[Samba] Add user script, with winbind, without PAM (Solaris 9)

Paul Coray paul.coray at unibas.ch
Wed Jan 21 16:50:35 GMT 2004 

Gerald (Jerry) Carter wrote:

> On Fri, 16 Jan 2004, Paul Coray wrote:
> 
>> Dear all
>>
>> We've been running sucessfully a 2.2.8a Fileserver, member of our NT 
>> domain, authentication with winbind, on a Solaris box. As I've 
>> experienced stability issues with winbind and some minor problems with 
>> missing unicode support, I'm very happy that these problems hopefully 
>> will be gone with version 3.
>>
>> Now I noticed, that it seems not to be possible any longer to have an 
>> add user script creating homedirs on the fly without a local user 
>> repository (smbpasswd or LDAP and PAM), which worked just fine before. 
>> The problem might also be the missing support for pam_mkhomedir.so in 
>> Solaris.
> 
> 
> You can do anything you want in an 'add user script' including creating
> the user's home directory.  Maybe I misuderstood you question.
> 

Jerry,

Fact is, on my still running production systen (Samba 2.2.8a on Solaris 
9, Sparc) this works great. Each User in our NT-PDC Domainuser database 
will get a home and a backupdirectory, when he connects to the Samba box 
for the first time.

[global]
         workgroup = UB
         netbios name = UB-FILES
         server string = Home- and Backupserver
         security = DOMAIN
         encrypt passwords = Yes
         map to guest = Bad User
         show add printer wizard = No
         password server = *
->        add user script = /opt/csw/samba/bin/add_user %u
         obey pam restrictions = Yes
         log file = /opt/csw/samba/var/userlog/%m.log
         log level = 0
         max log size = 500
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         preferred master = False
         local master = No
         domain master = False
         wins server = xxx.xxx.xxx.xxx
         winbind separator = +
         winbind uid = 10000-20000
         winbind gid = 10000-20000
         winbind enum users = yes
         winbind enum groups = yes
         template homedir = /export/home/UB/ub+%U
         deadtime = 15
         hide dot files = yes
         create mask = 664
         directory mask = 775


[homes]
         comment = Home Directory for %U
         path = /export/home/UB/ub+%U
         read only = No
         create mask = 0640
         directory mask = 0750
         browseable = No

[backup]
         comment = Backup Directory for %U
         path = /export/userbackup/UB/ub+%U
         force user = %u
         read only = No
         browseable = No

# cat /opt/csw/samba/bin/add_user
#!/bin/sh

# Script preparing the environment for a Win Domain member
# accessing the Samba server

# Paul Coray, paul.coray at unibas.ch, March 6th, 2003

USER=$1
HOME=/export/home/UB/${USER}
BACKUP=/export/userbackup/UB/${USER}
LOG=/opt/csw/samba/var/add_user.log

if [ -d ${HOME} ]; then
# echo `date` Directory for user ${USER} exists. >> ${LOG}
  exit 0
fi

/usr/bin/mkdir -p ${HOME} ${BACKUP}
/usr/bin/chown -R ${USER}:other ${HOME} ${BACKUP}
/usr/bin/chmod 700  ${HOME} ${BACKUP}
echo `date` created homedir for ${USER} >> ${LOG}

/usr/sbin/edquota -p quota-proto ${USER}
echo `date` set quota for ${USER} >> ${LOG}



With Samba 3.0.1, this script never runs. In the documentation, I read 
that an add machine script is needed in  order to have an add user 
script to be working. So I tried to add the line
	
add machine script = /path/tothesame/adduserscript %u

... but no success.

So my only solution by now is to have a script I need to call _manually_ 
each time a new user is created on the PDC. It just extracts the new 
usernames from the output of wbinfo -u:

# cat add_smbuser
#!/sbin/sh

# This script must be invoked each time a new user
# is added to the UB-Domain (SAM), so he will find his home and
# a backup directory on our Samba-server.


OLDSAM=/etc/samba/oldsam.db
NEWSAM=/etc/samba/`isodate`sam.db
SMBBIN=/usr/local/samba/bin
HOMEDIR=/export/home/UB/
BUDIR=/export/userbackup/UB/
USERLIST=/tmp/newdomuser

# Get list of new users:

$SMBBIN/wbinfo -u > $NEWSAM
diff $OLDSAM $NEWSAM | grep '^>' | awk '{print $2}' | tr "[:upper:]" 
"[:lower:]" > $USERLIST

# Create the user's directories:

if [ -s $USERLIST ]
then

  for i in `cat $USERLIST`; do
   mkdir $HOMEDIR$i $BUDIR$i
   chown $i:other $HOMEDIR$i $BUDIR$i
   chmod 700 $HOMEDIR$i $BUDIR$i
   echo Successfully created directories for $i
  done

  cp $NEWSAM $OLDSAM

else

  echo No new users in SAM

fi

rm $USERLIST



Am I missing something?

Cheers

Paul

-- 

Paul Coray
Administrator Server und Netzwerk

Oeffentliche Bibliothek der Universitaet Basel
EDV-Abteilung
Schoenbeinstrasse 18-20
CH-4056 Basel

Tel: +41 61 267 05 13
Fax: +41 61 267 31 03

mailto:paul.coray at unibas.ch
http://www.ub.unibas.ch

More information about the samba mailing list