Hi The 3.0alpha22 does not seem to execute the "add user script" when running as security = domain. The same configuration used to work fine with samba 2.2.7 I am making samba as the member of the domain and have users store their files to the home shares on the samba, so that I need to have "add user script" to make home dirs for the users. I am running with winbind and it is fetching the user/group name correctly from DC. Is there a patch for this bug? Thanks alot in advance. [global] add user script = /mybin/bin/add_user %u admin users = myadmin create mask = 0777 delete user script = /mybin/bin/delete_user %u directory mask = 0777 encrypt passwords = yes force create mode = 0 force directory mode = 0 guest account = nobody load printers = no log file = /var/log/samba/log.%m log level = 1 max log size = 100 passwd program = /usr/bin/passwd %u password server = soserver security = domain server string = files socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 template homedir = /vg01/home/%D/%U template shell = /bin/false unix password sync = yes username map = /etc/samba/smbusers winbind gid = 45000-65000 winbind uid = 45000-65000 wins support = no workgroup = HOME [homes] comment = Home Directory # valid users = %S browseable = no writable = yes
John H Terpstra
2003-Mar-21 14:21 UTC
[Samba] 3.0alpha22 does not execute "add user script" ?
On Fri, 21 Mar 2003, A. S. wrote:> Hi > > The 3.0alpha22 does not seem to execute the "add user script" when running > as security = domain. The same configuration used to work fine with samba > 2.2.7Correct. When you configure samba with "security = domain" you re telling it to be a domain member server. Domain members do NOT provide the netlogon service nor do they partake in domain user management services. Both these services belong to the domain control arhitecture. To do what you want you will need PAM and Winbind support.> > I am making samba as the member of the domain and have users store their > files to the home shares on the samba, so that I need to have "add user > script" to make home dirs for the users.See above. To auto-create home directories you will need to configure pam_mkhomedir.so support also.> > I am running with winbind and it is fetching the user/group name correctly > from DC.Good, so the missing magic is pam_mkhomedir.so.> > > Is there a patch for this bug?Please patch your /etc/pam.d/{logon,samba} files and introduce them to pam_mkhomedir.so. - John T.> > Thanks alot in advance. > > > [global] > add user script = /mybin/bin/add_user %u > admin users = myadmin > create mask = 0777 > delete user script = /mybin/bin/delete_user %u > directory mask = 0777 > encrypt passwords = yes > force create mode = 0 > force directory mode = 0 > guest account = nobody > load printers = no > log file = /var/log/samba/log.%m > log level = 1 > max log size = 100 > passwd program = /usr/bin/passwd %u > password server = soserver > security = domain > server string = files > socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 > SO_RCVBUF=8192 > template homedir = /vg01/home/%D/%U > template shell = /bin/false > unix password sync = yes > username map = /etc/samba/smbusers > winbind gid = 45000-65000 > winbind uid = 45000-65000 > wins support = no > workgroup = HOME > > [homes] > comment = Home Directory > # valid users = %S > browseable = no > writable = yes > > > > >-- John H Terpstra Email: jht@samba.org
"John H Terpstra" <jht@samba.org> wrote in message news:Pine.LNX.4.50.0303211415370.14931-100000@dp.samba.org...> On Fri, 21 Mar 2003, A. S. wrote: >> Correct. When you configure samba with "security = domain" you re telling > it to be a domain member server. Domain members do NOT provide the > netlogon service nor do they partake in domain user management services. > Both these services belong to the domain control arhitecture. > > To do what you want you will need PAM and Winbind support.PAM and winbind support is enabled via configure.> See above. To auto-create home directories you will need to configure > pam_mkhomedir.so support also. > Good, so the missing magic is pam_mkhomedir.so.How do I enable pam_mkhomedir.so support? I can not find any reference to it in the source packages (configure --help, find /usr/src/samba-3.0alpha22/ -name \*mkhome\*).> - John T. > > -- > John H Terpstra > Email: jht@samba.org >
Andrew Bartlett
2003-Mar-21 22:17 UTC
[Samba] 3.0alpha22 does not execute "add user script" ?
On Sat, 2003-03-22 at 02:21, A. S. wrote:> "John H Terpstra" <jht@samba.org> wrote in message > news:Pine.LNX.4.50.0303211415370.14931-100000@dp.samba.org... > > On Fri, 21 Mar 2003, A. S. wrote: > >> Correct. When you configure samba with "security = domain" you re telling > > it to be a domain member server. Domain members do NOT provide the > > netlogon service nor do they partake in domain user management services. > > Both these services belong to the domain control arhitecture. > > > > To do what you want you will need PAM and Winbind support. > > PAM and winbind support is enabled via configure. > > > See above. To auto-create home directories you will need to configure > > pam_mkhomedir.so support also. > > Good, so the missing magic is pam_mkhomedir.so. > > How do I enable pam_mkhomedir.so support? I can not find any reference to it > in the source packages (configure --help, find > /usr/src/samba-3.0alpha22/ -name \*mkhome\*).In the good history of unix (of which samba is the bastard child, breaking most of the rules ;-) we try to have small packages each doing their own job well. pam_mkhomdir is part of Linux-PAM, and works for all sorts of services, not just Samba. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030322/f81d6cad/attachment.bin