I have been trying for 2 months to get my samba server to add machine
accounts 'on the fly"
I have added both of these to my smb.conf
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
Neither of these seems to do anything.
I have around 250 computers to add, so adding the machine accounts
manuelly isn't going to happen.
I've read the documentation that says i should be able to do this so i
know it can be done.
Anyone actually using samba in a production enviroment?
Do you have samba creating the Machine accounts on the fly?
Thanks
Here is my smb.conf file
# Global parameters
[global]
workgroup = ETNET
server string = Samba PDC
password server = None
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 5
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
logon script = logon.bat
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
[homes]
comment = Home Directories
path = %H
valid users = %S
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /opt/samba/netlogon
write list = @ntadmins
[research]
comment = Research Dept Share
path = /dept/research
valid users = @research, @ntamins
write list = @research, @ntadmins
read only = No
create mask = 0770
directory mask = 0770
browseable = No
blocking locks = No
[production]
comment = Production Dept Share
path = /dept/production
valid users = @users
force group = users
read only = No
create mask = 0770
directory mask = 0770
dos filetimes = Yes
[producer]
comment = Producers Dept Share
path = /dept/producer
valid users = @producer, @ntamins
write list = @producer, @ntadmins
read only = No
create mask = 0770
directory mask = 0770
browseable = No
blocking locks = No
[online]
comment = Online Dept Share
path = /dept/online
valid users = @online, @ntamins
write list = @online, @ntadmins
read only = No
create mask = 0770
directory mask = 0770
browseable = No
blocking locks = No
[clearance]
comment = Clearance Dept Share
path = /dept/clearance
read only = No
[finance]
comment = Finance Dept Share
path = /dept/finance
read only = No
[engineer]
comment = Engineer Dept Share
path = /dept/engineer
read only = No
[music]
comment = Music Dept Share
path = /dept/music
read only = No
[post]
comment = Post Dept Share
path = /dept/post
read only = No
[vault]
comment = Tape Vault Dept Share
path = /dept/vault
read only = No
[IT]
comment = IT Dept Share
path = /dept/it
read only = No
[printers]
path = /tmp
printable = Yes
cups options = raw
browseable = No
> I have added both of these to my smb.conf > > add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M > %u > add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false > Neither of these seems to do anything.So here you're running useradd without giving the username to add as the required argument to useradd. Try putting a %u on the end of there and see if you get closer. You may also want to surround your variables with single quotes.> Anyone actually using samba in a production enviroment?Many people on this list.
First off, thanks you to all who replied.
I am using CentOS 4.1 on the server side
XP PRO sp2 on the workstation side.
I started out by adding the %u to the end of my Machine add script.
add machine script = /usr/sbin/useradd -g machines -s /bin/false -d /dev/null %u
That still didnt work, so i then tried a work around,
I changed my Macine add script to this.
add machine script = /usr/sbin/useradd -d /var/nodirs - machines -s
/bin/false '%u'
I also added this line to the /etc/shells /bin/false
I then created the following dir: /var/nodirs
then i did chown root:root /var/nodirs
and i also did chmod 550 /var/nodirs
This also did not change anything.
I also tested useradd
useradd -d /dev/null -s /bin/false jim
and it did create a user jim.
I can Join the domain when i do this:
useradd <machinename> -d /dev/null -g machines -s /bin/false
Then you need to add '$' to the machine account:
Vi /etc/passwd
Change machine account from this:
<machinename>:x:501:510::/dev/null:/bin/false
To this:
<machinename> $:x:501:510::/dev/null:/bin/false
Then create the Samba machine account.
Smbpasswd ?a ?m <machinename> $
Thanks for the help.
[global]
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
idmap gid = 16777216-33554431
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
username map = /etc/samba/smbusers
domain master = yes
winbind use default domain = no
passwd program = /usr/bin/passwd %u
dns proxy = no
netbios name = Zeus
server string = Samba PDC
idmap uid = 16777216-33554431
password server = None
unix password sync = yes
local master = yes
workgroup = etnet
os level = 64
add user script = /usr/sbin/useradd -d /dev/null -g users -s
/bin/false -M %u
# add machine script = /usr/sbin/useradd -g machines -s
/bin/false -d /dev/null '%u'
add machine script = /usr/sbin/useradd -d /var/nodirs -
machines -s /bin/false '%u'
max log size = 5
domain logons = yes
load printers = yes
printcap = /etc/printcap
logon script = logon.bat
On 8/26/05, DSanchez <myjunkacct@gmail.com> wrote:> I have been trying for 2 months to get my samba server to add machine
> accounts 'on the fly"
> I have added both of these to my smb.conf
>
> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u
> add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
>
> Neither of these seems to do anything.
