[Samba] add machine script -problem

Jim Shanks jim at shanks.cc
Tue Dec 12 16:45:06 GMT 2006


This has been working for me since 3.0.10:
add machine script = /usr/sbin/useradd -d /dev/null -g domaincomputers -s
/bin/false -M %u;passwd -l %u

Jim

> when i was trying to add (join) windows xp
> client(gari$) to samba pdc by using samba adminuser
> and passwd ,i got the error invalid username.In
> serverside log file(/var/log/samba/gari.loh) it shows
> gari$ invalid username.i am using samba 3.0.10 and
> RHEL4 as samba server.my configuration file is here
> below.
>
>
>
>
> # This is the main Samba configuration file. You
> should read the
> # smb.conf(5) manual page in order to understand the
> options listed
> # here. Samba has a huge number of configurable
> options (perhaps too
> # many!) most of which are not shown in this example
> #
> # Any line which starts with a ; (semi-colon) or a #
> (hash)
> # is a comment and is ignored. In this example we will
> use a #
> # for commentry and a ; for parts of the config file
> that you
> # may wish to enable
> #
> # NOTE: Whenever you modify this file you should run
> the command "testparm"
> # to check that you have not made any basic syntactic
> errors.
> #
> #======================= Global Settings
> =====================================
> [global]
>
> # workgroup = NT-Domain-Name or Workgroup-Name
>    workgroup = example.com
>
> # server string is the equivalent of the NT
> Description field
>    server string = Samba Server
>
> # This option is important for security. It allows you
> to restrict
> # connections to machines which are on your local
> network. The
> # following example restricts access to two C class
> networks and
> # the "loopback" interface. For more examples of the
> syntax see
> # the smb.conf man page
> ;   hosts allow = 192.168.1. 192.168.2. 127.
>
> # if you want to automatically load your printer list
> rather
> # than setting them up individually then you'll need
> this
>    printcap name = /etc/printcap
>    load printers = yes
>
> # It should not be necessary to spell out the print
> system type unless
> # yours is non-standard. Currently supported print
> systems include:
> # bsd, sysv, plp, lprng, aix, hpux, qnx
>    printing = cups
>
> # This option tells cups that the data has already
> been rasterized
> cups options = raw
>
> # Uncomment this if you want a guest account, you must
> add this to /etc/passwd
> # otherwise the user "nobody" is used
> ;  guest account = pcguest
>
> # this tells Samba to use a separate log file for each
> machine
> # that connects
>  log file = /var/log/samba/%m.log
> # all log information in one file
> #   log file = /var/log/samba/smbd.log
>
> # Put a capping on the size of the log files (in Kb).
>    max log size = 50
>
> # Security mode. Most people will want user level
> security. See
> # security_level.txt for details.
>    security = user
> # Use password server option only with security =
> server
> ;   password server = <NT-Server-Name>
>
> # Password Level allows matching of _n_ characters of
> the password for
> # all combinations of upper and lower case.
> ;  password level = 8
> ;  username level = 8
>
> # You may wish to use password encryption. Please read
> # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba
> documentation.
> # Do not enable this option unless you have read those
> documents
>   encrypt passwords = yes
>   smb passwd file = /etc/samba/smbpasswd
>
> # The following are needed to allow password changing
> from Windows to
> # update the Linux system password also.
> # NOTE: Use these with 'encrypt passwords' and 'smb
> passwd file' above.
> # NOTE2: You do NOT need these to allow workstations
> to change only
> #        the encrypted SMB passwords. They allow the
> Unix password
> #        to be kept in sync with the SMB password.
> ;  unix password sync = Yes
> ;  passwd program = /usr/bin/passwd %u
> ;  passwd chat = *New*UNIX*password* %n\n
> *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>
> # Unix users can map to different SMB User names
> ;  username map = /etc/samba/smbusers
