[Samba] 3.0alpha22 does not execute "add user script" ?

Andrew Bartlett abartlet at samba.org
Sat Mar 22 22:30:49 GMT 2003 

On Sun, 2003-03-23 at 08:01, jra at dp.samba.org wrote:
> On Sat, Mar 22, 2003 at 09:51:51PM +0100, Volker Lendecke wrote:
> > Hmm. Just checked. This is definitely a change in behaviour. If you
> > do not want the full winbind functionality, a simple 'add user script'
> > is quite handy. Is there a reason why this does not work anymore as in
> > 2.2? 2.2 added a user if the PDC gave its ok.
> > 
> > If you ask me, I'd like the old behaviour back :-)
> 
> Yes, the old behaviour needs to be restored, it is correct.
> The reason is that not all Samba appliances are Linux based,
> or even use PAM, so smbd needs to be able to call an add user
> script if such is configured no matter what the security mode
> is set to.
> 
> The 'appliance' mode was the reason the 'add user script' was
> added in the first place, that's how it is supposed to work.
> 
> Whoever changed it please revert the change.

It was not a deliberate change, but the whole 'add user script' thing is
a very big mess.  For one, simply using the same parameter for PDC user
creation and this 'appliance mode' HACK.  Seconly, it's one of the last
pieces of code that *relies* on the value of 'security =' (rather than
auth methods).

Basically, this is not one of the things I regularly test, and it looks
like the auth subsystem has evolved to such a state that implementing
this is actually quite difficult.  Certainly it won't work where it is
placed now, but the code itself it intact.  (So don't bother with CVS
blame).

The problem is that we now require that sys_getgrouplist() functions for
all logins, because this is where we get our first and final group list
for the user - before we exit the auth subsystem.

Putting this back in will require hacks right in the heart of whatever
modules you want it to work for.

And BTW, it was decided a *long* time ago that also executing it (ie,
the same script and parameter) for 'no homedir' was just plain silly.

Andrew Bartlett
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030323/d7cb495a/attachment.bin

More information about the samba mailing list