[Samba] Re: On the fly Machine accounts
Bruno Guerreiro
bruno.guerreiro at ine.pt
Tue Aug 30 08:20:05 GMT 2005
Hi,
There was(is?) a problem with some versions of RH distros with the username
ending with "$"
I know that CentOS and Fedora aren't RH ;-)
But maybe they suffer from the same symptoms indicated here
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138782
I i'm now using FC3, with no problem whatsoever in user creation, altough it
didn't work initially, so it must have been fixed.
Aren't you missing any update necessary?
Does adduser test$ work for you?
Best regards,
Bruno Guerreiro
-----Original Message-----
From: DSanchez [mailto:myjunkacct at gmail.com]
Sent: segunda-feira, 29 de Agosto de 2005 22:51
To: samba at lists.samba.org
Subject: [Samba] Re: On the fly Machine accounts
First off, thanks you to all who replied.
I am using CentOS 4.1 on the server side
XP PRO sp2 on the workstation side.
I started out by adding the %u to the end of my Machine add script.
add machine script = /usr/sbin/useradd -g machines -s /bin/false -d
/dev/null %u
That still didnt work, so i then tried a work around,
I changed my Macine add script to this.
add machine script = /usr/sbin/useradd -d /var/nodirs - machines -s
/bin/false '%u'
I also added this line to the /etc/shells /bin/false
I then created the following dir: /var/nodirs
then i did chown root:root /var/nodirs
and i also did chmod 550 /var/nodirs
This also did not change anything.
I also tested useradd
useradd -d /dev/null -s /bin/false jim
and it did create a user jim.
I can Join the domain when i do this:
useradd <machinename> -d /dev/null -g machines -s /bin/false
Then you need to add '$' to the machine account:
Vi /etc/passwd
Change machine account from this:
<machinename>:x:501:510::/dev/null:/bin/false
To this:
<machinename> $:x:501:510::/dev/null:/bin/false
Then create the Samba machine account.
Smbpasswd –a –m <machinename> $
Thanks for the help.
[global]
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
idmap gid = 16777216-33554431
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
username map = /etc/samba/smbusers
domain master = yes
winbind use default domain = no
passwd program = /usr/bin/passwd %u
dns proxy = no
netbios name = Zeus
server string = Samba PDC
idmap uid = 16777216-33554431
password server = None
unix password sync = yes
local master = yes
workgroup = etnet
os level = 64
add user script = /usr/sbin/useradd -d /dev/null -g users -s
/bin/false -M %u
# add machine script = /usr/sbin/useradd -g machines -s
/bin/false -d /dev/null '%u'
add machine script = /usr/sbin/useradd -d /var/nodirs -
machines -s /bin/false '%u'
max log size = 5
domain logons = yes
load printers = yes
printcap = /etc/printcap
logon script = logon.bat
On 8/26/05, DSanchez <myjunkacct at gmail.com> wrote:
> I have been trying for 2 months to get my samba server to add machine
> accounts 'on the fly"
> I have added both of these to my smb.conf
>
> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u
> add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
>
> Neither of these seems to do anything.
>
> I have around 250 computers to add, so adding the machine accounts
> manuelly isn't going to happen.
>
> I've read the documentation that says i should be able to do this so i
> know it can be done.
> Anyone actually using samba in a production enviroment?
> Do you have samba creating the Machine accounts on the fly?
>
> Thanks
>
> Here is my smb.conf file
>
> # Global parameters
> [global]
> workgroup = ETNET
> server string = Samba PDC
> password server = None
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n
> *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> username map = /etc/samba/smbusers
> unix password sync = Yes
> log file = /var/log/samba/%m.log
> max log size = 5
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> printcap name = /etc/printcap
> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
> /bin/false -M %u
> add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s
/bin/false
> logon script = logon.bat
> domain logons = Yes
> os level = 64
> domain master = Yes
> dns proxy = No
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
>
> [homes]
> comment = Home Directories
> path = %H
> valid users = %S
> read only = No
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /opt/samba/netlogon
> write list = @ntadmins
>
> [research]
> comment = Research Dept Share
> path = /dept/research
> valid users = @research, @ntamins
> write list = @research, @ntadmins
> read only = No
> create mask = 0770
> directory mask = 0770
> browseable = No
> blocking locks = No
>
> [production]
> comment = Production Dept Share
> path = /dept/production
> valid users = @users
> force group = users
> read only = No
> create mask = 0770
> directory mask = 0770
> dos filetimes = Yes
>
> [producer]
> comment = Producers Dept Share
> path = /dept/producer
> valid users = @producer, @ntamins
> write list = @producer, @ntadmins
> read only = No
> create mask = 0770
> directory mask = 0770
> browseable = No
> blocking locks = No
>
> [online]
> comment = Online Dept Share
> path = /dept/online
> valid users = @online, @ntamins
> write list = @online, @ntadmins
> read only = No
> create mask = 0770
> directory mask = 0770
> browseable = No
> blocking locks = No
>
> [clearance]
> comment = Clearance Dept Share
> path = /dept/clearance
> read only = No
>
> [finance]
> comment = Finance Dept Share
> path = /dept/finance
> read only = No
>
> [engineer]
> comment = Engineer Dept Share
> path = /dept/engineer
> read only = No
>
> [music]
> comment = Music Dept Share
> path = /dept/music
> read only = No
>
> [post]
> comment = Post Dept Share
> path = /dept/post
> read only = No
>
> [vault]
> comment = Tape Vault Dept Share
> path = /dept/vault
> read only = No
>
> [IT]
> comment = IT Dept Share
> path = /dept/it
> read only = No
>
> [printers]
> path = /tmp
> printable = Yes
> cups options = raw
> browseable = No
>
More information about the samba
mailing list