samba - Nov 2017 - Execute a user script whenever a user is added in the domain

Hi,

I am using the ADUC-tool on Windows PCs to add users to the domain. Now I
also need to do some maintance work on the linux server (DC). Is there an
option that I've overlooked or any other way to execute a shell script
whenever a user is added? Ideally it would be executed on each DC.

If there isn't a built-in way, would it be possible by monitoring one of
the ldb-files for changes?

I know of the "add user script" property, but I'm not sure this is
still
supported in version 4 and from the description it seems like it is only
executed once a user logs in.

Thanks,
Fabian

On Thu, 23 Nov 2017 20:31:46 +0100
Fabian Fritz via samba <samba at lists.samba.org> wrote:
> Hi,
> 
> I am using the ADUC-tool on Windows PCs to add users to the domain.
> Now I also need to do some maintance work on the linux server (DC).
> Is there an option that I've overlooked or any other way to execute a
> shell script whenever a user is added? Ideally it would be executed
> on each DC.
> 
> If there isn't a built-in way, would it be possible by monitoring one
> of the ldb-files for changes?
> 
> I know of the "add user script" property, but I'm not sure
this is
> still supported in version 4 and from the description it seems like
> it is only executed once a user logs in.
> 
> Thanks,
> Fabian
The 'add user script' is run when a user authenticates and smbd cannot
find a Unix user, but on a Unix domain member (or DC) the user is also
a Unix user or isn't, if it isn't, then the user wont get authenticated
by AD so the 'add user script' wont get run.

It might help if you could explain just what you need to do on the DC
when the user is created.

Rowland

My DC handle the authentification and some other Samba server provide
shares (they're pure file servers with winbind). Users get their personal
directory as a share with appropriate permissions.

Up until now I used a Samba 3 server to both handle the authentification
and act as a file server. I had a script to create a Samba user, create the
personal directories and set some ZFS quota on it.

Now with AD I want to allow people to easily be able to create users with
the ADUC tool. The DC now is on a separate machine then than file server.
But I still need a way(script) to automatically create the directories.

I already tested using the "add user script" on the file servers, but
since
they use winbind, I guess they "find" the user and the script
isn't
executed. I think I found a solution though by using 'root preexec',
like
suggested here: https://serverfault.com/a/576142/437431

But I would still be interested in also having a way to run a script on the
DC, to add the user to some mailing lists there.

Thanks,
Fabian



2017-11-23 21:09 GMT+01:00 Rowland Penny <rpenny at samba.org>:
> On Thu, 23 Nov 2017 20:31:46 +0100
> Fabian Fritz via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> > I am using the ADUC-tool on Windows PCs to add users to the domain.
> > Now I also need to do some maintance work on the linux server (DC).
> > Is there an option that I've overlooked or any other way to
execute a
> > shell script whenever a user is added? Ideally it would be executed
> > on each DC.
> >
> > If there isn't a built-in way, would it be possible by monitoring
one
> > of the ldb-files for changes?
> >
> > I know of the "add user script" property, but I'm not
sure this is
> > still supported in version 4 and from the description it seems like
> > it is only executed once a user logs in.
> >
> > Thanks,
> > Fabian
>
> The 'add user script' is run when a user authenticates and smbd
cannot
> find a Unix user, but on a Unix domain member (or DC) the user is also
> a Unix user or isn't, if it isn't, then the user wont get
authenticated
> by AD so the 'add user script' wont get run.
>
> It might help if you could explain just what you need to do on the DC
> when the user is created.
>
> Rowland
>
>
>