samba - Sep 2007 - user / machine / group scripts, some work some don't

Hi List,

I have some issues with user manager for domains (srvtools.exe from MS)
and the scripts mentioned in the subject. The examples from the samba
howto collection seem to cause serious issues here. I am on debian etch
and tried to create my own scripts but till now to now avail. With the
examples from the docs I could add groups, but could not add users to
groups. There was the option -A used but here it seems to be -a refering
to the manpage (log was helping here)... anyhow changed to -a and it
worked. But adding users does not work at all. Different syntax,
different problems, but nothing does work. With the example of the howto
collection the user manager gave me "access denied" or similar
(translated from german) as I tried to add a user. I tried to use
adduser instead of useradd and came to these syntaxes:

add user script = /usr/sbin/adduser --ingroup domusers --gecos samba '%
u'
delete user script = /usr/sbin/deluser '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/adduser '%u' '%g'
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody
'%u'

now the adduser syntax gives me loads of this over and over again:

Use of uninitialized value in chop at /usr/sbin/adduser line 537.
Use of uninitialized value in pattern match (m//) at /usr/sbin/adduser
line 538.
Enter new UNIX password: Retype new UNIX password: No password supplied
Enter new UNIX password: Retype new UNIX password: No password supplied
Enter new UNIX password: Retype new UNIX password: No password supplied
passwd: Authentication token manipulation error
passwd: password unchanged

If only all scripts would give me some hints why they don't work. As I
see not for all scripts log entries but none work I think everything I
tried was wrong.

Could someone pinpoint me in the right direction or to the right part of
the docs? Maybe some insights of how those scripts need to be built?

See the attached smb.conf, maybe it will help or it may be that other
options are at fault here...

_any_ help greatly appreciated!

regards
Michael

-------------- next part --------------
[global]
workgroup = TCW.LOCAL
passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*
username map = /etc/samba/smbusers
passdb backend = tdbsam
syslog = 0
name resolve order = wins bcast hosts
add user script = /usr/sbin/adduser --ingroup domusers --gecos samba
'%u'
delete user script = /usr/sbin/deluser '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/adduser '%u' '%g'
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody
'%u'
logon script = scripts\login.bat
logon path = \\%L\profiles\%U
logon drive = X:
domain logons = Yes
preferred master = Yes
wins support = Yes
log file = /var/log/samba/log.%m

#idmap uid = 15000-20000
#idmap gid = 15000-20000
unix password sync = true
passwd program = /usr/bin/passwd %u
#pam password change = yes
#netbios name = ADRASTEA
#security = user


[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root, mschmitt
valid users = %S
guest ok = Yes
browseable = No

[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[gf]
comment = GF Zeug
path = /pub/gf
read only = No
guest ok = No
valid users = %G

[user]
comment = User Kram
path = /pub/user
read only = No
guest ok = No

On Saturday 08 September 2007 23:30, Michael Schmitt
wrote:
> Hi List,
>
> I have some issues with user manager for domains (srvtools.exe from MS)
> and the scripts mentioned in the subject. The examples from the samba
> howto collection seem to cause serious issues here. I am on debian etch
> and tried to create my own scripts but till now to now avail. With the
> examples from the docs I could add groups, but could not add users to
> groups. There was the option -A used but here it seems to be -a refering
> to the manpage (log was helping here)... anyhow changed to -a and it
> worked. But adding users does not work at all. Different syntax,
> different problems, but nothing does work. With the example of the howto
> collection the user manager gave me "access denied" or similar
> (translated from german) as I tried to add a user. I tried to use
> adduser instead of useradd and came to these syntaxes:
Please check the man page for your distro.  The options to useradd, usremod, 
groupmod, etc. seem to vary considerably across Linux distros.
> add user script = /usr/sbin/adduser --ingroup domusers --gecos samba '%
> u'
> delete user script = /usr/sbin/deluser '%u'
> add group script = /usr/sbin/groupadd '%g'
> delete group script = /usr/sbin/groupdel '%g'
> add user to group script = /usr/sbin/adduser '%u' '%g'
Please note that the adduser script is entirely different from the useradd 
utility. Neither is consistent across implementations. Both vary from Linux 
distro to distro.  I was unaware of this until last week and am not sure how 
to handle this in the HOWTO, other than to make a note regarding the problem.
> add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody
> '%u'
>
> now the adduser syntax gives me loads of this over and over again:
>
> Use of uninitialized value in chop at /usr/sbin/adduser line 537.
> Use of uninitialized value in pattern match (m//) at /usr/sbin/adduser
> line 538.
> Enter new UNIX password: Retype new UNIX password: No password supplied
> Enter new UNIX password: Retype new UNIX password: No password supplied
> Enter new UNIX password: Retype new UNIX password: No password supplied
> passwd: Authentication token manipulation error
> passwd: password unchanged
>
> If only all scripts would give me some hints why they don't work. As I
> see not for all scripts log entries but none work I think everything I
> tried was wrong.
This is something you will need to take up with the Linux distro maintainer.
> Could someone pinpoint me in the right direction or to the right part of
> the docs? Maybe some insights of how those scripts need to be built?
The useradd and adduser tools should NOT set the password. That whould be done 
using the passwd utility.

- John T.