[Samba] Manage unix users from AD

mourik jan heupink heupink at merit.unu.edu
Tue Jan 28 09:23:16 MST 2014

Hi all,

>>> Consider a network with about 200+ employees, most of them windows user.
>>> Happens that one need to provide other non-windows services like e-mail,
>>> proxy and many others to them, running on other linux servers.
We are running a network exactly like that.  In the samba3 days (one 
PDC, openldap backend) we did not need winbind, never used it, no 

I am now testing samba4, and need (like we did in samba3/openldap) my 
users to be linux and windows. We have one realm/domain, all users have 
posix attributes.

I was planning to have two (DC only) DC's, both virtualised, and two 
fileservers. It seems now (having read all discussion recently on 
sssd/winbind) in samba4 we DO need winbind?

>> A related but tangential question is if is there a way to provision
>> these services when a new user is created from the windows
>> administration tool, i.e., if is there a way for samba to run a script
>> when a new user is created (or modified) from windows.
>> If there isn't, would it be possible to add it as a new feature?

         root preexec = /usr/local/sbin/mkhomedir.sh %U
         comment=Home directory for %S
         read only = No
         browseable = No

Each time a user logs on, this script is executed. First the script 
checks if it needs to run, and if yes, it does all sorts of things:

- create homedirectory
- fill it with default requirements
- set correct permissions
- set quota
- create a DFS base for that particular user
- create a network recycle bin (with vfs module recycle)
- etc, etc


More information about the samba mailing list