samba - Mar 2003 - 3.0alpha22 does not execute "add user script" ?

Hi

The 3.0alpha22 does not seem to execute the "add user script" when
running
as security = domain. The same configuration used to work fine with samba
2.2.7

I am making samba as the member of the domain and have users store their
files to the home shares on the samba, so that I need to have "add user
script" to make home dirs for the users.

I am running with winbind and it is fetching the user/group name correctly
from DC.


Is there a patch for this bug?

Thanks alot in advance.


[global]
add user script = /mybin/bin/add_user %u
admin users = myadmin
create mask = 0777
delete user script = /mybin/bin/delete_user %u
directory mask = 0777
encrypt passwords = yes
force create mode = 0
force directory mode = 0
guest account = nobody
load printers = no
log file = /var/log/samba/log.%m
log level = 1
max log size = 100
passwd program = /usr/bin/passwd %u
password server = soserver
security = domain
server string = files
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192
SO_RCVBUF=8192
template homedir = /vg01/home/%D/%U
template shell = /bin/false
unix password sync = yes
username map = /etc/samba/smbusers
winbind gid = 45000-65000
winbind uid = 45000-65000
wins support = no
workgroup = HOME

[homes]
comment = Home Directory
# valid users = %S
browseable = no
writable = yes

On Fri, 21 Mar 2003, A. S. wrote:
> Hi
>
> The 3.0alpha22 does not seem to execute the "add user script"
when running
> as security = domain. The same configuration used to work fine with samba
> 2.2.7
Correct. When you configure samba with "security = domain" you re
telling
it to be a domain member server. Domain members do NOT provide the
netlogon service nor do they partake in domain user management services.
Both these services belong to the domain control arhitecture.

To do what you want you will need PAM and Winbind support.
>
> I am making samba as the member of the domain and have users store their
> files to the home shares on the samba, so that I need to have "add
user
> script" to make home dirs for the users.
See above. To auto-create home directories you will need to configure
pam_mkhomedir.so support also.
>
> I am running with winbind and it is fetching the user/group name correctly
> from DC.
Good, so the missing magic is pam_mkhomedir.so.
>
>
> Is there a patch for this bug?
Please patch your /etc/pam.d/{logon,samba} files and introduce them to
pam_mkhomedir.so.


- John T.
>
> Thanks alot in advance.
>
>
> [global]
> add user script = /mybin/bin/add_user %u
> admin users = myadmin
> create mask = 0777
> delete user script = /mybin/bin/delete_user %u
> directory mask = 0777
> encrypt passwords = yes
> force create mode = 0
> force directory mode = 0
> guest account = nobody
> load printers = no
> log file = /var/log/samba/log.%m
> log level = 1
> max log size = 100
> passwd program = /usr/bin/passwd %u
> password server = soserver
> security = domain
> server string = files
> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
> template homedir = /vg01/home/%D/%U
> template shell = /bin/false
> unix password sync = yes
> username map = /etc/samba/smbusers
> winbind gid = 45000-65000
> winbind uid = 45000-65000
> wins support = no
> workgroup = HOME
>
> [homes]
> comment = Home Directory
> # valid users = %S
> browseable = no
> writable = yes
>
>
>
>
>
-- 
John H Terpstra
Email: jht@samba.org

"John H Terpstra" <jht@samba.org> wrote in message
news:Pine.LNX.4.50.0303211415370.14931-100000@dp.samba.org...
> On Fri, 21 Mar 2003, A. S. wrote:
>> Correct. When you configure samba with "security = domain"
you re telling
> it to be a domain member server. Domain members do NOT provide the
> netlogon service nor do they partake in domain user management services.
> Both these services belong to the domain control arhitecture.
>
> To do what you want you will need PAM and Winbind support.
PAM and winbind support is enabled via configure.
> See above. To auto-create home directories you will need to configure
> pam_mkhomedir.so support also.
> Good, so the missing magic is pam_mkhomedir.so.
How do I enable pam_mkhomedir.so support? I can not find any reference to it
in the source packages (configure --help, find
/usr/src/samba-3.0alpha22/ -name \*mkhome\*).

> - John T.
>
> --
> John H Terpstra
> Email: jht@samba.org
>

On Sat, 2003-03-22 at 02:21, A. S. wrote:
> "John H Terpstra" <jht@samba.org> wrote in message
> news:Pine.LNX.4.50.0303211415370.14931-100000@dp.samba.org...
> > On Fri, 21 Mar 2003, A. S. wrote:
> >> Correct. When you configure samba with "security =
domain" you re telling
> > it to be a domain member server. Domain members do NOT provide the
> > netlogon service nor do they partake in domain user management
services.
> > Both these services belong to the domain control arhitecture.
> >
> > To do what you want you will need PAM and Winbind support.
> 
> PAM and winbind support is enabled via configure.
> 
> > See above. To auto-create home directories you will need to configure
> > pam_mkhomedir.so support also.
> > Good, so the missing magic is pam_mkhomedir.so.
> 
> How do I enable pam_mkhomedir.so support? I can not find any reference to
it
> in the source packages (configure --help, find
> /usr/src/samba-3.0alpha22/ -name \*mkhome\*).
In the good history of unix (of which samba is the bastard child,
breaking most of the rules ;-) we try to have small packages each doing
their own job well.  pam_mkhomdir is part of Linux-PAM, and works for
all sorts of services, not just Samba.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20030322/f81d6cad/attachment.bin