[Samba] PDC Problems (read this the first one is incomplete)

Mike Rambo mrambo at lsd.k12.mi.us
Thu Oct 31 15:02:01 GMT 2002

Michele Santucci wrote:
> > > "The trust relationship between this workstation and the primary domain
> is
> > > failed" (probably the english text is different but this should be the
> > > meaning since
> > > I'm traslating it from italian).
> > >
> > >  security = USER
> > >  add user script = /usr/sbin/adduser -n -g machines -c Machine -d
> > > /dev/null -s /bin/false %m$
> >
> > According to the smb.conf man page security has to be DOMAIN or SERVER
> > to use the add user script option.
> I don't know what man page u're reading but mine says that the only security
> option not useable for the adduser script is 'SHARE'
> anyway the 'USER' option is compulsory since I have got to set the samba
> server to act as a PDC.
> Anyone else listening ????
>     c'ya ... TUX

Sorry - only tried to help...

SMB.CONF(5)                                           SMB.CONF(5)

       smb.conf - The configuration file for the Samba suite

       The smb.conf file is a configuration file for the Samba suite.
smb.conf contains runtime config­
       uration information for the Samba programs. The smb.conf file is
designed to be  configured  and
       administered  by  the  swat(8) program. The complete description
of the file format and possible
       parameters held within are here for reference purposes.


       add user script (G)
              This is the full pathname to a script that will be run AS
ROOT by smbd(8)  under  special
              circumstances described below.

              Normally,  a  Samba  server  requires that UNIX users are
created for all users accessing
              files on this server. For sites that use Windows NT
account databases  as  their  primary
              user  database creating these users and keeping the user
list in sync with the Windows NT
              PDC is an onerous task. This option allows smbdto  create 
the  required  UNIX  users  ON
              DEMAND when a user accesses the Samba server.

>>>>>>>>>>>   In  order to use this option, smbd must be set to security = server or  security = domain
              and add user script must be set to a full pathname for a
script that will create  a  UNIX
              user given one argument of %u, which expands into the UNIX
user name to create.

              When the Windows user attempts to access the Samba server,
at login (session setup in the
              SMB protocol) time,  smbdcontacts the password server and
attempts  to  authenticate  the
              given  user with the given password. If the authentication
succeeds then smbd attempts to
              find a UNIX user in the UNIX password database to map the 
Windows  user  into.  If  this
              lookup  fails,  and  add  user  script is set then smbd
will call the specified script AS
              ROOT, expanding any %u argument to be the user name to

              If this script successfully creates the user then smbd
will continue  on  as  though  the
              UNIX  user  already  existed.  In  this  way, UNIX users
are dynamically created to match
              existing Windows NT accounts.

              See also  security,  password server, delete user script.

              Default: add user script = <empty string>

              Example: add user script = /usr/local/samba/bin/add_user

This box has samba 2.2.2 - has it changed with newer/older versions?

Mike Rambo
mrambo at lsd.k12.mi.us

More information about the samba mailing list