[Samba] user creation with samba-tool issue
Stéphane PURNELLE
stephane.purnelle at corman.be
Thu Oct 24 08:04:07 MDT 2013
do what you want to do and let other do what he want to do.
-----------------------------------
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
samba-bounces at lists.samba.org wrote on 24/10/2013 15:50:52:
> De : Rowland Penny <rowlandpenny at googlemail.com>
> A : dahopkins at comcast.net,
> Cc : samba at lists.samba.org
> Date : 24/10/2013 15:51
> Objet : Re: [Samba] user creation with samba-tool issue
> Envoyé par : samba-bounces at lists.samba.org
>
> On 24/10/13 14:16, dahopkins at comcast.net wrote:
> >
> > ----- Original Message -----
> > On 24/10/13 12:51, dahopkins at comcast.net wrote:
> >> ----- Original Message -----
> >> On Thu, 2013-10-24 at 02:48 +0000, dahopkins at comcast.net wrote:
> >>>>> I am creating a user with samba-tool. I am essentially using
> the s4user script (very slight mods to echo some data and assign
> >>>>some site-specific data).
> >>>>> The syntax in the script for a test user is
> >>>>> samba-tool add user test.user47 Passw0rd!
> >>>> Hi
> >>>> No, strange. It doesn't work if you specify it on the command line
of
> >>>> the script but it does if you don't and type a password at the
prompt.
> >>>> Is specifying the password at user creation time an option for you?
> >>>> Steve
> >>> I actually didn't try not using a password with the script. I
> didn't want to delete that line of the script so I just echoed what
> the password had been set to instead. I'll test removing the
> password and typing it when prompted by the script. If this works, I
> guess it will have to be the work-around for the moment .. though
> doing this for 350+ accounts that need to be created isn't sounding
> very enticing.
> >>> Sincerely,
> >>> Dave
> >>
> >> Hi, when you try to login, just where are you trying to log into? a
> >> windows machine or the samba 4 server?
> > We have LTSP servers that users log onto in addition to Windows
> Terminal Servers, so both Linux and Windows. Account creation does
> work and it is possible as root to immediately use
> > su - AccountName
> > on a Linux system which logs in as that user. However,
> > ssh AccountName at linuxserver
> > prompts for a password and that comes back with permission denied.
> As mentioned, resetting the password in ADUC allows logins to work
> correctly, whether Linux or Windows.
> This is what I am getting when trying to login via ssh, will have to try
> resetting the password in ADUC.
> >> Reason for asking is that I am using a similar script around
samba-tool
> >> and whilst I can login from windows with a domain user & password, I
> >> seem to be struggling to login into the samba 4 server via ssh etc.
> > I am using nslcd+nscd+k5start and keytab files for the Linux
> logins which is working well.
> >
> >> One last thing, I noticed that your script is adding the posixAccount
> >> objectClass, you do not need to do this. The posixAccount &
posixGroup
> >> objectClasses are auxillaries of the 'user' objectClass and as such
are
> >> never added or required by windows.
> > My understanding is that I need these for Linux (e.g. rfc-2307)
> compliance. I have that specified in the smb.conf file.
> >
> > Dave
> This seems to be everybodies understanding and it is wrong, if you open
> /usr/local/samba/share/setup/ad-schema/MS-AD_Schema_2K8_Classes.txt in
> your favourite editor and search for 'cn: User' you will find
> 'auxiliaryClass: shadowAccount, posixAccount'. What this means is the
> mustContain**, systemMustContain**, mayContain**, and
> systemMayContain** values of the auxiliary class are added to those of
> the class, or in other words, you get the posix attributes without
> adding the posixAccount objectclass. The same goes for posixGroup, it is
> an auxillary of group.
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list