Content-Type: multipart/signed; micalg=pgp-sha1;

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

The add user script is only for adding users, not machines and it
shouldn't call smbpassword. The script only needs to handle the OS task
of adding the user. Samba will add the Samba stuff itself.

To add machines you want an "add machines script" specified.

Depending on what you are trying to do you can also have other scripts
specified. A full set for a Linux box could be:
add user script =3D /usr/sbin/useradd "%u" -n -g domusers
delete user script =3D /usr/sbin/userdel "%u"
add group script =3D /usr/sbin/groupadd "%g"
delete group script =3D /usr/sbin/groupdel "%g"
add user to group script =3D /usr/bin/gpasswd -a "%u" "%g"
delete user from group script =3D /usr/bin/gpasswd -d "%u" "%g"
add machine script =3D /usr/sbin/useradd -n -c "Workstation (%u)"
-M -d /nohome -s /bin/false -g machines "%u"
add share command =3D /usr/local/samba/modify_samba_config.py
delete share command =3D /usr/local/samba/modify_samba_config.py

On Tue, 2008-04-29 at 14:45 +0100, Evan Ingram wrote:
> Hi
> I want windows machines to automatically be added into samba when they
> try to attach to the domain. Had various problems with root account not
> being accepted.=20
> Can anyone spot anything glaringly obviously wrong in my config that
> follows.=20
> Cheers=20
> [global]
> name resolve order =3D wins bcast hosts=20
> ldap ssl =3D no
> passwd chat =3D *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*success fully*
> idmap gid =3D 500-550
> admin users =3D root=20
> obey pam restrictions =3D no
> client schannel =3D no
> passwd program =3D /usr/bin/passwd %u
> dns proxy =3D No
> netbios name =3D sss-server
> writeable =3D yes
> printing =3D lprng
> idmap uid =3D 500-2000
> logon script =3D user.bat
> workgroup =3D domain
> debug level =3D 3
> os level =3D 65
> getwd cache =3D yes
> log file =3D /var/log/samba/%m.log
> guest account =3D root=20
> socket options =3D TCP_NODELAY SO_SNDBUF=3D8192 SO_RCVBUF=3D8192
> sync always =3D yes
> map to guest =3D never
> null passwords =3D yes
> domain master =3D Yes
> encrypt passwords =3D yes
> public =3D yes
> realm =3D domain
> wins support =3D true
> netbios aliases =3D sss-server
> server string =3D sss-server
> add user script =3D /usr/sbin/useradd -g machines -c NTMachine
> -d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$
> domain logons =3D Yes
> pam password change =3D Yes
> # DOMAIN ADMIN GROUP added to allow root as local admin
> domain admin group =3D root
> [homes]
> comment =3D Home Directories
> valid users =3D %S
> read only =3D No
> create mask =3D 0664
> directory mask =3D 0775
> browseable =3D No
> [netlogon]
> comment =3D Network Logon Service
> share modes =3D No
> public =3D yes
> path =3D /usr/local/samba/netlogon
> [Profiles]
> nt acl support =3D yes
> browseable =3D no
> delete readonly =3D yes
> path =3D /usr/local/samba/profiles
> force group =3D root
> force user =3D root
> comment =3D Network Profiles Service
> create mode =3D 0600
> directory mode =3D 0700
> [root_dir]
> comment =3D root dir mark only
> delete readonly =3D yes
> path =3D /
> [data]
> force user =3D root
> comment =3D Data Directory
> path =3D /home/data/
> force group =3D root

Mike Brady
PGP ID: 0x9C777DA4

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBIF2nU6xLAi5x3faQRArJmAKCW3cA4ybsbQd9SMfzCYi l2MtQbjACeKLJf


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba