[Samba] On the fly Machine accounts
John H Terpstra
jht at samba.org
Fri Aug 26 16:25:27 GMT 2005
On Friday 26 August 2005 10:07, Paul Gienger wrote:
> > I have added both of these to my smb.conf
> >
> > add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
> > %u
> > add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
> > Neither of these seems to do anything.
>
> So here you're running useradd without giving the username to add as the
> required argument to useradd. Try putting a %u on the end of there and see
> if you get closer. You may also want to surround your variables with
> single quotes.
>
> > Anyone actually using samba in a production enviroment?
>
> Many people on this list.
What is your OS platform? Does it implement controls over permitted home
directories and shells that can be specified to the useradd command?
More than one Linux distro will NOT permit the creation of a user account
(that is what a Windows domain member trust account is on the UNIX host) with
a shell other than what is defined in /etc/shells, and some will not permit a
home directory that consists of /dev/null.
If your Linux distro has paranoid controls like that, a work around is
necessary. Here is a possible work-around:
add machine script = /usr/sbin/useradd -d /var/nodirs -g computers
-s /bin/false '%u'
Note that the %u is quoted with single quotes.
Add to the /etc/shells: /bin/false
Create the directory /var/nodirs with permissions set:
chown root:root /var/nodirs
chmod 550 /var/nodirs
In other words, all access to /var/nodirs prevents user ability to write to
the directory. It should also have no contents.
- John T.
More information about the samba
mailing list