[Samba] Add user script does not trigger

Romain CABASSOT romain.cabassot at magellium.fr
Fri Jul 25 10:03:53 MDT 2014


I have a Samba 3 PDC/BDC with an LDAP backend and a Samba 3 file server 
configured as domain member.
All was working fine but now when I create a new domain user, this one 
try to connect to the file server and the add user script does not 
trigger anymore.
I was trying to solve this problem but it seems I can't make it.

So here is my fileserver configuration (CentOS 5.10 ; 
         workgroup = MYDOMAIN
         server string = MYSERVER
         security = DOMAIN
         map untrusted to domain = Yes
         log level = 3
         log file = /var/log/samba/%m.log
         max log size = 50
         name resolve order = wins host lmhosts bcast
         server signing = auto
         deadtime = 15
         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 
         load printers = No
         printcap name = /dev/null
         disable spoolss = Yes
         show add printer wizard = No
         add user script = /usr/sbin/useradd -g users -d /data/usr1/%u 
-m -s /bin/bash %u
         delete user script = /usr/sbin/userdel %u
         os level = 0
         local master = No
         domain master = No
         dns proxy = No
         idmap config * : backend = tdb
         printing = bsd
         print command = lpr -r -P'%p' %s
         lpq command = lpq -P'%p'
         lprm command = lprm -P'%p' %j
         winbind enum users = yes
         winbind enum groups = yes
         # This parameter specifies the number of seconds that Winbind's 
idmap interface will cache positive SID/uid/gid query results.
         # Default: idmap cache time = 604800 (one week)
         # Ici : 86400 (1 jour)
         idmap cache time = 86400
         # This parameter specifies the number of seconds that Winbind's 
idmap interface will cache negative SID/uid/gid query results.
         # Default: idmap negative cache time = 120
         idmap negative cache time = 120
         # This parameter specifies the number of seconds the 
winbindd(8) daemon will cache user and group information before querying 
a Windows NT server again.
         # This does not apply to authentication requests, these are 
always evaluated in real time unless the winbind offline logon option 
has been enabled.
         # Default: winbind cache time = 300
         winbind cache time = 60

         comment = Repertoire personnel de %u
         path = /data/usr1/%S
         force group = users
         read only = No
         browseable = No

When I try to connect from a Windows ou Linux workstation like this :
[rct at pc029-linux ~]$ smbclient //myserver/rct_test -U rct_test -W mydomain
Enter rct_test's password:
session setup failed: NT_STATUS_LOGON_FAILURE

I can see the following log in the fileserver :
[2014/07/25 17:50:49.528667,  3] auth/auth.c:219(check_ntlm_password)
   check_ntlm_password:  Checking password for unmapped user 
[MYDOMAIN]\[rct_test]@[PC029-LINUX] with the new password interface
[2014/07/25 17:50:49.528704,  3] auth/auth.c:222(check_ntlm_password)
   check_ntlm_password:  mapped user is: [MYDOMAIN]\[rct_test]@[PC029-LINUX]
[2014/07/25 17:50:49.532990,  3] auth/auth_util.c:1125(check_account)
   Failed to find authenticated user MYDOMAIN\rct_test via getpwnam(), 
denying access.
[2014/07/25 17:50:49.533029,  2] auth/auth.c:319(check_ntlm_password)
   check_ntlm_password:  Authentication for user [rct_test] -> 
[rct_test] FAILED with error NT_STATUS_NO_SUCH_USER
[2014/07/25 17:50:49.533075,  3] smbd/error.c:81(error_packet_set)
   error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) 
[2014/07/25 17:50:49.533478,  3] smbd/server_exit.c:181(exit_server_common)
   Server exit (failed to receive smb request)

If I manually execute the add user script the user will be ok to access 
all the shares he can.

More information about the samba mailing list