>
> I have around 250 computers to add, so adding the machine accounts
> manuelly isn't going to happen.
>
> I've read the documentation that says i should be able to do this so i
> know it can be done.
> Anyone actually using samba in a production enviroment?
> Do you have samba creating the Machine accounts on the fly?
>
> Thanks
>
> Here is my smb.conf file
>
> # Global parameters
> [global]
> workgroup = ETNET
> server string = Samba PDC
> password server = None
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n
> *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> username map = /etc/samba/smbusers
> unix password sync = Yes
> log file = /var/log/samba/%m.log
> max log size = 5
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> printcap name = /etc/printcap
> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
> /bin/false -M %u
> add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s
/bin/false
> logon script = logon.bat
> domain logons = Yes
> os level = 64
> domain master = Yes
> dns proxy = No
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
>
> [homes]
> comment = Home Directories
> path = %H
> valid users = %S
> read only = No
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /opt/samba/netlogon
> write list = @ntadmins
>
> [research]
> comment = Research Dept Share
> path = /dept/research
> valid users = @research, @ntamins
> write list = @research, @ntadmins
> read only = No
> create mask = 0770
> directory mask = 0770
> browseable = No
> blocking locks = No
>
> [production]
> comment = Production Dept Share
> path = /dept/production
> valid users = @users
> force group = users
> read only = No
> create mask = 0770
> directory mask = 0770
> dos filetimes = Yes
>
> [producer]
> comment = Producers Dept Share
> path = /dept/producer
> valid users = @producer, @ntamins
> write list = @producer, @ntadmins
> read only = No
> create mask = 0770
> directory mask = 0770
> browseable = No
> blocking locks = No
>
> [online]
> comment = Online Dept Share
> path = /dept/online
> valid users = @online, @ntamins
> write list = @online, @ntadmins
> read only = No
> create mask = 0770
> directory mask = 0770
> browseable = No
> blocking locks = No
>
> [clearance]
> comment = Clearance Dept Share
> path = /dept/clearance
> read only = No
>
> [finance]
> comment = Finance Dept Share
> path = /dept/finance
> read only = No
>
> [engineer]
> comment = Engineer Dept Share
> path = /dept/engineer
> read only = No
>
> [music]
> comment = Music Dept Share
> path = /dept/music
> read only = No
>
> [post]
> comment = Post Dept Share
> path = /dept/post
> read only = No
>
> [vault]
> comment = Tape Vault Dept Share
> path = /dept/vault
> read only = No
>
> [IT]
> comment = IT Dept Share
> path = /dept/it
> read only = No
>
> [printers]
> path = /tmp
> printable = Yes
> cups options = raw
> browseable = No
>
Hi,
There was(is?) a problem with some versions of RH distros with the username
ending with "$"
I know that CentOS and Fedora aren't RH ;-)
But maybe they suffer from the same symptoms indicated here
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138782
I i'm now using FC3, with no problem whatsoever in user creation, altough it
didn't work initially, so it must have been fixed.
Aren't you missing any update necessary?
Does adduser test$ work for you?
Best regards,
Bruno Guerreiro
-----Original Message-----
From: DSanchez [mailto:myjunkacct@gmail.com]
Sent: segunda-feira, 29 de Agosto de 2005 22:51
To: samba@lists.samba.org
Subject: [Samba] Re: On the fly Machine accounts
First off, thanks you to all who replied.
I am using CentOS 4.1 on the server side
XP PRO sp2 on the workstation side.
I started out by adding the %u to the end of my Machine add script.
add machine script = /usr/sbin/useradd -g machines -s /bin/false -d
/dev/null %u
That still didnt work, so i then tried a work around,
I changed my Macine add script to this.
add machine script = /usr/sbin/useradd -d /var/nodirs - machines -s
/bin/false '%u'
I also added this line to the /etc/shells /bin/false
I then created the following dir: /var/nodirs
then i did chown root:root /var/nodirs
and i also did chmod 550 /var/nodirs
This also did not change anything.