>
> # Using the following line enables you to customise
> your configuration
> # on a per machine basis. The %m gets replaced with
> the netbios name
> # of the machine that is connecting
> ;   include = /etc/samba/smb.conf.%m
>
> # Most people will find that this option gives better
> performance.
> # See speed.txt and the manual pages for details
>    socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
>
> # Configure Samba to use multiple interfaces
> # If you have multiple network interfaces then you
> must list them
> # here. See the man page for details.
> ;   interfaces = 192.168.12.2/24 192.168.13.2/24
>
> # Configure remote browse list synchronisation here
> #  request announcement to, or browse list sync from:
> #	a specific host or from / to a whole subnet (see
> below)
> ;   remote browse sync = 192.168.3.25 192.168.5.255
> # Cause this host to announce itself to local subnets
> here
> ;   remote announce = 192.168.1.255 192.168.2.44
>
> # Browser Control Options:
> # set local master to no if you don't want Samba to
> become a master
> # browser on your network. Otherwise the normal
> election rules apply
>    local master = yes
>
> # OS Level determines the precedence of this server in
> master browser
> # elections. The default value should be reasonable
>    os level = 65
>
> # Domain Master specifies Samba to be the Domain
> Master Browser. This
> # allows Samba to collate browse lists between
> subnets. Don't use this
> # if you already have a Windows NT domain controller
> doing this job
>    domain master = yes
>
> # Preferred Master causes Samba to force a local
> browser election on startup
> # and gives it a slightly higher chance of winning the
> election
>    preferred master = yes
>
> # Enable this if you want Samba to be a domain logon
> server for
> # Windows95 workstations.
>    domain logons = yes
>
> # if you enable domain logons then you may want a
> per-machine or
> # per user logon script
> # run a specific logon batch file per workstation
> (machine)
> ;   logon script = %m.bat
> # run a specific logon batch file per username
> ;   logon script = %U.bat
>
> # Where to store roving profiles (only for Win95 and
> WinNT)
> #        %L substitutes for this servers netbios name,
> %U is username
> #        You must uncomment the [Profiles] share below
> ;   logon path = \\%L\Profiles\%U
>
> # All NetBIOS names must be resolved to IP Addresses
> # 'Name Resolve Order' allows the named resolution
> mechanism to be specified
> # the default order is "host lmhosts wins bcast".
> "host" means use the unix
> # system gethostbyname() function call that will use
> either /etc/hosts OR
> # DNS or NIS depending on the settings of
> /etc/host.config, /etc/nsswitch.conf
> # and the /etc/resolv.conf file. "host" therefore is
> system configuration
> # dependant. This parameter is most often of use to
> prevent DNS lookups
> # in order to resolve NetBIOS names to IP Addresses.
> Use with care!
> # The example below excludes use of name resolution
> for machines that are NOT
> # on the local network segment
> # - OR - are not deliberately to be known via lmhosts
> or via WINS.
>  name resolve order = wins lmhosts bcast
>
> # Windows Internet Name Serving Support Section:
> # WINS Support - Tells the NMBD component of Samba to
> enable it's WINS Server
>    wins support = yes
>
> # WINS Server - Tells the NMBD components of Samba to
> be a WINS Client
> #	Note: Samba can be either a WINS Server, or a WINS
> Client, but NOT both
> ;   wins server = w.x.y.z
>
> # WINS Proxy - Tells Samba to answer name resolution
> queries on
> # behalf of a non WINS capable client, for this to
> work there must be
> # at least one	WINS Server on the network. The default
> is NO.
> ;   wins proxy = yes
>
> # DNS Proxy - tells Samba whether or not to try to
> resolve NetBIOS names
> # via DNS nslookups. The built-in default for versions
> 1.9.17 is yes,
> # this has been changed in version 1.9.18 to no.
>    dns proxy = no
>
> # Case Preservation can be handy - system default is
> _no_
