDE executes independent files or another object’s login script as a part of the login script currently being processed. These can be text files that contain valid login script commands (any of the commands explained in this section) or login scripts that belong to a different object you have rights to. Text files that contain login script commands and other objects’ login scripts can be used as subscripts. Subscripts do not have to have any particular filenames or extensions.
The INCLUDE command executes the login script commands contained in the subscript. It does not display the text of the subscripts. If the subscript is a text file, users must have at least File Scan and Read rights to the directory containing the subscript. If you are using another object’s login script as a subscript, users must have the Browse right to the object whose script you are including and the Read right to the object’s Login Script property:
INCLUDE [path]filename
or
INCLUDE object_name
Replace path with either a drive letter or a full directory path beginning with the NetWare volume name. To use a text file as a subscript, replace filename with the complete name (including the extension) of the text file. See the example in the IF...THEN section.
Alternatively, you can replace object_name with the name of the object whose login script you want to use.
NO_DEFAULT in a container or profile login script indicates that you do not want to create any user login scripts, and you do not want the default login script to run. To use NO_DEFAULT, add this command to either the container or the profile login script. If you have created a user login script for someone, that login script executes whether or not the NO_DEFAULT command is in the container or profile login script.
PAUSE creates a pause in the execution of the login script. You can add PAUSE to the login script following a message so that the user has time to read the message before it scrolls off the screen. If you include PAUSE, the message "Strike any key when ready..." appears on the workstation screen. NetWare login then waits for a key to be pressed before it executes the rest of the login script.
Using PROFILE in a container script overrides a user’s assigned or command-line[nd} specified profile script. This is useful when defining a group profile. Use the following syntax:
PROFILE profile_object_name
Replace profile object name with the name of the profile that you want to override the default profile script that is assigned to a given user.
The following commands are for the workstation environment:
SET
SET_TIME
Each of these commands is covered in detail in the following sections.
SET assigns an environment variable to a specified value. When you use SET in a login script, you must enter quotation marks (“ “) around the values. SET commands do not have to be defined in a login script. For example, you can SET environment variables in a workstation’s AUTOEXEC.BAT file. Where you use SET commands depends on your individual needs.
Note
If a variable is set to a path that ends in ", these two characters are interpreted as an embedded quote preceded by an escape character. To avoid this problem, use two backslashes before the ending double quotes (\").
After you use the SET command to assign a value to an environment variable, you can use that variable in other login script commands. To include an environment variable as an identifier variable in a command, enclose the name of the variable in angle brackets (for example, <engineer>). Use the following syntax:
SET name="value"
Replace name with an environment parameter that identifies the environment you want to change. Replace value with identifier variable substitutions. Values must be enclosed in quotation marks.
To assign an environment setting for the duration of the login script only, use the optional keyword TEMP at the start of the SET line:
TEMP SET name="value"
The following commands are for text file usage:
#
@
DISPLAY
EXIT
FDISPLAY
TERM
WRITE
Each of these commands is covered in detail in the following sections.
The # symbol executes a program that is external to the login script and waits until it is finished running before continuing with other login script commands:
# [path] filename [parameter]
Replace path with a drive letter. Replace filename with the executable file. It isn’t necessary to include the extension, but doing so can speed up the execution of the external program. Replace parameter with any parameters required by the executable file.
The @ command executes a program that is external to the login script and then continues with the script (similar to the Startup group in Windows):
@ [path] filename [parameter]
Replace path with a drive letter. Replace filename with an executable. Do not include the extension. Replace parameter with any parameters required by the executable file. For example, if you want to start the GroupWise program from within the login script, use the following command:
@SYS:APPSGROUPWISEGRPWISE
DISPLAY shows the contents of a text file when the user logs in. All characters in the file, including any printer and word processing codes, appear:
DISPLAY [path] filename
Replace path with either a drive letter or a full directory path beginning with the volume name. Replace filename with the complete name (including the extension) of the file you want to display. For example, you can put messages in a file SYS:PUBLICMESSGESNEWS.TXT. To have the messages shown to users when they log in on Monday, add the following lines to the container login script:
IF DAY_OF_WEEK="Monday" THEN
DISPLAY SYS:PUBLICMESSAGESNEWS.TXT
END
Use EXIT to terminate execution of the login script.
FDISPLAY shows the text of a word processing file when the user logs in. When you use FDISPLAY to display a word processing file, the text is filtered and formatted so that only the text is displayed:
FDISPLAY [path] filename
Replace path with either a drive letter or a full directory path beginning with the volume name. Replace filename with the complete name (including the extension) of the file you want to display. For example, you can put messages in a file SYS:PUBLICMESSGESNEWS.DOC. To have the messages shown to users when they log in on Monday, add the following lines to the container login script:
IF DAY_OF_WEEK="Monday" THEN
FDISPLAY SYS:PUBLICMESSAGESNEWS.DOC
END
TERM is normally used only for Application Launcher scripts, a component of Novell ZEN for Desktops (ZfD). Use the TERM command in a login script to stop the login script and return an error code. You can also use TERM in an IF...THEN statement, so that the login script stops and an error code is returned only if a condition is true (that is, if a certain condition exists). If the condition doesn’t occur the login script skips the TERM command and continues executing.
