On Friday 26 August 2005 10:48, Eric Feldhusen wrote: > John H Terpstra wrote: > > On Friday 26 August 2005 10:07, Paul Gienger wrote: > >>Many people on this list. > > > > What is your OS platform? Does it implement controls over permitted home > > directories and shells that can be specified to the useradd command? > > > > More than one Linux distro will NOT permit the creation of a user account > > (that is what a Windows domain member trust account is on the UNIX host) > > with a shell other than what is defined in /etc/shells, and some will not > > permit a home directory that consists of /dev/null. > > > > If your Linux distro has paranoid controls like that, a work around is > > necessary. Here is a possible work-around: > > > > add machine script = /usr/sbin/useradd -d /var/nodirs -g computers > > -s /bin/false '%u' > > > > Note that the %u is quoted with single quotes. > > > > Add to the /etc/shells: /bin/false > > > > Create the directory /var/nodirs with permissions set: > > chown root:root /var/nodirs > > chmod 550 /var/nodirs > > > > In other words, all access to /var/nodirs prevents user ability to write > > to the directory. It should also have no contents. > > > > - John T. > > Will this work with Redhat Enterprise 3 & 4? Just curious, and I'm not > in a position to check at the moment.
Why do you ask? Why do you suspect it will not? All I suggested is that you need to establish the capabilities of the specific implementation of the useradd command on your platform of choice. Samba can not solve a limitation that is caused by one of the basic utilities that is part of the operating system platform. Debian and Red Hat have at times had paranoid restrictions in their useradd toolsets. I do not remember which versions and releases, but I do know that there were some updates that later removed some of the restrictions. The right answer is, try running useradd from the command line, like this: useradd -d /dev/null -s /bin/false jim If it works, you are in good shape. If not, find an alternative way to achieve the same result. Each Linux distribution is a little different. Sometimes, just to keep ahead of the pack, a distribution vendor will adopt a particular nuance of paranoia that breaks the world apart. That's life, and fortunately, with Linux it is not terminal - you can always replace the problematic component. If your platform of choice is limited in any way, and you want automated computer account creation to work correctly, you will need to find an alternative method. Why will an alternative method not work? I am perplexed by the question. Apologies if I have misundertsood you. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba