Hi John, I am glad to report full success and must admit, at the end all is really easy... if one only knows those tiny "things". It may be that I did not understand everything in the docs right or that I've read over some parts but finally adding and deleting groups and users work via usermanager for domains and via pdbedit, just some very tiny rather cosmetic issues are left.
The problem, the solution: Very interesting, the _real_ problem was with the passwd chat. This is something I may have read over and I must admit I did not read the manpage for smb.conf very thoroughly but as this is a VERY massive and boring to read document... I like to think of it rather as a bit of a reference than documentation. One thing I always misunderstood was, the passwd chat is NOT a thing displayed on the windows' screen somehwere / sometime if a user changes his password... it is just a guidance for samba what to expect to see if the passwd program is executed so it can interact properly. Somehow embarrassing, awkward or just dumb... but that's how it was ;) So this passwd chat, passwd sync and passwd program was a real myth to me and over the years many false assumptions were accumulated. Not a big deal as I did use samba only as a standalone server so far. Another thing was, you see an error message, you make assumptions, you google, you get lots of hints, several different and even more assumptions from other users with similar problems, but absolutely NO hint about the real problem. After hours (I must admit I spent a way too much time googleing!) a few minutes of debugging did the trick... and at the end, not very hard at all! For example you get an error message "Access denied" (may be "permission denied", translated from german) on the windows screen, we all know those errors from Linux or *UNIX in general. Maybe most errors in unixland are permission related... but in this case it was not an issue of missing or wrong permissions at all. I did raise the log level, noticed it added the account, could not change / set the password and deleted the account afterwards again... a few moments of thinking including help and thoughts from users on IRC... and there it was, the myth is gone! Coppy and paste is not a very good idea after all when it comes to implement samba _right_ ;) This should be mentioned in the docs a hundred times if you ask me! Another thing was, I could not delete a user from a specific group... after _short_ googleing with no luck, thinking, trying out something... and see, found a bug! deluser on debian stable does not like to delete root from _any_ group it just complains he is not in that group, but he is! $EDITOR /etc/group did the trick here. This is just a side-effect from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428144 I think. As deluser is a perl script and I am not very good at reading perl, I did not investigate this issue any further, I know it works on sid (debian unstable) so it is fixed already. So... don't add root to any groups you want to remove him afterwards from, on debian etch... ;) So in short, I think one small chapter about those scripts including notes about the distro specific stuff, a bunch of notes about copy and paste, a joke every once in a while, a remark about locales (passwd does not look the same in all languages > passwd chat), encourage users to debug samba themselves, a rant about google and how useless and confusing it can be, some notes about "user manager for domains" and how this piece of software works and as a running gag (my personal favorite): Clear up myths! I have no idea why, but several users reported usrmgr.exe should be installed on a share on the samba PDC to get it running... it worked for them. Really, no idea what problem they had, but I can't think of any reason why this could be true! (I think a little bit of debugging would have been of help here ;) And if all that is done, even dumb users like me can set up a samba PDC in less then 2 Minutes (maybe even faster!) and spend the rest of the day in the woods, at a lake or <insert your favorite place here>. regards Michael P.S.: 2 Minutes, excluding reading of course ;) P.P.S.: Tanze Samba mit mir, tanze Samba die ganze Nacht... Am Samstag, den 08.09.2007, 23:54 -0500 schrieb John H Terpstra: > On Saturday 08 September 2007 23:30, Michael Schmitt wrote: > > Hi List, > > > > I have some issues with user manager for domains (srvtools.exe from MS) > > and the scripts mentioned in the subject. The examples from the samba > > howto collection seem to cause serious issues here. I am on debian etch > > and tried to create my own scripts but till now to now avail. With the > > examples from the docs I could add groups, but could not add users to > > groups. There was the option -A used but here it seems to be -a refering > > to the manpage (log was helping here)... anyhow changed to -a and it > > worked. But adding users does not work at all. Different syntax, > > different problems, but nothing does work. With the example of the howto > > collection the user manager gave me "access denied" or similar > > (translated from german) as I tried to add a user. I tried to use > > adduser instead of useradd and came to these syntaxes: > > Please check the man page for your distro. The options to useradd, usremod, > groupmod, etc. seem to vary considerably across Linux distros. > > > add user script = /usr/sbin/adduser --ingroup domusers --gecos samba '% > > u' > > delete user script = /usr/sbin/deluser '%u' > > add group script = /usr/sbin/groupadd '%g' > > delete group script = /usr/sbin/groupdel '%g' > > add user to group script = /usr/sbin/adduser '%u' '%g' > > Please note that the adduser script is entirely different from the useradd > utility. Neither is consistent across implementations. Both vary from Linux > distro to distro. I was unaware of this until last week and am not sure how > to handle this in the HOWTO, other than to make a note regarding the problem. > > > add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody > > '%u' > > > > now the adduser syntax gives me loads of this over and over again: > > > > Use of uninitialized value in chop at /usr/sbin/adduser line 537. > > Use of uninitialized value in pattern match (m//) at /usr/sbin/adduser > > line 538. > > Enter new UNIX password: Retype new UNIX password: No password supplied > > Enter new UNIX password: Retype new UNIX password: No password supplied > > Enter new UNIX password: Retype new UNIX password: No password supplied > > passwd: Authentication token manipulation error > > passwd: password unchanged > > > > If only all scripts would give me some hints why they don't work. As I > > see not for all scripts log entries but none work I think everything I > > tried was wrong. > > This is something you will need to take up with the Linux distro maintainer. > > > Could someone pinpoint me in the right direction or to the right part of > > the docs? Maybe some insights of how those scripts need to be built? > > The useradd and adduser tools should NOT set the password. That whould be > done > using the passwd utility. > > - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