> # NOTE: These can be set on a per share basis
> ;  preserve case = no
> ;  short preserve case = no
> # Default case is normally upper case for all DOS
> files
>   default case = lower
> # Be very careful with case sensitivity - it can break
> things!
> auth methods = guest sam winbind
>   case sensitive = no
> add machine script = /usr/sbin/adduser -n  -g machines
>  -s /bin/false -d /dev/null %m$
>
> #============================ Share Definitions
> ==============================
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>
> # Un-comment the following and create the netlogon
> directory for Domain Logons
> ; [netlogon]
> ;   comment = Network Logon Service
> ;   path = /home/netlogon
> ;   guest ok = yes
> ;   writable = no
> ;   share modes = no
>
>
> # Un-comment the following to provide a specific
> roving profile share
> # the default is to use the user's home directory
> ;[Profiles]
> ;    path = /home/profiles
> ;    browseable = no
> ;    guest ok = yes
>
>
> # NOTE: If you have a BSD-style print system there is
> no need to
> # specifically define each individual printer
> [printers]
>    comment = All Printers
>    path = /var/spool/samba
>    browseable = no
> # Set public = yes to allow user 'guest account' to
> print
>    guest ok = no
>    writable = no
>    printable = yes
>
> # This one is useful for people to share files
> ;[tmp]
> ;   comment = Temporary file space
> ;   path = /tmp
> ;   read only = no
> ;   public = yes
>
> # A publicly accessible directory, but read only,
> except for people in
> # the "staff" group
> ;[public]
> ;   comment = Public Stuff
> ;   path = /home/samba
> ;   public = yes
> ;   read only = yes
> ;   write list = @staff
>
> # Other examples.
> #
> # A private printer, usable only by fred. Spool data
> will be placed in fred's
> # home directory. Note that fred must have write
> access to the spool directory,
> # wherever it is.
> ;[fredsprn]
> ;   comment = Fred's Printer
> ;   valid users = fred
> ;   path = /homes/fred
> ;   printer = freds_printer
> ;   public = no
> ;   writable = no
> ;   printable = yes
>
> # A private directory, usable only by fred. Note that
> fred requires write
> # access to the directory.
> ;[fredsdir]
> ;   comment = Fred's Service
> ;   path = /usr/somewhere/private
> ;   valid users = fred
> ;   public = no
> ;   writable = yes
> ;   printable = no
>
> # a service which has a different directory for each
> machine that connects
> # this allows you to tailor configurations to incoming
> machines. You could
> # also use the %u option to tailor it by user name.
> # The %m gets replaced with the machine name that is
> connecting.
> ;[pchome]
> ;  comment = PC Directories
> ;  path = /usr/pc/%m
> ;  public = no
> ;  writable = yes
>
> # A publicly accessible directory, read/write to all
> users. Note that all files
> # created in the directory by users will be owned by
> the default user, so
> # any user with access can delete any other user's
> files. Obviously this
> # directory must be writable by the default user.
> Another user could of course
> # be specified, in which case all files would be owned
> by that user instead.
> ;[public]
> ;   path = /usr/somewhere/else/public
> ;   public = yes
> ;   only guest = yes
> ;   writable = yes
> ;   printable = no
>
> # The following two entries demonstrate how to share a
> directory so that two
> # users can place files there that will be owned by
> the specific users. In this
> # setup, the directory should be writable by both
> users and should have the
> # sticky bit set on it to prevent abuse. Obviously
> this could be extended to
> # as many users as required.
> ;[myshare]
> ;   comment = Mary's and Fred's stuff
> ;   path = /usr/somewhere/shared
> ;   valid users = mary fred
> ;   public = no
> ;   writable = yes
> ;   printable = no
> ;   create mask = 0765
>
>
>
>
>
>
> ____________________________________________________________________________________
> Any questions? Get answers on any topic at www.Answers.yahoo.com.  Try it
> now.
>
>



More information about the samba mailing list