On Fri, Feb 10, 2006 at 08:00:40PM +1100, Andrew Bartlett wrote: > On Fri, 2006-02-10 at 00:36 -0800, Steve Langasek wrote: > > On Thu, Feb 09, 2006 at 12:24:00PM +0100, Christian Perrier wrote: > > > > > retitle -8 Please add an example user addition script in default > > > > > smb.conf > > > > Bug#349050: corrections / clarifications to smb.conf > > > > Changed Bug title.
> > > Attached is what I popose to deal with this issue. > > > --- smb.conf.ori 2006-02-09 12:14:23.089472438 +0100 > > > +++ smb.conf 2006-02-09 12:20:39.876996034 +0100 > > > @@ -58,6 +58,21 @@ > > > # option cannot handle dynamic or non-broadcast interfaces correctly. > > > ; bind interfaces only = true > > > +#### User management #### > > > + > > > +# User addition script > > > +# > > > +# This allows Unix users to be created ON DEMAND when a user accesses the > > > +# Samba server and is validated > This isn't the main purpose of this script. The main purpose is for the > DC, when users create accounts over SAMR (see also 'add machine > script'). The joys of overloaded parameters... Ok. FWIW, this isn't what smb.conf(5) currently says... Anyway, proposed revised comment: # This allows Unix users to be created on the domain controller via the SAMR # RPC pipe. The example command creates a user account with a disabled Unix # password; please adapt to your needs No headers, since it looks to me like this belongs under the 'domain' parameters grouping... > > > +# does not work when 'security = share' > > > +# > > > +# The following command will create a user account and a disabled > > > +# Unix password > > > +# Please adapt to your needs > > > +; add user script = /usr/sbin/adduser --quiet --disabled-password > > > --gecos "" %u > > > + > > > + > > What does this example script set the user's home directory to? Does it > > auto-create the home directory? (Honestly don't know, I always look this up > > before deploying uses of adduser anywhere.) Is using nss_winbind a viable > > alternative to needing to use the 'add user' script at all, and if so, > > should it be preferred? > Winbindd is the far preferred option for creating posix users for remote > accounts. For the creation of posix users for local accounts on a DC, > winbindd does not provide this. Ah, fair enough. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
