[Samba] Not sure I understand when add user script is called

Jack Downes jax at nwmt.us
Fri Feb 18 00:29:09 MST 2011

I've built a domain member.  It works pretty good with the exception 
that I want on-the-fly home directories being built.  I'm not sure this 
is doable with a domain member as everything I've tried isn't even 
called - as far as I can tell.  Using log level 3.

If anyone can shed light on how to dynamically create home directories, 
that'd be great.

anyway, here's my latest incarnation of smb.conf.

     display charset = UTF-8
     workgroup = KRH
     realm = KRH.INT
     netbios aliases = hitstor
     server string = HIT anything server
     interfaces =
     bind interfaces only = Yes
     security = ADS
     auth methods = sam, winbind, trustdomain
     password server = kal-dc3.krh.int, kal-dc4.krh.int, kal-dc2.krh.int, *
     ntlm auth = No
     client NTLMv2 auth = Yes
     log level = 1
     syslog = 0
     log file = /var/log/samba/log.%U
     debug prefix timestamp = Yes
     smb ports = 139
     name resolve order = wins host bcast lmhost
     unix extensions = No
     server signing = auto
     lpq cache time = 10
     max open files = 20000
     socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
     name cache timeout = 60
     load printers = No
     printcap cache time = 60
     show add printer wizard = No
     add user script = /usr/sbin/pw useradd %u -g krh -k 
/usr/local/etc/skel -d /home/KRH
     local master = No
     domain master = No
     dns proxy = No
     wins server =
     utmp = Yes
     nmbd bind explicit broadcast = No
     host msdfs = No
     idmap uid = 10000-20000
     idmap gid = 10000-20000
     template shell = /usr/local/bin/bash
     winbind enum users = Yes
     winbind enum groups = Yes
     winbind use default domain = Yes
     winbind refresh tickets = Yes
     acl group control = Yes
     cups options = raw
     force printername = Yes
     wide links = Yes

     comment = Home Directories
     read only = No
     browseable = No

Here's the /etc/pam.d/system file:
# $FreeBSD: src/etc/pam.d/system,v 2010/06/14 02:09:06 
kensmith Exp $
# System-wide defaults

# auth
auth        sufficient    pam_opie.so        no_warn no_fake_prompts
auth        requisite    pam_opieaccess.so    no_warn allow_local
auth            sufficient      /usr/local/lib/pam_winbind.so mkhomedir=yes
#auth        sufficient    pam_krb5.so        no_warn try_first_pass
#auth        sufficient    pam_ssh.so        no_warn try_first_pass
auth        required    pam_unix.so        no_warn try_first_pass nullok

# account
#account     required    pam_krb5.so
account        required    pam_login_access.so
account        required    pam_unix.so

# session
#session     optional    pam_ssh.so
session        required    pam_lastlog.so        no_fail
session         required       /usr/local/lib/pam_mkhomedir.so 

# password
#password    sufficient    pam_krb5.so        no_warn try_first_pass
password    required    pam_unix.so        no_warn try_first_pass

More information about the samba mailing list