Hi All,
I have just joined this list, and this is my first post - so please bear
with me.
I am running debian testing (sarge) with a 2.4.23-1-686 kernel, and a self
compiled samba-3.0.0final (--with-quotas), deployed from self built *.debs.
It is running as a PDC (smb.conf at bottom of post), and I have successfully
mapped "Domain Users" to unixgroup users, "Domain Admins" to
unixgroup root.
I had issues with users unable to change their passwords (you do not have
permission to change your password), but I have since changed to PAM
password change = yes, and that works OK (although this was before I mapped
the NT groups to unixgroups - i assume it was this causing issues). I am
using WinXP Pro Corporate (SP1).
My main problem is currently with Usrmgr.exe My add user scripts chunk is
below (add machine script works like a charm!):
add user script = /usr/sbin/useradd -m "%u"
add group script = /usr/sbin/groupadd "%g"
add user to group script = /usr/sbin/usermod -G "%g" "%u"
delete user from group script = /usr/sbin/gpasswd -d "%u"
"%g"
set primary group script = /usr/sbin/usermod -g "%g" "%u"
delete user script = /usr/sbin/userdel -r %u
delete group script = /usr/sbin/groupdel "%g"
1. I can add users without a hitch, although I find I do have to type in the
profile UNC & the home drive UNC manually. However, if I create a local user
(adduser -d bloggs), and then add them using (pdbeit -a bloggs), then the
profile & home drive paths are automatically picked up.
2. When I delete a user, I get an error message (in machine log file
"userdel: user bloggs does not exist", and similar message on usrmgr),
although on refreshing the screen, the user has gone, and the user + home
dir are removed from the debian box.
3. I have this error message:
[2004/01/22 20:12:56, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
get_domain_user_groups: primary gid of user [DI] is not a Domain group !
Does a user have to have a primary GID in a domain group - this is for users
created manually in 1.
Does anyone have any idea what the issue here is? One solution for me would
be for a current debian user to share his/her add user/add group/add user to
group/delete user from group/set primary group/delete user/delete group
scripts, with me - assuming their scripts differ, and their results are
successful.
I could write a simple bash script to do the manual actions described in 1,
and it would hopefully work.
In addition, as I cannot find this anywhere (howto, list search or google):
What do the various fields in the usrmgr relate to in the scripts? For
example, add local group, add global group (both usrmgr), or set primary
group (smb.conf).
I hope this isn't too long, and I haven't made an idiot of myself! This
has
been driving me mad!
smb.conf:
[global]
# Basic Server bits
workgroup = 615V
server string = Samba %v on %h
netbios name = 615VGS-DC1
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
interfaces = 127.0.0.1 192.168.0.5
bind interfaces only = yes
wins support = yes
printer admin = chrisa
load printers = yes
printing = cups
printcap name = cups
# Browser Settings
os level = 128
local master = yes
prefered master = yes
domain master = yes
# Security & User Settings
security = user
encrypt passwords = yes
username map = /etc/samba/username.map
obey pam restrictions = yes
unix password sync = yes
#passwd program = /usr/bin/passwd %u
passwd chat = "*Enter\snew\sUNIX\spassword:*" %n\n
"*Retype\snew\sUNIX\spassword:*" %n\n "passwd: password updated
successfully*"
pam password change = yes
passwd chat debug = yes
obey pam restrictions = yes
guest ok = no
smb passwd file = /etc/samba/smbpasswd
passdb backend = tdbsam
# Loggin etc
log level = 0
log file = /var/log/samba/%L.log
max log size = 1000
debug timestamp = yes
syslog = 1
# PDC settings
domain logons = yes
logon drive = U:
logon home = \\%L\%U
logon path = \\%L\profiles\%U
logon script = logon.bat
add user script = /usr/sbin/useradd -m "%u"
add group script = /usr/sbin/groupadd "%g"
add user to group script = /usr/sbin/usermod -G "%g" "%u"
delete user from group script = /usr/sbin/gpasswd -d "%u"
"%g"
set primary group script = /usr/sbin/usermod -g "%g" "%u"
delete user script = /usr/sbin/userdel -r %u
delete group script = /usr/sbin/groupdel "%g"
add machine script = /usr/sbin/useradd -d /dev/null -g Machines -s
/bin/false -M %u && /bin/passwd -l %u
# File Settings
short preserve case = yes
case sensitive = no
preserve case = yes
hide dot files = yes
[homes]
comment = Home directory
path = /home/%u
only users = %S
users = %S
browseable = no
read only = no
create mask = 0600
directory mask = 0700
[admin]
comment = admin directory
path = /home/samba/admin
browseable = no
valid users = @root
read only = no
[Printers]
comment = my first printer
browseable = yes
printable = yes
create mode = 0700
public = yes
use client driver = yes
path = /var/spool/cups
[profiles]
comment = User profiles for PDC
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = no
[netlogon]
comment = Network Logon Share
path = /home/samba/netlogon
browseable = no
read only = yes
admin users = chrisa @admin
write list = chrisa root @admin
public = no
[PDF-maker]
# PDF printer
comment = PDF maker
browseable = yes
printable = yes
path = /tmp
print command = /usr/bin/print2pdf %s %m %U
write list = chrisa
admin users = chrisa
[print$]
# Printer driver share
path = /home/samba/printers
read only = yes
write list = chrisa @admin
admin users = chrisa
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
