Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
05-23-2003, 12:49 PM
|
#1
|
LQ Newbie
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17
Rep:
|
Adding users from windows domain
I am working on a project for my local community college to incorporate some linux into an existing windows active directory domain. Basically, all students and faculty get a web site. I have samba and apache up and running. I am using winbind to authenticate users from the existing domain. The problem I have is in generating users account on the linux box.
There are anywhere from 5000 to 6000 users per term. Doing this manually would be very prohibitive. They currently use scripts on the windows side to generate home directories, etc. Is there any way I can tap into this script or automate user creation?
Any help would be appreciated.
fmertus
|
|
|
05-23-2003, 01:32 PM
|
#2
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Assuming the data is just being pulled from a text database then it should be no problem. I wrote a similar script at work that generated a random password for each user and e-mailed it to them as well.
|
|
|
05-23-2003, 01:59 PM
|
#3
|
LQ Newbie
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17
Original Poster
Rep:
|
The data is being queried out by SQL, and then parsed to text.
I'm thinking this shouldn't be very difficult, but I have no scripting experience, and most of my recent programming has been in VB.
Can you suggest a good place to look for info on this, or some specifics?
Thanks...
|
|
|
05-23-2003, 02:02 PM
|
#4
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
If it was me writing it I would use perl to do it. What to do is work out what commands you need to do ie:
useradd user
passwd user
etc etc
Then look into text maipulation and excute the commands from within the script.
|
|
|
05-23-2003, 08:18 PM
|
#5
|
Member
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444
Rep:
|
Fmertus,
Let's see if I understand you.
You have an existing Windows domain. You are adding a Samba member server to the domain. The Samba server is not a domain controller, just another file/print server. You want an easy way to automatically add users to the Samba box.
Make these changes in the global section of the smb.conf file.
# Accept users authenticated by the domain controller
security = domain
# Specify the domain controllers
password server = SERVER1, SERVER2, SERVER3
# Automatically create a user account for authenticated users
add user script = useradd %u -c "Account from PDC"
-s /bin/false \ -d /home/%u -m -n -g groupname
Essentially, you are telling Samba to let a domain controller handle authentication and automatically add users that have been authenticated by the domain controller.
Let us look at the add user script:
useradd %u -c "Account from PDC"
Add a user using the name sent from the domain controller (%u) and call the accout "Account from PDC"
-s /bin/false
prevent the user from logging on locally by not giving the account a shell.
-d /home/%u -m -n -g groupname
create a home directory for the user at /home/username and add them to the group groupname. Substitute the user's group for groupname.
Please note that the commands to add users vary slightly from one distro to the next. You may have to modify the command a bit for your distro. This will work for Red Hat.
Let me know how it works.
Last edited by jamrock; 05-23-2003 at 08:19 PM.
|
|
|
05-27-2003, 01:56 PM
|
#6
|
LQ Newbie
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17
Original Poster
Rep:
|
I am using Redhat 8 and Samba 3.0...
I added the "add user script" line. It's not creating the account though. Here is a copy of the smb.conf file. Perhaps, I'm missing something simple...
[global]
workgroup = ICS
server string = Samba Server
password server = *
security = DOMAIN
encrypt passwords= yes
add user script = useradd %u -c "ICS Account" -s /bin/false \ /home/%u -m -n -g ICS
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
obey pam restrictions = yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
[homes]
comment = Home Directories
path=/home/%u
browseable = no
writable = yes
create mode = 0664
directory mode = 0775
|
|
|
05-27-2003, 02:20 PM
|
#7
|
Member
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444
Rep:
|
Samba 3.0!!
I see. The commands will work on Samba 2.x. I haven't used Samba 3.0 for two reasons:
It is still being tested. The Samba team doesn't recommend using it in production enviroments yet.
Documentation for Samba 3.0 is still limited. I haven't been able to find anything comprehensive.
Why Samba 3.0 and not Samba 2.X?
What documentation are you using?
