UNIX/NT Account Creation Scripts?

Lisa Becktold {CADIG STAFF} lisa at usna.navy.MIL
Fri Jul 28 15:56:01 GMT 2000 

Hi:

We're running Samba on a Unix machine which is a member of the NT domain.
This has several interesting ramifications involving UIDs and passwords
(I've listed those below).  But this is my basic question:

	 Does anyone have any scripts they use across UNIX and NT
	 to create user accounts?  I have access to rsh and
	 adduser.pl with the NT Resource Kit, so presumably I
	 could write a script on the UNIX side to create a user
	 account there, and then run "rsh adduser.pl" on the NT
	 server to add users there.  I'm sure someone has done
	 something better or more elegant, though.  Please pass
	 on any ideas or scripts you have used!
	 
Here are the details of my configuration:

Running Samba on a UNIX machine that has joined an NT domain has several 
interesting effects:

	.  I don't need an smbpasswd file.  All I need are user entries in
	   my UNIX /etc/passwd file and user accounts on the NT server;
	.  The passwords for the Unix user accounts and the NT user
	   accounts do NOT need to be sychronized - because
	   "password server" is set to the NT machine in my smb.conf
	   file.  User authentication requests are passed to the
	   NT server;
	.  When a user on an NT workstation logs into the NT domain,
	   they are authenticated by the NT server.  However, they
	   are mounting their home directory from the UNIX Samba
	   server.  The user is NOT prompted for a Samba or Unix
	   password to mount the home directory.  
	.  Samba appears to look at the username in the Unix /etc/passwd 
	   table and extract the proper home directory.  This works in
	   conjunction with the Samba [homes] share.  That [homes] share
	   is much nicer than having to share EVERY home directory on
	   the NT Server to restrict access by user!  
	.  UID is not a consideration.  There is no smbpasswd table, so Unix 
	   and smbpasswd UIDs do not have to match.  And of course, the UIDs 
	   between Unix and NT do not have to match.
	   
My basic question is stated above, but I have an additional question
about configuration stated here:

	1.  This seems too easy.  Is there some glaring error in this
	    configuration?  My smb.conf hasn't been customized much
	    yet.  Here it is:
	    
	    	netbios name = UNIX SAMBA SERVER
		workgroup = NTDOMAIN
		security = domain
		password server = NTSERVER
		encrypt passwords = yes
		os level = 0
		domain master = no
		local master = no
		preferred master = no
	    
	     I'm also offering up the [homes] share.

	2.  Does anyone have any scripts they use across UNIX and NT
	    to create user accounts?  I have access to rsh and
	    adduser.pl with the NT resource script, so presumably I
	    could write a script on the UNIX side to create a user
	    account there, and then run "rsh adduser.pl" on the NT
	    server to add users there.  I'm sure someone has done
	    something better or more elegant, though.
	    
Please e-mail to lisa at usna.navy.mil.  THANKS!

More information about the samba mailing list