LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-23-2003, 12:49 PM   #1
fmertus
LQ Newbie
 
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17

Rep: Reputation: 0
Adding users from windows domain


I am working on a project for my local community college to incorporate some linux into an existing windows active directory domain. Basically, all students and faculty get a web site. I have samba and apache up and running. I am using winbind to authenticate users from the existing domain. The problem I have is in generating users account on the linux box.
There are anywhere from 5000 to 6000 users per term. Doing this manually would be very prohibitive. They currently use scripts on the windows side to generate home directories, etc. Is there any way I can tap into this script or automate user creation?
Any help would be appreciated.

fmertus
 
Old 05-23-2003, 01:32 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Assuming the data is just being pulled from a text database then it should be no problem. I wrote a similar script at work that generated a random password for each user and e-mailed it to them as well.
 
Old 05-23-2003, 01:59 PM   #3
fmertus
LQ Newbie
 
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17

Original Poster
Rep: Reputation: 0
The data is being queried out by SQL, and then parsed to text.
I'm thinking this shouldn't be very difficult, but I have no scripting experience, and most of my recent programming has been in VB.

Can you suggest a good place to look for info on this, or some specifics?

Thanks...
 
Old 05-23-2003, 02:02 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
If it was me writing it I would use perl to do it. What to do is work out what commands you need to do ie:
useradd user
passwd user
etc etc

Then look into text maipulation and excute the commands from within the script.
 
Old 05-23-2003, 08:18 PM   #5
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Fmertus,

Let's see if I understand you.

You have an existing Windows domain. You are adding a Samba member server to the domain. The Samba server is not a domain controller, just another file/print server. You want an easy way to automatically add users to the Samba box.

Make these changes in the global section of the smb.conf file.

# Accept users authenticated by the domain controller

security = domain

# Specify the domain controllers

password server = SERVER1, SERVER2, SERVER3

# Automatically create a user account for authenticated users

add user script = useradd %u -c "Account from PDC"
-s /bin/false \ -d /home/%u -m -n -g groupname


Essentially, you are telling Samba to let a domain controller handle authentication and automatically add users that have been authenticated by the domain controller.

Let us look at the add user script:

useradd %u -c "Account from PDC"

Add a user using the name sent from the domain controller (%u) and call the accout "Account from PDC"

-s /bin/false

prevent the user from logging on locally by not giving the account a shell.

-d /home/%u -m -n -g groupname

create a home directory for the user at /home/username and add them to the group groupname. Substitute the user's group for groupname.

Please note that the commands to add users vary slightly from one distro to the next. You may have to modify the command a bit for your distro. This will work for Red Hat.

Let me know how it works.

Last edited by jamrock; 05-23-2003 at 08:19 PM.
 
Old 05-27-2003, 01:56 PM   #6
fmertus
LQ Newbie
 
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17

Original Poster
Rep: Reputation: 0
I am using Redhat 8 and Samba 3.0...

I added the "add user script" line. It's not creating the account though. Here is a copy of the smb.conf file. Perhaps, I'm missing something simple...

[global]
workgroup = ICS
server string = Samba Server
password server = *
security = DOMAIN
encrypt passwords= yes
add user script = useradd %u -c "ICS Account" -s /bin/false \ /home/%u -m -n -g ICS

winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes

obey pam restrictions = yes


log file = /var/log/samba/log.%m

max log size = 50

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192


dns proxy = no


[homes]
comment = Home Directories
path=/home/%u
browseable = no
writable = yes
create mode = 0664
directory mode = 0775
 
Old 05-27-2003, 02:20 PM   #7
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Samba 3.0!!

I see. The commands will work on Samba 2.x. I haven't used Samba 3.0 for two reasons:

It is still being tested. The Samba team doesn't recommend using it in production enviroments yet.

Documentation for Samba 3.0 is still limited. I haven't been able to find anything comprehensive.


Why Samba 3.0 and not Samba 2.X?

What documentation are you using?

Are you using LDAP for authentication?
 
Old 05-28-2003, 12:40 PM   #8
fmertus
LQ Newbie
 
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17

Original Poster
Rep: Reputation: 0
I chose 3.0, simple because it is supposed to support Active Directory. The little bit of documentation I found was http://techupdate.zdnet.co.uk/story/...363-p1,00.html
and http://lists.isb.sdnpk.org/pipermail...ch/000447.html for 3.0
Also http://us1.samba.org/samba/docs/man/winbind.html to get winbind working.
I installed OpenLdap per the zdnet instructions, but never configured it since the instructions never mentioned it...I tend to get quite literal when I am forging into new territory.

