Hi: We're running Samba on a Unix machine which is a member of the NT domain. This has several interesting ramifications involving UIDs and passwords (I've listed those below). But this is my basic question: Does anyone have any scripts they use across UNIX and NT to create user accounts? I have access to rsh and adduser.pl with the NT Resource Kit, so presumably I could write a script on the UNIX side to create a user account there, and then run "rsh adduser.pl" on the NT server to add users there. I'm sure someone has done something better or more elegant, though. Please pass on any ideas or scripts you have used! Here are the details of my configuration: Running Samba on a UNIX machine that has joined an NT domain has several interesting effects: . I don't need an smbpasswd file. All I need are user entries in my UNIX /etc/passwd file and user accounts on the NT server; . The passwords for the Unix user accounts and the NT user accounts do NOT need to be sychronized - because "password server" is set to the NT machine in my smb.conf file. User authentication requests are passed to the NT server; . When a user on an NT workstation logs into the NT domain, they are authenticated by the NT server. However, they are mounting their home directory from the UNIX Samba server. The user is NOT prompted for a Samba or Unix password to mount the home directory. . Samba appears to look at the username in the Unix /etc/passwd table and extract the proper home directory. This works in conjunction with the Samba [homes] share. That [homes] share is much nicer than having to share EVERY home directory on the NT Server to restrict access by user! . UID is not a consideration. There is no smbpasswd table, so Unix and smbpasswd UIDs do not have to match. And of course, the UIDs between Unix and NT do not have to match. My basic question is stated above, but I have an additional question about configuration stated here: 1. This seems too easy. Is there some glaring error in this configuration? My smb.conf hasn't been customized much yet. Here it is: netbios name = UNIX SAMBA SERVER workgroup = NTDOMAIN security = domain password server = NTSERVER encrypt passwords = yes os level = 0 domain master = no local master = no preferred master = no I'm also offering up the [homes] share. 2. Does anyone have any scripts they use across UNIX and NT to create user accounts? I have access to rsh and adduser.pl with the NT resource script, so presumably I could write a script on the UNIX side to create a user account there, and then run "rsh adduser.pl" on the NT server to add users there. I'm sure someone has done something better or more elegant, though. Please e-mail to lisa@usna.navy.mil. THANKS!
Lisa Becktold {CADIG STAFF} wrote:>
> Does anyone have any scripts they use across UNIX and NT
> to create user accounts? I have access to rsh and
> adduser.pl with the NT Resource Kit, so presumably I
> could write a script on the UNIX side to create a user
> account there, and then run "rsh adduser.pl" on the NT
> server to add users there. I'm sure someone has done
> something better or more elegant, though. Please pass
> on any ideas or scripts you have used!
Lisa, I don't normally recommend books on mailing lists,
but there is an O'Reilly book on using Perl for cross
platform sysadmin work that's pretty good I think.
It covers user account management in a way that might be
interesting to you. It's by a guy named David Blank-Edelman
and the book is call "Perl for Systems Administration" or
something like that.
> . I don't need an smbpasswd file.
> . The passwords for the Unix user accounts and the NT user
> accounts do NOT need to be sychronized
> . When a user on an NT workstation logs into the NT domain,
> they are authenticated by the NT server. However, they
> are mounting their home directory from the UNIX Samba
> server. The user is NOT prompted for a Samba or Unix
> password to mount the home directory.
> . Samba appears to look at the username in the
> Unix /etc/passwd table and extract the
> proper home directory.
> . UID is not a consideration. There is no
> smbpasswd table, so Unix and smbpasswd UIDs
> do not have to match. And of course, the UIDs
> between Unix and NT do not have to match.
Correct on all accounts. And it will get easy when the winbind
nss and pam modules are released in 3.0 (maybe 2.2.0 if we work
really hard).
> My basic question is stated above, but I have an additional question
> about configuration stated here:
>
> 1. This seems too easy. Is there some glaring error in this
> configuration? My smb.conf hasn't been customized much
> yet. Here it is:
>
> netbios name = UNIX SAMBA SERVER
> workgroup = NTDOMAIN
> security = domain
> password server = NTSERVER
> encrypt passwords = yes
> os level = 0
> domain master = no
> local master = no
> preferred master = no
>
> I'm also offering up the [homes] share.
Looks good to me
Cheers,
jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter@valinux.com
http://www.samba.org SAMBA Team jerry@samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )