[Samba] Debian add user etc scripts & usrmgr.exe

Chris Aitken chris at ion-dreams.com
Fri Jan 23 11:37:22 GMT 2004

Hi All,

I have just joined this list, and this is my first post - so please bear
with me.

I am running debian testing (sarge) with a 2.4.23-1-686 kernel, and a self
compiled samba-3.0.0final (--with-quotas), deployed from self built *.debs.

It is running as a PDC (smb.conf at bottom of post), and I have successfully
mapped "Domain Users" to unixgroup users, "Domain Admins" to unixgroup root.

I had issues with users unable to change their passwords (you do not have
permission to change your password), but I have since changed to PAM
password change = yes, and that works OK (although this was before I mapped
the NT groups to unixgroups - i assume it was this causing issues). I am
using WinXP Pro Corporate (SP1).

My main problem is currently with Usrmgr.exe My add user scripts chunk is
below (add machine script works like a charm!):

	add user script = /usr/sbin/useradd -m "%u"
	add group script = /usr/sbin/groupadd "%g"
	add user to group script = /usr/sbin/usermod -G "%g" "%u"
	delete user from group script = /usr/sbin/gpasswd -d "%u" "%g"
	set primary group script = /usr/sbin/usermod -g "%g" "%u"
	delete user script = /usr/sbin/userdel -r %u
	delete group script = /usr/sbin/groupdel "%g"

1. I can add users without a hitch, although I find I do have to type in the
profile UNC & the home drive UNC manually. However, if I create a local user
(adduser -d bloggs), and then add them using (pdbeit -a bloggs), then the
profile & home drive paths are automatically picked up.

2. When I delete a user, I get an error message (in machine log file
"userdel: user bloggs does not exist", and similar message on usrmgr),
although on refreshing the screen, the user has gone, and the user + home
dir are removed from the debian box.

3. I have this error message:
[2004/01/22 20:12:56, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
  get_domain_user_groups: primary gid of user [DI] is not a Domain group !

Does a user have to have a primary GID in a domain group - this is for users
created manually in 1.

Does anyone have any idea what the issue here is? One solution for me would
be for a current debian user to share his/her add user/add group/add user to
group/delete user from group/set primary group/delete user/delete group
scripts, with me - assuming their scripts differ, and their results are

I could write a simple bash script to do the  manual actions described in 1,
and it would hopefully work.

In addition, as I cannot find this anywhere (howto, list search or google):
What do the various fields in the usrmgr relate to in the scripts? For
example, add local group, add global group (both usrmgr), or set primary
group (smb.conf).

I hope this isn't too long, and I haven't made an idiot of myself! This has
been driving me mad!



	# Basic Server bits
	workgroup =  615V
	server string = Samba %v on %h
	netbios name = 615VGS-DC1
	interfaces =
	bind interfaces only = yes
	wins support = yes
	printer admin = chrisa
	load printers = yes
	printing = cups
	printcap name = cups

	# Browser Settings
	os level = 128
	local master = yes
	prefered master = yes
	domain master = yes

	# Security & User Settings
	security = user
	encrypt passwords = yes
	username map = /etc/samba/username.map
	obey pam restrictions = yes
	unix password sync = yes
	#passwd program = /usr/bin/passwd %u
   	passwd chat = "*Enter\snew\sUNIX\spassword:*" %n\n
"*Retype\snew\sUNIX\spassword:*" %n\n "passwd: password updated
	pam password change = yes
	passwd chat debug = yes
	obey pam restrictions = yes
	guest ok = no
	smb passwd file = /etc/samba/smbpasswd
	passdb backend = tdbsam

	# Loggin etc
	log level = 0
	log file = /var/log/samba/%L.log
	max log size = 1000
	debug timestamp = yes
	syslog = 1

	# PDC settings
	domain logons = yes
	logon drive = U:
	logon home = \\%L\%U
	logon path = \\%L\profiles\%U
	logon script = logon.bat
	add user script = /usr/sbin/useradd -m "%u"
	add group script = /usr/sbin/groupadd "%g"
	add user to group script = /usr/sbin/usermod -G "%g" "%u"
	delete user from group script = /usr/sbin/gpasswd -d "%u" "%g"
	set primary group script = /usr/sbin/usermod -g "%g" "%u"
	delete user script = /usr/sbin/userdel -r %u
	delete group script = /usr/sbin/groupdel "%g"
	add machine script = /usr/sbin/useradd -d /dev/null -g Machines -s
/bin/false -M %u && /bin/passwd -l %u

	# File Settings
	short preserve case = yes
	case sensitive = no
	preserve case = yes
	hide dot files = yes

	comment = Home directory
	path = /home/%u
	only users = %S
	users =  %S
	browseable = no
	read only = no
	create mask = 0600
	directory mask = 0700

	comment = admin directory
	path = /home/samba/admin
	browseable = no
	valid users = @root
	read only = no

	comment = my first printer
	browseable = yes
	printable = yes
	create mode = 0700
	public = yes
	use client driver = yes
	path = /var/spool/cups

	comment = User profiles for PDC
	path = /home/samba/profiles
	read only = no
	create mask = 0600
	directory mask = 0700
	browseable = no

	comment = Network Logon Share
	path = /home/samba/netlogon
	browseable = no
	read only = yes
	admin users = chrisa @admin
	write list = chrisa root @admin
	public = no

	# PDF printer
	comment = PDF maker
	browseable = yes
	printable = yes
	path = /tmp
	print command = /usr/bin/print2pdf %s %m %U
	write list = chrisa
	admin users = chrisa

	# Printer driver share
	path = /home/samba/printers
	read only = yes
	write list = chrisa @admin
	admin users = chrisa

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list