At this point LEt me restate my objectives, and if they can be done w/ 2.2, then I will restart this...

The school is currently using Windows 2000 and 2003 (Active Directory domain)with an all 2003 planned by fall. They want to allow all students/faculty a website that can be mapped when they log in locally, when they access the ftp server(they use Serv-U), and of course the internet.

Will 2.2 do they trick here?

Thanks again for your input

Fmertus
 
Old 05-28-2003, 03:33 PM   #9
fmertus
LQ Newbie
 
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17

Original Poster
Rep: Reputation: 0
WoooHooo!

Starting from scratch has made the difference.
Everything is working as it should.

I just need to figure out how to change the default directory permissions (upon creation) so apache can access them...

Thanks much for your help.

Fmertus
 
Old 05-28-2003, 03:42 PM   #10
fzzy
Member
 
Registered: May 2003
Posts: 31

Rep: Reputation: 15
AD

did you use samba 2.x or 3.x? windows 2003 servers running AD (i have read) may allow samba 2.x to authenticate where native mode AD would not (w2k). i am curious because i have a similar setup
 
Old 05-28-2003, 09:53 PM   #11
fmertus
LQ Newbie
 
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17

Original Poster
Rep: Reputation: 0
I used 2.2.8a.
I believe the domain controller that I am using is currently w2k. The 2003 is used for real time dfs for student drives on 2 campuses.
 
Old 05-28-2003, 11:17 PM   #12
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Glad to be of help. Remember that Samba behaves like an NT 4.0 server so you can use it where NT 4.0 would work.

I am very excited about Samba 3.0. It has a lot of enhancements over Samba 2.x. Until I can find good documentation, however, I will not be able to use it since there are significant changes.

It is designed to use LDAP. Windows Active Directory is a LDAP server. Samba can therefore become an Active Directory domain controller. There are currently some limits to what it can do but it is a big step forward.

The Samba team is working hard to get the full release out so I am just waiting patiently.

Quote:
I just need to figure out how to change the default directory permissions (upon creation) so apache can access them...
I think you need the force create mask and force directory mask commands. These set the maximum allowable permissions for newly created directories. I haven't used them much so you will have to play around with them a bit.
 
Old 05-29-2003, 03:01 PM   #13
fmertus
LQ Newbie
 
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17

Original Poster
Rep: Reputation: 0
I solved the permission problem with a work around kind of solution.
I added preexec=chmod 711 /home/%u to the config file.
Everything is now beautiful.

Fmertus
 
Old 06-13-2003, 08:26 AM   #14
boblucci
Member
 
Registered: Dec 2001
Location: New Jersey
Distribution: RedHat 9
Posts: 34

Rep: Reputation: 15
Jamrock,

I have the same setup as fmertus. Do you still need the smbpasswd file, only for people that are NOT authenticating thru the windows DC, right?

So if i have everyone authenticating thru windows i could comment out the section "encrypt passwords = yes" and " smb passwd file = /etc/samba/smbpasswd" because i wont be needing it, right.
 
Old 06-13-2003, 02:43 PM   #15
fmertus
LQ Newbie
 
Registered: Apr 2003
Location: Southern Oregon
Distribution: redhat, mandrake
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by boblucci

i could comment out the section "encrypt passwords = yes" and " smb passwd file = /etc/samba/smbpasswd" because i wont be needing it, right.
I don't use the smb passwd file parameter at all. Works fine.
Encrypting passwords is good if you want to mount a windows share on the linux box. Just to test it out, I disabled it in my conf file, and everything still works. So, it looks like it is not necessary...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding a Linux server to a Windows domain Yig Linux - Networking 3 12-01-2005 10:33 AM
X server does not start with windows domain users Mattis Linux - Software 3 11-03-2005 03:16 AM
Adding a Suse 9.0 machine to a windows domain Harry Seldon Linux - Newbie 1 02-26-2004 09:50 PM
Help adding Linux 9.0 Server to a windows domain akhan02 Linux - Newbie 1 09-02-2003 02:35 AM
Win2k adding users from Samba Domain krunkwick Linux - Networking 1 07-31-2002 09:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration