summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/logon/adduserscript.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/smbdotconf/logon/adduserscript.xml')
-rw-r--r--docs/smbdotconf/logon/adduserscript.xml50
1 files changed, 50 insertions, 0 deletions
diff --git a/docs/smbdotconf/logon/adduserscript.xml b/docs/smbdotconf/logon/adduserscript.xml
new file mode 100644
index 0000000000..d1d3ef118e
--- /dev/null
+++ b/docs/smbdotconf/logon/adduserscript.xml
@@ -0,0 +1,50 @@
+<samba:parameter name="add user script"
+ context="G"
+ type="string"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>This is the full pathname to a script that will
+ be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para>
+
+ <para>Normally, a Samba server requires that UNIX users are
+ created for all users accessing files on this server. For sites
+ that use Windows NT account databases as their primary user database
+ creating these users and keeping the user list in sync with the
+ Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users
+ <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para>
+
+ <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter>
+ and <parameter moreinfo="none">add user script</parameter>
+ must be set to a full pathname for a script that will create a UNIX
+ user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into
+ the UNIX user name to create.</para>
+
+ <para>When the Windows user attempts to access the Samba server,
+ at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and
+ attempts to authenticate the given user with the given password. If the
+ authentication succeeds then <command moreinfo="none">smbd</command>
+ attempts to find a UNIX user in the UNIX password database to map the
+ Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script
+ </parameter> is set then <command moreinfo="none">smbd</command> will
+ call the specified script <emphasis>AS ROOT</emphasis>, expanding
+ any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para>
+
+ <para>If this script successfully creates the user then <command moreinfo="none">smbd
+ </command> will continue on as though the UNIX user
+ already existed. In this way, UNIX users are dynamically created to
+ match existing Windows NT accounts.</para>
+
+ <para>See also <link linkend="SECURITY"><parameter moreinfo="none">
+ security</parameter></link>, <link linkend="PASSWORDSERVER">
+ <parameter moreinfo="none">password server</parameter></link>,
+ <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user
+ script</parameter></link>.</para>
+</description>
+
+<value type="default"/>
+<value type="example">/usr/local/samba/bin/add_user %u</value>
+</samba:parameter>
generated by cgit (git 2.34.1) at 2024-12-16 19:55:11 +0000