Documented feature (%g cookie) doesnt work. (in add user script)

Marten van Wezel marten at arago.utwente.nl
Mon Mar 12 22:10:46 GMT 2001 

*sigh*

Well the subject line says most of it I guess, my problem is that
I am trying to allow only one NT group to print. So, I put the following 
into my smb.conf:

add user script = /usr/local/samba/bin/add_user %u 

(see man 5 smb.conf).

What this supposedly does is call the add_user script with parameters %u.
All good and fine, and this does work. I made my add_user script simply 
echo it to a tmp file, and indeed, the file grows whenever a user 
tries (and fails) to access my printing service (using CUPS btw, though this
is irrelevant here).

So it does translate the %u to the connecting username. Good. But the next
issue for me was the primary group. In the smb.conf(5) document it says:

       o      %u = user name of the current service, if any.
       o      %g = primary group name of %u.
       o      %U  =  session  user  name  (the user name that the
              client wanted, not necessarily the same as the  one
              they got).
       o      %G = primary group name of %U.
       o      %m = the NetBIOS name of the client  machine  (very
              useful).

soo changing the line in smb.conf to:

add user script = /usr/local/samba/bin/add_user %u %g

should call add_user with parameters <username> and <primary group>, right?

wrong.

And, wouldn't you know it..


add user script = /usr/local/samba/bin/add_user %u %m

.. does call add_user with username and the connecting machine. So 
its not just that it accepts one argument. 

Can someone please fix this? Or take it out of the smb.conf. Anyway I'll
have to use the kludge way - again - to make this work. 

(I used SomarSoft's DumpSec to dump the entire user list off the password
server and then grep through it in my add_user script. 

http://www.somarsoft.com/somarsoft_main.htm#DumpAcl

I would be very obliged if anyone has created a unix (linux) tool to 
read out such data from a specified NT machine and dump it to a file. I 
have looked for it online, but couldn't fine it.

Cheers

Marten van Wezel
System Administration University of Twente
Netherlands

More information about the samba-ntdom mailing list