[Samba] Winbind & adding users... is `useradd` being called? %u parameter?

Stroller linux.luser at myrealbox.com
Mon Dec 12 12:19:10 GMT 2005 

Hi there,

This is probably a dumb question, so my apologies, but I've set up 
WinBind on my my Samba box & it seems to be authenticating against the 
domain, however new user accounts do not seem to be added.

`wbinfo -u` returns a list of the users on the domain and I seem to 
have setup my IMAP server correctly to authenticate against that (using 
PAM), as I see the following in /var/log/messages when I try to log in 
to my IMAP server:

	Dec 12 11:33:37 baby imapd: Connection, ip=[127.0.0.1]
	Dec 12 11:33:37 baby pam_winbind[32640]: user 'ned' granted access
	Dec 12 11:33:37 baby pam_winbind[32640]: user 'ned' granted access
	Dec 12 11:33:37 baby imapd: networkned: chdir(/home/DOMAIN/ned) 
failed!!
	Dec 12 11:33:37 baby imapd: error: No such file or directory
	Dec 12 11:33:37 baby imapd: LOGIN FAILED, user=networkned, 
ip=[127.0.0.1]
	Dec 12 11:33:37 baby imapd: authentication error: No such file or 
directory

Initially in smb.conf I had simply uncommented the line which says:
   add user script = /usr/sbin/useradd -s /bin/false '%u'
but of course(as pointed out on the IRC channel)  `useradd requires the 
-m flag in order to create a home directory for the user, so I set it 
like this:
   add user script = /usr/sbin/useradd -m -s /bin/false '%u'
but that gives me the same error.

The log shows that the IMAP server is trying to chdir into the home 
directory "/home/DOMAIN/ned", so I'm unclear on how `useradd` is being 
called - is it being called as `/usr/sbin/useradd -m -s /bin/false 
'DOMAIN/ned'` or as something else?

Obviously I would try adding the user manually in order to troubleshoot 
this, but I'd like to establish what '%u' Samba is passing to `useradd` 
first. Consequently I edited the "add user script" as below, but 
nothing is written to /tmp/foo.
   add user script = /root/foo.sh '%u'

	# ls -l /root/foo.sh
	-rwxrwxrwx  1 root root 54 Dec 12 11:31 /root/foo.sh
	# ls -l /tmp/foo
	-rw-rw-rw-  1 root root 15 Dec 12 11:31 /tmp/foo
	# cat /tmp/foo
	gjitijt jgitjt
	# cat /root/foo.sh
	#!/bin/bash
	echo "$@" >> /tmp/foo
	exit 0
	# /root/foo.sh howdy doody
	# cat /tmp/foo
	gjitijt jgitjt
	howdy doody
	#

I've added a subdirectory of /home for the DOMAIN, but that makes no 
difference:

	# ls -ld /home/
	drwxr-xr-x  4 root root 120 Dec 12 11:17 /home/
	baby ~ # ls -l /home/
	total 0
	drwxr-xr-x  2 root     root   48 Dec 12 11:17 DOMAIN
	drwxr-xr-x  3 stroller users 192 Dec  7 12:32 stroller

I'm not an expert at PAM, so maybe that's what I'm doing wrong?

	# cat /etc/pam.d/imap
	auth       required     pam_nologin.so
	auth       required     pam_winbind.so
	account    sufficient   pam_winbind.so
	account    required     pam_stack.so service=system-auth
	session    required     pam_stack.so service=system-auth

I don't see what I'm doing wrong here, so I'd be extremely grateful for 
any suggestions,

Stroller.

More information about the samba mailing list