diff options
Diffstat (limited to 'docs/docbook/smbdotconf/logon/adduserscript.xml')
| -rw-r--r-- | docs/docbook/smbdotconf/logon/adduserscript.xml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml new file mode 100644 index 0000000000..3afea231a5 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/adduserscript.xml @@ -0,0 +1,49 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="ADDUSERSCRIPT"/>add user script (G)</term> + <listitem><para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para> + + <para>Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users + <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> + + <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter> + and <parameter moreinfo="none">add user script</parameter> + must be set to a full pathname for a script that will create a UNIX + user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into + the UNIX user name to create.</para> + + <para>When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and + attempts to authenticate the given user with the given password. If the + authentication succeeds then <command moreinfo="none">smbd</command> + attempts to find a UNIX user in the UNIX password database to map the + Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script + </parameter> is set then <command moreinfo="none">smbd</command> will + call the specified script <emphasis>AS ROOT</emphasis>, expanding + any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para> + + <para>If this script successfully creates the user then <command moreinfo="none">smbd + </command> will continue on as though the UNIX user + already existed. In this way, UNIX users are dynamically created to + match existing Windows NT accounts.</para> + + <para>See also <link linkend="SECURITY"><parameter moreinfo="none"> + security</parameter></link>, <link linkend="PASSWORDSERVER"> + <parameter moreinfo="none">password server</parameter></link>, + <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user + script</parameter></link>.</para> + + <para>Default: <command moreinfo="none">add user script = <empty string> + </command></para> + + <para>Example: <command moreinfo="none">add user script = /usr/local/samba/bin/add_user + %u</command></para> + </listitem> + </samba:parameter> |