I also tested useradd
useradd -d /dev/null -s /bin/false jim
and it did create a user jim.
I can Join the domain when i do this:
useradd <machinename> -d /dev/null -g machines -s /bin/false
Then you need to add '$' to the machine account:
Vi /etc/passwd
Change machine account from this:
<machinename>:x:501:510::/dev/null:/bin/false
To this:
<machinename> $:x:501:510::/dev/null:/bin/false
Then create the Samba machine account.
Smbpasswd ?a ?m <machinename> $
Thanks for the help.
[global]
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
idmap gid = 16777216-33554431
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
username map = /etc/samba/smbusers
domain master = yes
winbind use default domain = no
passwd program = /usr/bin/passwd %u
dns proxy = no
netbios name = Zeus
server string = Samba PDC
idmap uid = 16777216-33554431
password server = None
unix password sync = yes
local master = yes
workgroup = etnet
os level = 64
add user script = /usr/sbin/useradd -d /dev/null -g users -s
/bin/false -M %u
# add machine script = /usr/sbin/useradd -g machines -s
/bin/false -d /dev/null '%u'
add machine script = /usr/sbin/useradd -d /var/nodirs -
machines -s /bin/false '%u'
max log size = 5
domain logons = yes
load printers = yes
printcap = /etc/printcap
logon script = logon.bat
On 8/26/05, DSanchez <myjunkacct@gmail.com> wrote:> I have been trying for 2 months to get my samba server to add machine
> accounts 'on the fly"
> I have added both of these to my smb.conf
>
> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u> add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
>
> Neither of these seems to do anything.
>
> I have around 250 computers to add, so adding the machine accounts
> manuelly isn't going to happen.
>
> I've read the documentation that says i should be able to do this so i
> know it can be done.
> Anyone actually using samba in a production enviroment?
> Do you have samba creating the Machine accounts on the fly?
>
> Thanks
>
> Here is my smb.conf file
>
> # Global parameters
> [global]
> workgroup = ETNET
> server string = Samba PDC
> password server = None
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n
> *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> username map = /etc/samba/smbusers
> unix password sync = Yes
> log file = /var/log/samba/%m.log
> max log size = 5
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> printcap name = /etc/printcap
> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
> /bin/false -M %u
> add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s
/bin/false> logon script = logon.bat
> domain logons = Yes
> os level = 64
> domain master = Yes
> dns proxy = No
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
>
> [homes]
> comment = Home Directories
> path = %H
> valid users = %S
> read only = No
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /opt/samba/netlogon
> write list = @ntadmins
>
> [research]
> comment = Research Dept Share
> path = /dept/research
> valid users = @research, @ntamins
> write list = @research, @ntadmins
> read only = No
> create mask = 0770
> directory mask = 0770
> browseable = No
> blocking locks = No
>
> [production]
> comment = Production Dept Share
> path = /dept/production
> valid users = @users
> force group = users
> read only = No
> create mask = 0770
> directory mask = 0770
> dos filetimes = Yes
>
> [producer]
> comment = Producers Dept Share
> path = /dept/producer
> valid users = @producer, @ntamins
> write list = @producer, @ntadmins
> read only = No
> create mask = 0770
> directory mask = 0770
> browseable = No
> blocking locks = No
>
> [online]
> comment = Online Dept Share
> path = /dept/online
> valid users = @online, @ntamins
> write list = @online, @ntadmins
> read only = No
> create mask = 0770
> directory mask = 0770
> browseable = No
> blocking locks = No
>
> [clearance]
> comment = Clearance Dept Share
> path = /dept/clearance
> read only = No
>
> [finance]
> comment = Finance Dept Share
> path = /dept/finance
> read only = No
>
> [engineer]
> comment = Engineer Dept Share
> path = /dept/engineer
> read only = No
>
> [music]
> comment = Music Dept Share
> path = /dept/music
> read only = No
>
> [post]
> comment = Post Dept Share
> path = /dept/post
> read only = No
>
> [vault]
> comment = Tape Vault Dept Share
> path = /dept/vault
> read only = No
>
> [IT]
> comment = IT Dept Share
> path = /dept/it
> read only = No
>
> [printers]
> path = /tmp
> printable = Yes
> cups options = raw
> browseable = No
>