Execute a user script whenever a user is added in the domain

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Execute a user script whenever a user is added in the domain

Samba - General mailing list
Hi,

I am using the ADUC-tool on Windows PCs to add users to the domain. Now I
also need to do some maintance work on the linux server (DC). Is there an
option that I've overlooked or any other way to execute a shell script
whenever a user is added? Ideally it would be executed on each DC.

If there isn't a built-in way, would it be possible by monitoring one of
the ldb-files for changes?

I know of the "add user script" property, but I'm not sure this is still
supported in version 4 and from the description it seems like it is only
executed once a user logs in.

Thanks,
Fabian
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Execute a user script whenever a user is added in the domain

Samba - General mailing list
On Thu, 23 Nov 2017 20:31:46 +0100
Fabian Fritz via samba <[hidden email]> wrote:

> Hi,
>
> I am using the ADUC-tool on Windows PCs to add users to the domain.
> Now I also need to do some maintance work on the linux server (DC).
> Is there an option that I've overlooked or any other way to execute a
> shell script whenever a user is added? Ideally it would be executed
> on each DC.
>
> If there isn't a built-in way, would it be possible by monitoring one
> of the ldb-files for changes?
>
> I know of the "add user script" property, but I'm not sure this is
> still supported in version 4 and from the description it seems like
> it is only executed once a user logs in.
>
> Thanks,
> Fabian

The 'add user script' is run when a user authenticates and smbd cannot
find a Unix user, but on a Unix domain member (or DC) the user is also
a Unix user or isn't, if it isn't, then the user wont get authenticated
by AD so the 'add user script' wont get run.

It might help if you could explain just what you need to do on the DC
when the user is created.

Rowland

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Execute a user script whenever a user is added in the domain

Samba - General mailing list
My DC handle the authentification and some other Samba server provide
shares (they're pure file servers with winbind). Users get their personal
directory as a share with appropriate permissions.

Up until now I used a Samba 3 server to both handle the authentification
and act as a file server. I had a script to create a Samba user, create the
personal directories and set some ZFS quota on it.

Now with AD I want to allow people to easily be able to create users with
the ADUC tool. The DC now is on a separate machine then than file server.
But I still need a way(script) to automatically create the directories.

I already tested using the "add user script" on the file servers, but since
they use winbind, I guess they "find" the user and the script isn't
executed. I think I found a solution though by using 'root preexec', like
suggested here: https://serverfault.com/a/576142/437431

But I would still be interested in also having a way to run a script on the
DC, to add the user to some mailing lists there.

Thanks,
Fabian



2017-11-23 21:09 GMT+01:00 Rowland Penny <[hidden email]>:

> On Thu, 23 Nov 2017 20:31:46 +0100
> Fabian Fritz via samba <[hidden email]> wrote:
>
> > Hi,
> >
> > I am using the ADUC-tool on Windows PCs to add users to the domain.
> > Now I also need to do some maintance work on the linux server (DC).
> > Is there an option that I've overlooked or any other way to execute a
> > shell script whenever a user is added? Ideally it would be executed
> > on each DC.
> >
> > If there isn't a built-in way, would it be possible by monitoring one
> > of the ldb-files for changes?
> >
> > I know of the "add user script" property, but I'm not sure this is
> > still supported in version 4 and from the description it seems like
> > it is only executed once a user logs in.
> >
> > Thanks,
> > Fabian
>
> The 'add user script' is run when a user authenticates and smbd cannot
> find a Unix user, but on a Unix domain member (or DC) the user is also
> a Unix user or isn't, if it isn't, then the user wont get authenticated
> by AD so the 'add user script' wont get run.
>
> It might help if you could explain just what you need to do on the DC
> when the user is created.
>
> Rowland
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Execute a user script whenever a user is added in the domain

Samba - General mailing list
On Sun, 26 Nov 2017 12:55:53 +0100
Fabian Fritz via samba <[hidden email]> wrote:

> My DC handle the authentification and some other Samba server provide
> shares (they're pure file servers with winbind). Users get their
> personal directory as a share with appropriate permissions.
>
> Up until now I used a Samba 3 server to both handle the
> authentification and act as a file server. I had a script to create a
> Samba user, create the personal directories and set some ZFS quota on
> it.
>
> Now with AD I want to allow people to easily be able to create users
> with the ADUC tool. The DC now is on a separate machine then than
> file server. But I still need a way(script) to automatically create
> the directories.
>
> I already tested using the "add user script" on the file servers, but
> since they use winbind, I guess they "find" the user and the script
> isn't executed. I think I found a solution though by using 'root
> preexec', like suggested here: https://serverfault.com/a/576142/437431
>
> But I would still be interested in also having a way to run a script
> on the DC, to add the user to some mailing lists there.
>
> Thanks,
> Fabian

Creating the users home directory on Unix is easy, just add:

session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022

to the end of '/etc/pam.d/common-session'

When the user logs in, their home directory will be created on the fly.
This is on debian, red-hat has something similar 'oddjob-mkhomedir'

Or you could use pam_script to run a script the first time a user logs
on.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba