samba - Feb 2011 - Not sure I understand when add user script is called

I've built a domain member.  It works pretty good with the exception 
that I want on-the-fly home directories being built.  I'm not sure this 
is doable with a domain member as everything I've tried isn't even 
called - as far as I can tell.  Using log level 3.

If anyone can shed light on how to dynamically create home directories, 
that'd be great.

anyway, here's my latest incarnation of smb.conf.

[global]
     display charset = UTF-8
     workgroup = KRH
     realm = KRH.INT
     netbios aliases = hitstor
     server string = HIT anything server
     interfaces = 172.29.107.110
     bind interfaces only = Yes
     security = ADS
     auth methods = sam, winbind, trustdomain
     password server = kal-dc3.krh.int, kal-dc4.krh.int, kal-dc2.krh.int, *
     ntlm auth = No
     client NTLMv2 auth = Yes
     log level = 1
     syslog = 0
     log file = /var/log/samba/log.%U
     debug prefix timestamp = Yes
     smb ports = 139
     name resolve order = wins host bcast lmhost
     unix extensions = No
     server signing = auto
     lpq cache time = 10
     max open files = 20000
     socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
     name cache timeout = 60
     load printers = No
     printcap cache time = 60
     show add printer wizard = No
     add user script = /usr/sbin/pw useradd %u -g krh -k 
/usr/local/etc/skel -d /home/KRH
     local master = No
     domain master = No
     dns proxy = No
     wins server = 10.6.1.21
     utmp = Yes
     nmbd bind explicit broadcast = No
     host msdfs = No
     idmap uid = 10000-20000
     idmap gid = 10000-20000
     template shell = /usr/local/bin/bash
     winbind enum users = Yes
     winbind enum groups = Yes
     winbind use default domain = Yes
     winbind refresh tickets = Yes
     acl group control = Yes
     cups options = raw
     force printername = Yes
     wide links = Yes

[homes]
     comment = Home Directories
     read only = No
     browseable = No


Here's the /etc/pam.d/system file:
#
# $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.4.1 2010/06/14 02:09:06 
kensmith Exp $
#
# System-wide defaults
#

# auth
auth        sufficient    pam_opie.so        no_warn no_fake_prompts
auth        requisite    pam_opieaccess.so    no_warn allow_local
auth            sufficient      /usr/local/lib/pam_winbind.so mkhomedir=yes
#auth        sufficient    pam_krb5.so        no_warn try_first_pass
#auth        sufficient    pam_ssh.so        no_warn try_first_pass
auth        required    pam_unix.so        no_warn try_first_pass nullok

# account
#account     required    pam_krb5.so
account        required    pam_login_access.so
account        required    pam_unix.so

# session
#session     optional    pam_ssh.so
session        required    pam_lastlog.so        no_fail
session         required       /usr/local/lib/pam_mkhomedir.so 
skel=/usr/local/etc/skel

# password
#password    sufficient    pam_krb5.so        no_warn try_first_pass
password    required    pam_unix.so        no_warn try_first_pass

Here's how we do it.  There are a thousand variations on a theme (samba
3.5.6)

[homes]
        path = /data/homes/%D/%S
        valid users = "@XXXXXX+domain admins", %S
        read only = No
        root preexec = /data/Backup/createhomes.sh %D %S

Shell script looks like (creates /data/homes/<DOMAIN
NAME>/<USERNAME>)

#!/bin/bash

if [ ! -d /data/homes/$1/$2 ]; then
        mkdir /data/homes/$1/$2
        chmod g+s /data/homes/$1/$2
        chown $2:"domain admins" /data/homes/$1/$2
        chmod 770 /data/homes/$1/$2
        /usr/bin/setfacl -m g:"domain admins":rwx /data/homes/$1/$2
        /usr/bin/setfacl -m u:"$2":rwx /data/homes/$1/$2
fi
exit 0

-=Andrew

-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Jack Downes
Sent: Friday, February 18, 2011 12:29 AM
To: samba at lists.samba.org
Subject: [Samba] Not sure I understand when add user script is called

I've built a domain member.  It works pretty good with the exception 
that I want on-the-fly home directories being built.  I'm not sure this 
is doable with a domain member as everything I've tried isn't even 
called - as far as I can tell.  Using log level 3.

If anyone can shed light on how to dynamically create home directories, 
that'd be great.

anyway, here's my latest incarnation of smb.conf.

[global]
     display charset = UTF-8
     workgroup = KRH
     realm = KRH.INT
     netbios aliases = hitstor
     server string = HIT anything server
     interfaces = 172.29.107.110
     bind interfaces only = Yes
     security = ADS
     auth methods = sam, winbind, trustdomain
     password server = kal-dc3.krh.int, kal-dc4.krh.int,
kal-dc2.krh.int, *
     ntlm auth = No
     client NTLMv2 auth = Yes
     log level = 1
     syslog = 0
     log file = /var/log/samba/log.%U
     debug prefix timestamp = Yes
     smb ports = 139
     name resolve order = wins host bcast lmhost
     unix extensions = No
     server signing = auto
     lpq cache time = 10
     max open files = 20000
     socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
     name cache timeout = 60
     load printers = No
     printcap cache time = 60
     show add printer wizard = No
     add user script = /usr/sbin/pw useradd %u -g krh -k 
/usr/local/etc/skel -d /home/KRH
     local master = No
     domain master = No
     dns proxy = No
     wins server = 10.6.1.21
     utmp = Yes
     nmbd bind explicit broadcast = No
     host msdfs = No
     idmap uid = 10000-20000
     idmap gid = 10000-20000
     template shell = /usr/local/bin/bash
     winbind enum users = Yes
     winbind enum groups = Yes
     winbind use default domain = Yes
     winbind refresh tickets = Yes
     acl group control = Yes
     cups options = raw
     force printername = Yes
     wide links = Yes

[homes]
     comment = Home Directories
     read only = No
     browseable = No


Here's the /etc/pam.d/system file:
#
# $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.4.1 2010/06/14 02:09:06 
kensmith Exp $
#
# System-wide defaults
#

# auth
auth        sufficient    pam_opie.so        no_warn no_fake_prompts
auth        requisite    pam_opieaccess.so    no_warn allow_local
auth            sufficient      /usr/local/lib/pam_winbind.so
mkhomedir=yes
#auth        sufficient    pam_krb5.so        no_warn try_first_pass
#auth        sufficient    pam_ssh.so        no_warn try_first_pass
auth        required    pam_unix.so        no_warn try_first_pass nullok

# account
#account     required    pam_krb5.so
account        required    pam_login_access.so
account        required    pam_unix.so

# session
#session     optional    pam_ssh.so
session        required    pam_lastlog.so        no_fail
session         required       /usr/local/lib/pam_mkhomedir.so 
skel=/usr/local/etc/skel

# password
#password    sufficient    pam_krb5.so        no_warn try_first_pass
password    required    pam_unix.so        no_warn try_first_pass
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba