Samba --> nobody run "add user script = /usr/sbin/useradd %u ....." ????
I have the following configuration:
Two PDCs with Fedora Core 4: PDC1 and PDC2.
PDC1 trusts PDC2, respectively PDC2 is trusted to PDC1.
I join an XP workstation to PDC2. After restart i can see both domains in the login screen domain combo box.
I can logon to PDC2 , but not to PDC1, since the PDC2's /etc/passwd lacks the username from PDC1 i am trying to log in with. To correct this i edit smb.conf adding this line:
add user script = /usr/sbin/useradd %u -g users -s /bin/false -d /dev/null
After another unsuccessful login to PDC1 (with username ivan for example) in the PDC2's log (/var/log/samba/winxp.log) can be seen the following lines:
useradd: unable to lock password file
useradd ....gave 1
When i try to access a share on PDC2 with a PDC1 user (ivan for example), useradd is executed successfully, and user ivan is added to /etc/passwd.
I found out that during login "add user script = /usr/sbin/useradd %u ......" is executed with user nobody, and this user has no right to execute useradd, hence an error occurs.
After that i added user nobody in the /etc/sudoers so he could execute sudo on PDC2:
visudo -f sudoers
And edited smb.conf on PDC2 like this:
add user script = sudo -u root /usr/sbin/useradd %u ......
Now the logging to PDC1 works fine, but this is not normal!
My question is:
Is this a bug in samba, why when mapping a drive useradd runs as root (as described in the samba manual), but when logging, it runs as user nobody who has no right to execute useradd?
If am wrong - correct me, or point me to another solution.
Thanks in advance :-)