[Samba] user creation with samba-tool issue

dahopkins at comcast.net dahopkins at comcast.net
Thu Oct 24 07:16:50 MDT 2013

----- Original Message -----
On 24/10/13 12:51, dahopkins at comcast.net wrote:
> ----- Original Message -----
> On Thu, 2013-10-24 at 02:48 +0000, dahopkins at comcast.net wrote:
>>>> I am creating a user with samba-tool. I am essentially using the s4user script (very slight mods to echo some data and assign >>>>some site-specific data).
>>>> The syntax in the script for a test user is
>>>> samba-tool add user test.user47 Passw0rd!
>>> Hi
>>> No, strange. It doesn't work if you specify it on the command line of
>>> the script but it does if you don't and type a password at the prompt.
>>> Is specifying the password at user creation time an option for you?
>>> Steve
>> I actually didn't try not using a password with the script. I didn't want to delete that line of the script so I just echoed what the password had been set to instead. I'll test removing the password and typing it when prompted by the script. If this works, I guess it will have to be the work-around for the moment .. though doing this for 350+ accounts that need to be created isn't sounding very enticing.
>> Sincerely,
>> Dave
>Hi, when you try to login, just where are you trying to log into? a 
>windows machine or the samba 4 server?

We have LTSP servers that users log onto in addition to Windows Terminal Servers, so both Linux and Windows.  Account creation does work and it is possible as root to immediately use 
su - AccountName 
on a Linux system which logs in as that user.  However, 
ssh AccountName at linuxserver 
prompts for a password and that comes back with permission denied. As mentioned, resetting the password in ADUC allows logins to work correctly, whether Linux or Windows.

>Reason for asking is that I am using a similar script around samba-tool 
>and whilst I can login from windows with a domain user & password, I 
>seem to be struggling to login into the samba 4 server via ssh etc.

I am using nslcd+nscd+k5start and keytab files for the Linux logins which is working well.

>One last thing, I noticed that your script is adding the posixAccount 
>objectClass, you do not need to do this. The posixAccount & posixGroup 
>objectClasses are auxillaries of the 'user' objectClass and as such are 
>never added or required by windows.

My understanding is that I need these for Linux (e.g. rfc-2307) compliance. I have that specified in the smb.conf file.


More information about the samba mailing list