[Samba] Re: On the fly Machine accounts

Bruno Guerreiro bruno.guerreiro at ine.pt
Tue Aug 30 08:20:05 GMT 2005 

Hi, 
There was(is?) a problem with some versions of RH distros with the username
ending with "$"
I know that CentOS and Fedora aren't RH ;-)
But maybe they suffer from the same symptoms indicated here
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138782

I i'm now using FC3, with no problem whatsoever in user creation, altough it
didn't work initially, so it must have been fixed.
Aren't you missing any update necessary?

Does adduser test$ work for you?

Best regards,
Bruno Guerreiro

-----Original Message-----
From: DSanchez [mailto:myjunkacct at gmail.com]
Sent: segunda-feira, 29 de Agosto de 2005 22:51
To: samba at lists.samba.org
Subject: [Samba] Re: On the fly Machine accounts


First off, thanks you to all who replied.

I am using CentOS 4.1 on the server side
XP PRO sp2 on the workstation side.

I started out by adding the %u to the end of my Machine add script.

add machine script = /usr/sbin/useradd -g machines -s /bin/false -d
/dev/null %u

That still didnt work, so i then tried a work around,
I changed my Macine add script to this.

 add machine script = /usr/sbin/useradd -d /var/nodirs - machines -s
/bin/false '%u'

I also added this line to the /etc/shells  /bin/false

I then created the following dir: /var/nodirs
then i did chown root:root /var/nodirs
and i also did chmod 550 /var/nodirs

This also did not change anything.

I also tested useradd 
useradd -d /dev/null -s /bin/false jim
and it did create a user jim.

I can Join the domain when i do this:

useradd <machinename> -d /dev/null -g machines -s /bin/false

Then you need to add '$' to the machine account:

Vi /etc/passwd

Change machine account from this:

<machinename>:x:501:510::/dev/null:/bin/false

To this:

<machinename> $:x:501:510::/dev/null:/bin/false

Then create the Samba machine account.

Smbpasswd –a –m <machinename> $


Thanks for the help.

[global]
        log file = /var/log/samba/%m.log
        smb passwd file = /etc/samba/smbpasswd
        idmap gid = 16777216-33554431
        passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        username map = /etc/samba/smbusers
        domain master = yes
        winbind use default domain = no
        passwd program = /usr/bin/passwd %u
        dns proxy = no
        netbios name = Zeus
        server string = Samba PDC
        idmap uid = 16777216-33554431
        password server = None
        unix password sync = yes
        local master = yes
        workgroup = etnet
        os level = 64
        add user script = /usr/sbin/useradd -d /dev/null -g users -s
/bin/false -M %u
        #  add machine script = /usr/sbin/useradd -g machines -s
/bin/false -d /dev/null '%u'
        add machine script = /usr/sbin/useradd -d /var/nodirs -
machines -s /bin/false '%u'
        max log size = 5
        domain logons = yes
        load printers = yes
        printcap = /etc/printcap
        logon script = logon.bat


On 8/26/05, DSanchez <myjunkacct at gmail.com> wrote:
> I have been trying for 2 months to get my samba server to add machine
> accounts 'on the fly"
> I have added both of these to my smb.conf
> 
>  add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u
>  add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
> 
> Neither of these seems to do anything.
> 
> I have around 250 computers to add, so adding the machine accounts
> manuelly isn't going to happen.
> 
> I've read the documentation that says i should be able to do this so i
> know it can be done.
> Anyone actually using samba in a production enviroment?
> Do you have samba creating the Machine accounts on the fly?
> 
> Thanks
> 
> Here is my smb.conf file
> 
> # Global parameters
> [global]
>         workgroup = ETNET
>         server string = Samba PDC
>         password server = None
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *New*UNIX*password* %n\n
> *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>         username map = /etc/samba/smbusers
>         unix password sync = Yes
>         log file = /var/log/samba/%m.log
>         max log size = 5
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         printcap name = /etc/printcap
>         add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
> /bin/false -M %u
>         add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s
/bin/false
>         logon script = logon.bat
>         domain logons = Yes
>         os level = 64
>         domain master = Yes
>         dns proxy = No
>         idmap uid = 16777216-33554431
>         idmap gid = 16777216-33554431
> 
> [homes]
>         comment = Home Directories
>         path = %H
>         valid users = %S
>         read only = No
>         browseable = No
> 
> [netlogon]
>         comment = Network Logon Service
>         path = /opt/samba/netlogon
>         write list = @ntadmins
> 
> [research]
>         comment = Research Dept Share
>         path = /dept/research
>         valid users = @research, @ntamins
>         write list = @research, @ntadmins
>         read only = No
>         create mask = 0770
>         directory mask = 0770
>         browseable = No
>         blocking locks = No
> 
> [production]
>         comment = Production Dept Share
>         path = /dept/production
>         valid users = @users
>         force group = users
>         read only = No
>         create mask = 0770
>         directory mask = 0770
>         dos filetimes = Yes
> 
> [producer]
>         comment = Producers Dept Share
>         path = /dept/producer
>         valid users = @producer, @ntamins
>         write list = @producer, @ntadmins
>         read only = No
>         create mask = 0770
>         directory mask = 0770
>         browseable = No
>         blocking locks = No
> 
> [online]
>         comment = Online Dept Share
>         path = /dept/online
>         valid users = @online, @ntamins
>         write list = @online, @ntadmins
>         read only = No
>         create mask = 0770
>         directory mask = 0770
>         browseable = No
>         blocking locks = No
> 
> [clearance]
>         comment = Clearance Dept Share
>         path = /dept/clearance
>         read only = No
> 
> [finance]
>         comment = Finance Dept Share
>         path = /dept/finance
>         read only = No
> 
> [engineer]
>         comment = Engineer Dept Share
>         path = /dept/engineer
>         read only = No
> 
> [music]
>         comment = Music Dept Share
>         path = /dept/music
>         read only = No
> 
> [post]
>         comment = Post Dept Share
>         path = /dept/post
>         read only = No
> 
> [vault]
>         comment = Tape Vault Dept Share
>         path = /dept/vault
>         read only = No
> 
> [IT]
>         comment = IT Dept Share
>         path = /dept/it
>         read only = No
> 
> [printers]
>         path = /tmp
>         printable = Yes
>         cups options = raw
>         browseable = No
>

More information about the samba mailing list