[Samba] question "add user script"
Gary Dale
garydale at rogers.com
Sat May 9 11:10:26 GMT 2009
murrah boswell wrote:
> Hello all,
>
> I have never had the need to use the "add user script" functionality
> but now I do. However, it does not seem to be working. My smb.conf
> entry is like so:
>
> add user script = /remote/configure_scripts/addusers.sh
>
> where addusers.sh is a bash script that reads in a text file of
> usernames, groups, and passwords and adds the users to /etc/passwd,
> /etc/group/ and /etc/samba/smbpasswd. The addusers.sh works fine from
> the command line but samba doesn't appear to call it.
>
> I see that checks for "add user script" and "add machine script" are
> in the source code, so did I miss an option when I compiled samba or
> what else is it that I am missing to get the script to trigger?
>
>
> Also while I am on the subject of the "add user script," would it be
> possible to pass the username and password from samba to a shell
> script? In other words, could I have something like
>
> add user script = /remote/configure_scripts/addusers.sh %u %p
>
> where %p is whatever samba holds the password variable in?
>
> But first things first, how can I get the "add user script"
> functionality to work?
>
> Thanks,
> Murrah Boswell
The add user script I use is "/usr/sbin/useradd -g users %u". The
script should only add one user at a time as far as I know. Here is what
the SWAT documentation has to say about it:
>>>>>>>>>>>>>>
add user script (G)
This is the full pathname to a script that will be run /AS ROOT/
by smbd(8) <http://whenim64:901/swat/help/manpages/smbd.8.html> under
special circumstances described below.
Normally, a Samba server requires that UNIX users are created for
all users accessing files on this server. For sites that use Windows
NT account databases as their primary user database creating these
users and keeping the user list in sync with the Windows NT PDC is
an onerous task. This option allows smbd to create the required UNIX
users /ON DEMAND/ when a user accesses the Samba server.
In order to use this option, smbd(8)
<http://whenim64:901/swat/help/manpages/smbd.8.html> must /NOT/ be
set to security = share
<http://whenim64:901/swat/help/manpages/smb.conf.5.html#SECURITY>
and add user script
<http://whenim64:901/swat/help/manpages/smb.conf.5.html#ADDUSERSCRIPT>
must be set to a full pathname for a script that will create a UNIX
user given one argument of /|%u|/, which expands into the UNIX user
name to create.
When the Windows user attempts to access the Samba server, at login
(session setup in the SMB protocol) time, smbd(8)
<http://whenim64:901/swat/help/manpages/smbd.8.html> contacts the
password server
<http://whenim64:901/swat/help/manpages/smb.conf.5.html#PASSWORDSERVER>
and attempts to authenticate the given user with the given password.
If the authentication succeeds then |smbd| attempts to find a UNIX
user in the UNIX password database to map the Windows user into. If
this lookup fails, and add user script
<http://whenim64:901/swat/help/manpages/smb.conf.5.html#ADDUSERSCRIPT>
is set then |smbd| will call the specified script /AS ROOT/,
expanding any /|%u|/ argument to be the user name to create.
If this script successfully creates the user then |smbd| will
continue on as though the UNIX user already existed. In this way,
UNIX users are dynamically created to match existing Windows NT
accounts.
See also security
<http://whenim64:901/swat/help/manpages/smb.conf.5.html#SECURITY>,
password server
<http://whenim64:901/swat/help/manpages/smb.conf.5.html#PASSWORDSERVER>,
delete user script
<http://whenim64:901/swat/help/manpages/smb.conf.5.html#DELETEUSERSCRIPT>.
Default: //|add user script|/ = || /
Example: //|add user script|/ = |/usr/local/samba/bin/add_user %u|/
<<<<<<<<<<<<<<<<<
Note that the script is not intended to add multiple users nor set their
passwords. It is supposed to add a single Unix user only.
More information about the samba
mailing list