Warning
Because TERM stops the login script, be sure to put this command either at the end of the login script or at a point within the script where you intend execution to stop. Do not nest the TERM command in the login script. If you add TERM to a container login script, it prevents other profile or user login scripts from running. If you put TERM in a profile login script, it prevents the user login script from running.
WRITE displays messages on the workstation screen when a user logs in to the network. Text you want to display must be enclosed in quotation marks (“ “).
There are several ways to display variables in the text message. The way you enter the variable in the WRITE command determines the display format:
To display the variable value onscreen, type the identifier variable with no accompanying punctuation.
To combine regular text with an identifier variable, precede the variable with a percent sign (%), type it in uppercase letters, and enclose the identifier variable inside quotation marks. Both text and the variable can be enclosed in the same quotation marks.
To join several text strings and identifier variables into a single display without enclosing the variables in quotation marks, use a semicolon between the text and the variables.
If you have several WRITE commands, each one appears on a separate line on the user’s workstation. However, if you put a semicolon at the end of all but the last WRITE commands, the commands all appear as one continuous sentence or paragraph (although they might wrap onto additional lines on the workstation’s screen).
Text strings can include the following special characters:
Causes a carriage return
Starts a new line of text
" Displays a quotation mark on the screen
7 Makes a beep sound
In addition to the semicolon, you can use other operators to join text and identifier variables into one command. These operators are listed in order of precedence:
* / % Multiply, divide, modulo
+ - Add, subtract
>> << Shift left or right (1000 >> 3 becomes 1)
For example:
WRITE "[text][%identifier] [;][identifier]"
Replace text with the words you want to display on the screen. Replace identifier with a variable you want to display. For example, to display the message "Hello," along with the user’s last name, add the following line to the login script:
WRITE "Hello, ;%LAST_NAME"
To make a beep sound occur while the phrase "Good morning" appears on the screen, add the following line to the login script:
WRITE "Good %GREETING_TIME 7"
The following are other login script commands, which are described in the following sections:
LASTLOGINTIME
REMARK
REMARK, REM, an asterisk ( * ), or a semicolon ( ; ) enables you to include explanatory text in the login script or to keep a line from being executed during testing. Any text that follows these symbols is ignored. If a remark is several lines long, begin each line with the remark keyword (REMARK, REM, an asterisk, or a semicolon).
Identifier variables are used most often with commands such as IF...THEN, MAP, and WRITE. They enable you to create one login script for multiple users by replacing the variable with other text or information. You need to make sure you type the variable exactly as shown. Identifier variables can be placed within literal text strings in a WRITE statement. Literal text must be enclosed in quotation marks and the identifier must be preceded by a percent sign (%). For example, using the %LAST_NAME variable substitutes the user’s actual last name for the LAST_NAME variable. In a login script, WRITE "HELLO, "%LAST_NAME displays a Hello, JONES message on Mary Jones’ workstation screen when she logs in. Tables B.1 through B.6 contain the identifier variables that can be used in NetWare 6 login scripts.
Table A.1. Date Variables
|
IDENTIFIER VARIABLE |
FUNCTION |
|---|---|
|
|
Day in number format (01 through 31) |
|
|
Day of the week (Monday, Tuesday, and so on) |
|
|
Month number (01 through 12) |
|
|
Month name (January, February, and so on) |
|
|
Weekday in number format (1 through 7; 1 = Sunday) |
|
|
Last two digits of the year (99, 00, 01) |
|
|
All four digits of the year (1999, 2000, 2001) |
Table A.3. User Variables
|
IDENTIFIER VARIABLE |
FUNCTION |
|---|---|
|
|
User’s full login name as it exists in eDirectory. |
|
|
User’s unique username. It is the value of the |
|
|
User’s surname in eDirectory. |
|
|
User’s context. |
|
|
User’s unique login name (long names are truncated to eight characters). |
|
|
Group object to which the user is assigned. |
|
|
Group object to which the user is not assigned. |
|
|
Number of days before password expires. |
|
|
Context when login started. |
|
|
Number assigned to each user. |
Table A.4. Network Variables
|
IDENTIFIER VARIABLE |
FUNCTION |
|---|---|
|
|
NetWare server name |
|
|
The internal number assigned by the network specifying where a device can be located in the network cabling system |
Table A.5. Workstation Variables
|
IDENTIFIER VARIABLE |
FUNCTION |
|---|---|
|
|
Type of computer (IBM_PC, and so on) |
|
|
Type of operating system on the workstation |
|
Operating system version on the workstation |
|
|
|
Workstation’s node number (12-digit hexadecimal) |
|
|
Workstation’s operating system platform |
|
|
Short machine name (IBM, and so on) |
|
|
Workstation’s connection number |
|
|
Version of the workstation’s Windows operating system |
Table A.6. Miscellaneous Variables
|
IDENTIFIER VARIABLE |
FUNCTION |
|---|---|
|
|
Shows whether the access server is functional ( |
|
|
An error number (0 = no errors). |
|
|
Replaced by parameters used during login. When a user logs in, additional parameters can be entered that the login utility passes to the login script. The login utility then substitutes these parameters for any |
|
|
You can use property values of eDirectory objects as variables. Use the property values just as you do any other identifier variable. If the property value includes a space, enclose the name in quotation marks. To use a property name with a space within a |