Web lists-archives.com

Re: [Samba] Execute a user script whenever a user is added in the domain




My DC handle the authentification and some other Samba server provide
shares (they're pure file servers with winbind). Users get their personal
directory as a share with appropriate permissions.

Up until now I used a Samba 3 server to both handle the authentification
and act as a file server. I had a script to create a Samba user, create the
personal directories and set some ZFS quota on it.

Now with AD I want to allow people to easily be able to create users with
the ADUC tool. The DC now is on a separate machine then than file server.
But I still need a way(script) to automatically create the directories.

I already tested using the "add user script" on the file servers, but since
they use winbind, I guess they "find" the user and the script isn't
executed. I think I found a solution though by using 'root preexec', like
suggested here: https://serverfault.com/a/576142/437431

But I would still be interested in also having a way to run a script on the
DC, to add the user to some mailing lists there.

Thanks,
Fabian



2017-11-23 21:09 GMT+01:00 Rowland Penny <rpenny@xxxxxxxxx>:

> On Thu, 23 Nov 2017 20:31:46 +0100
> Fabian Fritz via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > Hi,
> >
> > I am using the ADUC-tool on Windows PCs to add users to the domain.
> > Now I also need to do some maintance work on the linux server (DC).
> > Is there an option that I've overlooked or any other way to execute a
> > shell script whenever a user is added? Ideally it would be executed
> > on each DC.
> >
> > If there isn't a built-in way, would it be possible by monitoring one
> > of the ldb-files for changes?
> >
> > I know of the "add user script" property, but I'm not sure this is
> > still supported in version 4 and from the description it seems like
> > it is only executed once a user logs in.
> >
> > Thanks,
> > Fabian
>
> The 'add user script' is run when a user authenticates and smbd cannot
> find a Unix user, but on a Unix domain member (or DC) the user is also
> a Unix user or isn't, if it isn't, then the user wont get authenticated
> by AD so the 'add user script' wont get run.
>
> It might help if you could explain just what you need to do on the DC
> when the user is created.
>
> Rowland
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba