[Samba] USRMGR Not adding users properly

Michael Barnes mbarnes at hcjb.org
Fri Nov 25 19:40:58 GMT 2005 

I'm using tdbsam.  Below is the complete global, profiles, and netlogon 
parts of smb.conf.  I put in the quotes as suggested, now no one can log 
in.  Also are a couple pdbedit reports from the profiles.  When trying 
to add a new user with usrmgr, I still must add all the profile data 
manually.  If I use useradd -m, passwd, smbpasswd -a, all the user 
environment variables are automatically created.

User created manually with useradd -m, passwd, smbpasswd -a:
[root][WRN3:~]> pdbedit -Lv mbarnes
Unix username:        mbarnes
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-823801451-2368998670-4123379855-2000
Primary Group SID:    S-1-5-21-823801451-2368998670-4123379855-2001
Full Name:            Michael
Home Directory:       \\"wrn3"\"mbarnes"\profile
HomeDir Drive:        n:
Logon Script:         scripts\"mbarnes".bat
Profile Path:         \\"wrn3"\profiles\"mbarnes"
Domain:               WRNHQ
Account desc:         IT Guy
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 GMT
Kickoff time:         0
Password last set:    Mon, 24 Oct 2005 17:49:02 GMT
Password can change:  Mon, 24 Oct 2005 17:49:02 GMT
Password must change: Mon, 18 Jan 2038 21:14:07 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root][WRN3:~]>

This user was created with usrmgr, only entering the user name and password:
[root][WRN3:~]> pdbedit -Lv twink
Unix username:        twink
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-823801451-2368998670-4123379855-2084
Primary Group SID:    S-1-5-21-823801451-2368998670-4123379855-513
Full Name:            Twinkle Toes
Home Directory:
HomeDir Drive:
Logon Script:
Profile Path:
Domain:               WRNHQ
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 21:14:07 GMT
Kickoff time:         0
Password last set:    Fri, 25 Nov 2005 13:20:58 GMT
Password can change:  Fri, 25 Nov 2005 13:20:58 GMT
Password must change: Thu, 23 Feb 2006 13:20:58 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root][WRN3:~]>

My smb.conf, updated per below suggestions:

[global]
         workgroup = WRNHQ
         netbios name = WRN3
         netbios aliases = WRN3 wrn3
         server string = Samba v%v File Server on %h
         security = user
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         time server = yes
         map to guest = bad user
         os level = 255
         passdb backend = tdbsam
         local master = yes
         encrypt passwords = yes
         unix password sync = yes
         passwd program = /usr/bin/passwd "%u"
         passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
         log level = 0
         log file = /var/log/samba/%m.log
         max log size = 1000
         printing = cups
         printcap name = cups
         domain logons = yes
         logon home = \\"%L"\"%U"\profile
         logon drive = n:
         logon path = \\"%L"\profiles\"%U"
         logon script = scripts\"%U".bat
         add machine script = /usr/sbin/adduser -g machines -c Machine 
-d /dev/null -s /bin/false "%u"
         add user script = /usr/sbin/useradd -m "%u"
         delete user script = /usr/sbin/userdel -r "%u"
         add group script = /usr/sbin/groupadd "%g"
         delete group script = /usr/sbin/groupdel "%g"
         add user to group script = /usr/bin/gpasswd -a "%u" "%g"
         delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
         store dos attributes = yes
         utmp = yes
         domain master = yes
         cups options = raw
         smb ports = 139
         username map = /etc/samba/smbusers
         wins server = 10.143.0.11
[netlogon]
         path = /home/_shares/netlogon
         browseable = no
         read only = yes
         root preexec = /home/_shares/execscripts/netlogon.sh "%U" "%g" 
"%H" "%M" "%a" "%I" "%m" "%L"
         root postexec = /home/_shares/execscripts/netlogoff.sh "%U" 
"%g" "%H" "%M" "%a" "%I" "%m" "%T"

[profiles]
         comment = profiles share for Win2K and WinXP user profiles
         path = /home/profiles
         browseable = no
         read only = no
         profile acls = yes


John H Terpstra told me on 11/25/2005 12:37:
> On Friday 25 November 2005 11:03, Michael Barnes wrote:
> 
>>I'm having problems adding users with usrmgr.  I can run the scripts
>>from my smb.conf fine from command line and do what I need to.  But,
>>when adding users with usrmgr, the login script and path statements are
>>not identified and I have to go in and edit them manually.  Does adding
>>a user with usrmgr not use the add user script from Samba?  Or must the
>>user environment variables be added manually?
> 
> 
> What passdb backend are you running? The smbpasswd file is not capable of 
> storing this information, so you must use the tdbsam backend. Also see below 
> for additional changes that should be made.
> 
> You should add to [global]
> 	passdb backend = tdbsam
> 
> The existing smbpasswd file (if one exists) can be migrated to the tdbsam 
> backend by executing:
> 
> 	pdbedit -i smbpasswd -e tdbsam
> 
> 
>>If usrmgr does NOT use the add user script from smb.conf, what does?
>>
>>Thanks,
>>Michael
>>
>>
>>CentOS4, Samba 3.0.10-1.4E.2
>>
>>Pertinent parts of smb.conf:
>>[GLOBAL]
>>         domain logons = yes
>>         logon home = \\%L\%U\profile
>>         logon drive = n:
>>         logon path = \\%L\profiles\%U\%m
> 
> 
> Interesting - you want per user profiles keeping machines separate - that's 
> what the above does. In that case, why have a roaming profile at all?
> 
> 
>>         logon script = scripts\%U.bat
> 
> 
> 	logon script = scripts\"%U".bat
> 
> 
>>         add machine script = /usr/sbin/adduser -g machines -c Machine
>>-d /dev/null -s /bin/false -n %m$
> 
> 
> 	add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null 
> -s /bin/false "%u"
> 
> Do not use the '%m' macro for this. The '%u' macro will automatically use the 
> correct machine name, including the terminating '$'.
> 
> 
> 
>>         add user script = /usr/sbin/useradd -m %u
>>         delete user script = /usr/sbin/userdel -r %u
>>         add group script = /usr/sbin/groupadd %g
>>         delete group script = /usr/sbin/groupdel %g
>>         add user to group script = /usr/bin/gpasswd -a %u %g
>>         delete user from group script = /usr/bin/gpasswd -d %u %g
> 
> 
> In all the above it is best to put the macros in double or single quotes to 
> prevent the possibility of the username or groupname from being interpreted 
> by the shell it is run in.
> 
> 
>>         store dos attributes = yes
>>         utmp = yes
>>
>>
>>[netlogon]
>>         path = /home/_shares/netlogon
>>         browseable = no
>>         read only = yes
>>         root preexec = /home/_shares/execscripts/netlogon.sh %U %g %H
>>%M %a %I %m %L
>>         root postexec = /home/_shares/execscripts/netlogoff.sh %U %g %H
>>%M %a %I %m %T
> 
> 
> Again, you should quote the macros (i.e.: enclose them in single or double 
> quotes) to prevent the data from being interpreted by a shell. For example, 
> Instead of %U have "%U".
> 
> - John T.

More information about the samba mailing list