[Samba] PDC Problems (read this the first one is incomplete)
Mike Rambo
mrambo at lsd.k12.mi.us
Thu Oct 31 15:02:01 GMT 2002
Michele Santucci wrote:
>
> > > "The trust relationship between this workstation and the primary domain
> is
> > > failed" (probably the english text is different but this should be the
> > > meaning since
> > > I'm traslating it from italian).
> > >
> > > security = USER
> > > add user script = /usr/sbin/adduser -n -g machines -c Machine -d
> > > /dev/null -s /bin/false %m$
> >
> > According to the smb.conf man page security has to be DOMAIN or SERVER
> > to use the add user script option.
>
> I don't know what man page u're reading but mine says that the only security
> option not useable for the adduser script is 'SHARE'
> anyway the 'USER' option is compulsory since I have got to set the samba
> server to act as a PDC.
>
> Anyone else listening ????
>
> c'ya ... TUX
Sorry - only tried to help...
SMB.CONF(5) SMB.CONF(5)
NAME
smb.conf - The configuration file for the Samba suite
SYNOPSIS
The smb.conf file is a configuration file for the Samba suite.
smb.conf contains runtime config
uration information for the Samba programs. The smb.conf file is
designed to be configured and
administered by the swat(8) program. The complete description
of the file format and possible
parameters held within are here for reference purposes.
<SNIP>
add user script (G)
This is the full pathname to a script that will be run AS
ROOT by smbd(8) under special
circumstances described below.
Normally, a Samba server requires that UNIX users are
created for all users accessing
files on this server. For sites that use Windows NT
account databases as their primary
user database creating these users and keeping the user
list in sync with the Windows NT
PDC is an onerous task. This option allows smbdto create
the required UNIX users ON
DEMAND when a user accesses the Samba server.
>>>>>>>>>>> In order to use this option, smbd must be set to security = server or security = domain
and add user script must be set to a full pathname for a
script that will create a UNIX
user given one argument of %u, which expands into the UNIX
user name to create.
When the Windows user attempts to access the Samba server,
at login (session setup in the
SMB protocol) time, smbdcontacts the password server and
attempts to authenticate the
given user with the given password. If the authentication
succeeds then smbd attempts to
find a UNIX user in the UNIX password database to map the
Windows user into. If this
lookup fails, and add user script is set then smbd
will call the specified script AS
ROOT, expanding any %u argument to be the user name to
create.
If this script successfully creates the user then smbd
will continue on as though the
UNIX user already existed. In this way, UNIX users
are dynamically created to match
existing Windows NT accounts.
See also security, password server, delete user script.
Default: add user script = <empty string>
Example: add user script = /usr/local/samba/bin/add_user
%u
This box has samba 2.2.2 - has it changed with newer/older versions?
--
Mike Rambo
mrambo at lsd.k12.mi.us
More information about the samba
mailing list