Hi. I'm running samba 3.6.3 (on Ubuntu 12.04). This server is acting as an old style NT4 domain using samba as backend. Machine accounts are created using a script, called by samba (add machine script). Everything is working great. Now, I want to keep the same thing, but on Ubuntu 16.04, so with samba 4.3.11. Mostly everything is working as expected, except that smbd doesn't execute the add machine script. Instead, it tries to create the machine directly (but not with the correct objectClass, I want to have full control on this part, and just let samba add the sambaSamAccount objectClass and related stuff) In my logs, even with quite high debug level, I can see the param is correctly read: [...] doing parameter add machine script = /usr/local/bin/addworkstation.pl %u [...] But the script is not executed. Instead, when samba sees the account doesn't already exist in LDAP, it tries to create it, which is failing (because my ACL in OpenLDAP does not allow it) See my logs attached Why doesn't samba execute my add machine script at this point, instead of trying to create it on its own ? Cheers, Daniel -- Daniel Berteaud FIREWALL-SERVICES SAS. Société de Services en Logiciels Libres Tel : 05 56 64 15 32 Visio: https://vroom.fws.fr/dani Web : http://www.firewall-services.com -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: add_user.txt URL: <http://lists.samba.org/pipermail/samba/attachments/20171115/47fcdd88/add_user.txt>
On Wed, 15 Nov 2017 16:25:11 +0100 Daniel Berteaud via samba <samba at lists.samba.org> wrote:> Hi. > > I'm running samba 3.6.3 (on Ubuntu 12.04). This server is acting as > an old style NT4 domain using samba as backend. Machine accounts are > created using a script, called by samba (add machine script). > Everything is working great. > > Now, I want to keep the same thing, but on Ubuntu 16.04, so with > samba 4.3.11. Mostly everything is working as expected, except that > smbd doesn't execute the add machine script. Instead, it tries to > create the machine directly (but not with the correct objectClass, I > want to have full control on this part, and just let samba add the > sambaSamAccount objectClass and related stuff) > > In my logs, even with quite high debug level, I can see the param is > correctly read: > > [...] > doing parameter add machine script = /usr/local/bin/addworkstation.pl > %u [...]I suppose the obvious question is, is the script executable ?> > But the script is not executed. Instead, when samba sees the account > doesn't already exist in LDAP, it tries to create it, which is > failing (because my ACL in OpenLDAP does not allow it) >Can you post your smb.conf, there have been some changes between 3.6.3 and 4.3.11. Talking of which, is there any way that you can upgrade Samba ? 4.3.11 is EOL as far as Samba is concerned. Rowland
Thanks for your response Le Mercredi, Novembre 15, 2017 17:38 CET, Rowland Penny via samba <samba at lists.samba.org> a écrit:> I suppose the obvious question is, is the script executable ?It is. It's a simple perl script with +x. I can exec it from the comande line like /usr/local/bin/addworkstation.pl foo$ which creates the machin account like it should. I've also tested caling it with the interpreter add machine script = /usr/bin/perl /usr/local/bin/addworkstation.pl %u with no difference> Can you post your smb.conf,See the file attached> there have been some changes between 3.6.3 > and 4.3.11. Talking of which, is there any way that you can upgrade > Samba ? 4.3.11 is EOL as far as Samba is concerned.I'd prefer keeping the version provided with the distro, but I'll check if there's some trustworthy PPA to get something a bit newer. The strange thing, is that the script is not even called at all. -- Daniel Berteaud FIREWALL-SERVICES SAS. Société de Services en Logiciels Libres Tel : 05 56 64 15 32 Visio: https://vroom.fws.fr/dani Web : http://www.firewall-services.com