I'm using samba 3.0 alpha 23 on debian woody using a tdb backend. I've written a simple add machine script that takes care of the useradd and pdbedit -a -m steps. When I try to add a machine to the domain directly from that machine, without creating the accounts beforehand, I get an "Access Denied" error. After getting this error, I check on the samba machine and see that the account has been created in both /etc/passwd and my passwd.tdb file. If I try to join the machine to the domain again right away, it's successfull. Do I have to return something from my script? Here's the simple batch file I'm using: #!/bin/sh /usr/sbin/useradd -d /dev/null -g 2001 -s /bin/false $1 /usr/bin/pdbedit -a -m $1 /usr/bin/pdbedit -f 'Machine Account' -h '' -D '' $1
Hello Michel, I think your script does only have to contain the line /usr/sbin/useradd -d /dev/null -g 2001 -s /bin/false $1 because Samba creates the 'samba part' of your useraccount by himself. So what you do is 1) create the unix user 2) create the samba user part and samba tries to add the samba user again. The samba part already exist what results in a permission denied status. This was my experience with the samba 'add user' and 'add machine script' and the logs confirmed my suspections, and I found that the docs were not clear enough about this. This behaviour is probably different from the 2.2.x version. maybe this helps you... Tom Van Overschelde ----- Original Message ----- From: "Michel Gallant" <support@mindsweep.ca> To: <samba@samba.org> Sent: Thursday, April 17, 2003 3:02 PM Subject: [Samba] add machine script> I'm using samba 3.0 alpha 23 on debian woody using a tdb backend. I'vewritten a simple add machine script that takes care of the useradd and pdbedit -a -m steps. When I try to add a machine to the domain directly from that machine, without creating the accounts beforehand, I get an "Access Denied" error. After getting this error, I check on the samba machine and see that the account has been created in both /etc/passwd and my passwd.tdb file. If I try to join the machine to the domain again right away, it's successfull. Do I have to return something from my script? Here's the simple batch file I'm using:> > #!/bin/sh > /usr/sbin/useradd -d /dev/null -g 2001 -s /bin/false $1 > /usr/bin/pdbedit -a -m $1 > /usr/bin/pdbedit -f 'Machine Account' -h '' -D '' $1 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 17 April 2003 15:02, Michel Gallant wrote:> I'm using samba 3.0 alpha 23 on debian woody using a tdb backend. I've > written a simple add machine script that takes care of the useradd and > pdbedit -a -m steps. When I try to add a machine to the domain directly > from that machine, without creating the accounts beforehand, I get an > "Access Denied" error. After getting this error, I check on the samba > machine and see that the account has been created in both /etc/passwd and > my passwd.tdb file. If I try to join the machine to the domain again right > away, it's successfull. Do I have to return something from my script? > Here's the simple batch file I'm using: > > #!/bin/sh > /usr/sbin/useradd -d /dev/null -g 2001 -s /bin/false $1 > /usr/bin/pdbedit -a -m $1 > /usr/bin/pdbedit -f 'Machine Account' -h '' -D '' $1Your script is not supposed to create the samba account, only the unix one. Samba does the pdbedit stuff internally. Jelmer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+nrx0Pa9Uoh7vUnYRAh/nAJ9y8Sl/oiBv5qVOHQJQskand2Zm2QCeObuV O94zX4vV3LrkHX46ZOKKyEo=uFRQ -----END PGP SIGNATURE-----