[Samba] USRMGR Not adding users properly

John H Terpstra jht at samba.org
Fri Nov 25 18:37:28 GMT 2005

On Friday 25 November 2005 11:03, Michael Barnes wrote:
> I'm having problems adding users with usrmgr.  I can run the scripts
> from my smb.conf fine from command line and do what I need to.  But,
> when adding users with usrmgr, the login script and path statements are
> not identified and I have to go in and edit them manually.  Does adding
> a user with usrmgr not use the add user script from Samba?  Or must the
> user environment variables be added manually?

What passdb backend are you running? The smbpasswd file is not capable of 
storing this information, so you must use the tdbsam backend. Also see below 
for additional changes that should be made.

You should add to [global]
	passdb backend = tdbsam

The existing smbpasswd file (if one exists) can be migrated to the tdbsam 
backend by executing:

	pdbedit -i smbpasswd -e tdbsam

> If usrmgr does NOT use the add user script from smb.conf, what does?
> Thanks,
> Michael
> CentOS4, Samba 3.0.10-1.4E.2
> Pertinent parts of smb.conf:
>          domain logons = yes
>          logon home = \\%L\%U\profile
>          logon drive = n:
>          logon path = \\%L\profiles\%U\%m

Interesting - you want per user profiles keeping machines separate - that's 
what the above does. In that case, why have a roaming profile at all?

>          logon script = scripts\%U.bat

	logon script = scripts\"%U".bat

>          add machine script = /usr/sbin/adduser -g machines -c Machine
> -d /dev/null -s /bin/false -n %m$

	add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null 
-s /bin/false "%u"

Do not use the '%m' macro for this. The '%u' macro will automatically use the 
correct machine name, including the terminating '$'.

>          add user script = /usr/sbin/useradd -m %u
>          delete user script = /usr/sbin/userdel -r %u
>          add group script = /usr/sbin/groupadd %g
>          delete group script = /usr/sbin/groupdel %g
>          add user to group script = /usr/bin/gpasswd -a %u %g
>          delete user from group script = /usr/bin/gpasswd -d %u %g

In all the above it is best to put the macros in double or single quotes to 
prevent the possibility of the username or groupname from being interpreted 
by the shell it is run in.

>          store dos attributes = yes
>          utmp = yes
> [netlogon]
>          path = /home/_shares/netlogon
>          browseable = no
>          read only = yes
>          root preexec = /home/_shares/execscripts/netlogon.sh %U %g %H
> %M %a %I %m %L
>          root postexec = /home/_shares/execscripts/netlogoff.sh %U %g %H
> %M %a %I %m %T

Again, you should quote the macros (i.e.: enclose them in single or double 
quotes) to prevent the data from being interpreted by a shell. For example, 
Instead of %U have "%U".

- John T.

More information about the samba mailing list