[Samba] Not sure I understand when add user script is called
Andrew Masterson
Andrew.Masterson at nuvistaenergy.com
Fri Feb 18 09:38:07 MST 2011
Here's how we do it. There are a thousand variations on a theme (samba
3.5.6)
[homes]
path = /data/homes/%D/%S
valid users = "@XXXXXX+domain admins", %S
read only = No
root preexec = /data/Backup/createhomes.sh %D %S
Shell script looks like (creates /data/homes/<DOMAIN NAME>/<USERNAME>)
#!/bin/bash
if [ ! -d /data/homes/$1/$2 ]; then
mkdir /data/homes/$1/$2
chmod g+s /data/homes/$1/$2
chown $2:"domain admins" /data/homes/$1/$2
chmod 770 /data/homes/$1/$2
/usr/bin/setfacl -m g:"domain admins":rwx /data/homes/$1/$2
/usr/bin/setfacl -m u:"$2":rwx /data/homes/$1/$2
fi
exit 0
-=Andrew
-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Jack Downes
Sent: Friday, February 18, 2011 12:29 AM
To: samba at lists.samba.org
Subject: [Samba] Not sure I understand when add user script is called
I've built a domain member. It works pretty good with the exception
that I want on-the-fly home directories being built. I'm not sure this
is doable with a domain member as everything I've tried isn't even
called - as far as I can tell. Using log level 3.
If anyone can shed light on how to dynamically create home directories,
that'd be great.
anyway, here's my latest incarnation of smb.conf.
[global]
display charset = UTF-8
workgroup = KRH
realm = KRH.INT
netbios aliases = hitstor
server string = HIT anything server
interfaces = 172.29.107.110
bind interfaces only = Yes
security = ADS
auth methods = sam, winbind, trustdomain
password server = kal-dc3.krh.int, kal-dc4.krh.int,
kal-dc2.krh.int, *
ntlm auth = No
client NTLMv2 auth = Yes
log level = 1
syslog = 0
log file = /var/log/samba/log.%U
debug prefix timestamp = Yes
smb ports = 139
name resolve order = wins host bcast lmhost
unix extensions = No
server signing = auto
lpq cache time = 10
max open files = 20000
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
name cache timeout = 60
load printers = No
printcap cache time = 60
show add printer wizard = No
add user script = /usr/sbin/pw useradd %u -g krh -k
/usr/local/etc/skel -d /home/KRH
local master = No
domain master = No
dns proxy = No
wins server = 10.6.1.21
utmp = Yes
nmbd bind explicit broadcast = No
host msdfs = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /usr/local/bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
acl group control = Yes
cups options = raw
force printername = Yes
wide links = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
Here's the /etc/pam.d/system file:
#
# $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.4.1 2010/06/14 02:09:06
kensmith Exp $
#
# System-wide defaults
#
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient /usr/local/lib/pam_winbind.so
mkhomedir=yes
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_lastlog.so no_fail
session required /usr/local/lib/pam_mkhomedir.so
skel=/usr/local/etc/skel
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list