On Fri, 2006-02-10 at 00:36 -0800, Steve Langasek wrote:
> On Thu, Feb 09, 2006 at 12:24:00PM +0100, Christian Perrier wrote:
> > > > retitle -8 Please add an example user addition script in default 
> > > > smb.conf
> > > Bug#349050: corrections / clarifications to smb.conf
> > > Changed Bug title.
> 
> > Attached is what I popose to deal with this issue.
> 
> > --- smb.conf.ori    2006-02-09 12:14:23.089472438 +0100
> > +++ smb.conf        2006-02-09 12:20:39.876996034 +0100
> > @@ -58,6 +58,21 @@
> >  # option cannot handle dynamic or non-broadcast interfaces correctly.
> >  ;   bind interfaces only = true
> 
> > +#### User management ####
> > +
> > +# User addition script
> > +#
> > +# This allows Unix users to be created ON DEMAND when a user accesses the
> > +# Samba server and is validated

This isn't the main purpose of this script.  The main purpose is for the
DC, when users create accounts over SAMR (see also 'add machine
script').  The joys of overloaded parameters...

> > +# does not work when 'security = share'
> > +#
> > +# The following command will create a user account and a disabled
> > +# Unix password
> > +# Please adapt to your needs
> > +; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos 
> > "" %u
> > +
> > +
> 
> What does this example script set the user's home directory to?  Does it
> auto-create the home directory?  (Honestly don't know, I always look this up
> before deploying uses of adduser anywhere.)  Is using nss_winbind a viable
> alternative to needing to use the 'add user' script at all, and if so,
> should it be preferred?

Winbindd is the far preferred option for creating posix users for remote
accounts.  For the creation of posix users for local accounts on a DC,
winbindd does not provide this.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to