Are you using LDAP for authentication?
|
|
|
05-28-2003, 12:40 PM
|
#8
|
LQ Newbie
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17
Original Poster
Rep:
|
I chose 3.0, simple because it is supposed to support Active Directory. The little bit of documentation I found was http://techupdate.zdnet.co.uk/story/...363-p1,00.html
and http://lists.isb.sdnpk.org/pipermail...ch/000447.html for 3.0
Also http://us1.samba.org/samba/docs/man/winbind.html to get winbind working.
I installed OpenLdap per the zdnet instructions, but never configured it since the instructions never mentioned it...I tend to get quite literal when I am forging into new territory.
At this point LEt me restate my objectives, and if they can be done w/ 2.2, then I will restart this...
The school is currently using Windows 2000 and 2003 (Active Directory domain)with an all 2003 planned by fall. They want to allow all students/faculty a website that can be mapped when they log in locally, when they access the ftp server(they use Serv-U), and of course the internet.
Will 2.2 do they trick here?
Thanks again for your input
Fmertus
|
|
|
05-28-2003, 03:33 PM
|
#9
|
LQ Newbie
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17
Original Poster
Rep:
|
WoooHooo!
Starting from scratch has made the difference.
Everything is working as it should.
I just need to figure out how to change the default directory permissions (upon creation) so apache can access them...
Thanks much for your help.
Fmertus
|
|
|
05-28-2003, 03:42 PM
|
#10
|
Member
Registered: May 2003
Posts: 31
Rep:
|
AD
did you use samba 2.x or 3.x? windows 2003 servers running AD (i have read) may allow samba 2.x to authenticate where native mode AD would not (w2k). i am curious because i have a similar setup
|
|
|
05-28-2003, 09:53 PM
|
#11
|
LQ Newbie
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17
Original Poster
Rep:
|
I used 2.2.8a.
I believe the domain controller that I am using is currently w2k. The 2003 is used for real time dfs for student drives on 2 campuses.
|
|
|
05-28-2003, 11:17 PM
|
#12
|
Member
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444
Rep:
|
Glad to be of help. Remember that Samba behaves like an NT 4.0 server so you can use it where NT 4.0 would work.
I am very excited about Samba 3.0. It has a lot of enhancements over Samba 2.x. Until I can find good documentation, however, I will not be able to use it since there are significant changes.
It is designed to use LDAP. Windows Active Directory is a LDAP server. Samba can therefore become an Active Directory domain controller. There are currently some limits to what it can do but it is a big step forward.
The Samba team is working hard to get the full release out so I am just waiting patiently.
Quote:
I just need to figure out how to change the default directory permissions (upon creation) so apache can access them...
|
I think you need the force create mask and force directory mask commands. These set the maximum allowable permissions for newly created directories. I haven't used them much so you will have to play around with them a bit.
|
|
|
05-29-2003, 03:01 PM
|
#13
|
LQ Newbie
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17
Original Poster
Rep:
|
I solved the permission problem with a work around kind of solution.
I added preexec=chmod 711 /home/%u to the config file.
Everything is now beautiful.
Fmertus
|
|
|
06-13-2003, 08:26 AM
|
#14
|
Member
Registered: Dec 2001
Location: New Jersey
Distribution: RedHat 9
Posts: 34
Rep:
|
Jamrock,
I have the same setup as fmertus. Do you still need the smbpasswd file, only for people that are NOT authenticating thru the windows DC, right?
So if i have everyone authenticating thru windows i could comment out the section "encrypt passwords = yes" and " smb passwd file = /etc/samba/smbpasswd" because i wont be needing it, right.
|
|
|
06-13-2003, 02:43 PM
|
#15
|
LQ Newbie
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17
Original Poster
Rep:
|
Quote:
Originally posted by boblucci
i could comment out the section "encrypt passwords = yes" and " smb passwd file = /etc/samba/smbpasswd" because i wont be needing it, right.
|
I don't use the smb passwd file parameter at all. Works fine.
Encrypting passwords is good if you want to mount a windows share on the linux box. Just to test it out, I disabled it in my conf file, and everything still works. So, it looks like it is not necessary...
|
|
|
All times are GMT -5. The time now is 09:05 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|