[Samba] question "add user script"

Gary Dale garydale at rogers.com
Sat May 9 11:10:26 GMT 2009

murrah boswell wrote:
> Hello all,
> I have never had the need to use the "add user script" functionality 
> but now I do. However, it does not seem to be working. My smb.conf 
> entry is like so:
> add user script = /remote/configure_scripts/addusers.sh
> where addusers.sh is a bash script that reads in a text file of 
> usernames, groups, and passwords and adds the users to /etc/passwd, 
> /etc/group/ and /etc/samba/smbpasswd. The addusers.sh works fine from 
> the command line but samba doesn't appear to call it.
> I see that checks for "add user script" and "add machine script" are 
> in the source code, so did I miss an option when I compiled samba or 
> what else is it that I am missing to get the script to trigger?
> Also while I am on the subject of the "add user script," would it be 
> possible to pass the username and password from samba to a shell 
> script? In other words, could I have something like
> add user script = /remote/configure_scripts/addusers.sh %u %p
> where %p is whatever samba holds the password variable in?
> But first things first, how can I get the "add user script" 
> functionality to work?
> Thanks,
> Murrah Boswell

The add user script I use is "/usr/sbin/useradd  -g users %u". The 
script should only add one user at a time as far as I know. Here is what 
the SWAT documentation has to say about it:

add user script (G)
        This is the full pathname to a script that will be run /AS ROOT/ 
by smbd(8) <http://whenim64:901/swat/help/manpages/smbd.8.html> under 
special circumstances described below.

    Normally, a Samba server requires that UNIX users are created for
    all users accessing files on this server. For sites that use Windows
    NT account databases as their primary user database creating these
    users and keeping the user list in sync with the Windows NT PDC is
    an onerous task. This option allows smbd to create the required UNIX
    users /ON DEMAND/ when a user accesses the Samba server.

    In order to use this option, smbd(8)
    <http://whenim64:901/swat/help/manpages/smbd.8.html> must /NOT/ be
    set to security = share
    and add user script
    must be set to a full pathname for a script that will create a UNIX
    user given one argument of /|%u|/, which expands into the UNIX user
    name to create.

    When the Windows user attempts to access the Samba server, at login
    (session setup in the SMB protocol) time, smbd(8)
    <http://whenim64:901/swat/help/manpages/smbd.8.html> contacts the
    password server
    and attempts to authenticate the given user with the given password.
    If the authentication succeeds then |smbd| attempts to find a UNIX
    user in the UNIX password database to map the Windows user into. If
    this lookup fails, and add user script
    is set then |smbd| will call the specified script /AS ROOT/,
    expanding any /|%u|/ argument to be the user name to create.

    If this script successfully creates the user then |smbd| will
    continue on as though the UNIX user already existed. In this way,
    UNIX users are dynamically created to match existing Windows NT

    See also security
    password server
    delete user script

    Default: //|add user script|/ = || /

    Example: //|add user script|/ = |/usr/local/samba/bin/add_user %u|/


Note that the script is not intended to add multiple users nor set their 
passwords. It is supposed to add a single Unix user only.

More information about the samba mailing list