Samba TWiki > Samba > SambaUserScripting TWiki webs:
AIX| Classes | HALBOD | HLUG | Helpdesk | Library | Main | Samba | TWiki |
Samba . { Changes | Index | Search | Go }

Samba User Scripting

The Problem

How to add samba users to a Samba server using a script.  Specifically, to the Samba server in Excercise 2.2.3 of Samba 3 by Example .  (An on-line version of Samba 3 by Example is at:  http://us2.samba.org/samba/docs/man/Samba-Guide/)

Background

The excercise gives a table of 10 users in Table 2.1. 

Table 2.1. Accounting Office Network Information

UserLogin-IDPasswordShare NameDirectoryWkst
Alan Meanyalanalm1961alan/dataPC1
James Meanyjamesjimm1962james/data/jamesPC2
Jeannie Meanyjeanniejema1965jeannie/data/jeanniePC3
Suzy Millicentsuzysuzy1967suzy/data/suzyPC4
Ursula Jenningujenujen1974ursula/data/ursulaPC5
Peter Panpeterpete1984peter/data/peterPC6
Dale Rolanddaledale1986dale/data/dalePC7
Bertrand E Paolettiericeric1993eric/data/ericPC8
Russell Lewisrussruss2001russell/data/russellPC9

We are given 14 steps to complete the "Migration from Windows NT4 Workstation System to Samba-3".  We are instructed to do the following for each user: 

6. For each user who uses this system (see Table 2.1), execute the following: 

root# useradd -m -G accts -c "Name of User" "LoginID"
root# passwd "LoginID"
Changing password for user "LoginID"
New Password: XXXXXXXXX <-- the password from the table
Retype new password: XXXXXXXXX
root# smbpasswd -a "LoginID"
New SMB password: XXXXXXXXX <-- the password from the table
Retype new SMB password: XXXXXXXXX
Added user "LoginID"

7. Create the directory structure for the file shares by executing the following: 

root# mkdir -p /data
root# chown alan /data
root# for i in james suzy ursula peter dale eric jeannie russell
> do
> mkdir -p /data/$i
> chown $i /data/$i
> done
root# chgrp -R accts /data
root# chmod -R ug+rwxs,o-r+x /data

13. Verify that the files are being copied correctly from the Windows NT4 machine to the Samba-3 server. This is best done on the Samba-3 server. Check the contents of the directory tree under /data. This can be done by executing the following command: 

root# ls -aR /data
Make certain to check the ownership and permissions on all files. If in doubt, execute the following: 
root# chown alan /data
root# for i in james suzy ursula peter dale eric jeannie russell
> do
> chown $i /data/$i
> done
root# chgrp -R accts /data
root# chmod -R ug+rwxs,o-r+x /data

Discussion

The set exercise calls for an RH 9 server.  Your author runs Debian Woody on his server.  So the current version of this paper is confined to these two distributions.  Fortunately for diversity, unfortunately for consistency, tools bearing the same name vary from distro to distro in their capabilities.  You will have to determine how your  distribution behaves. 

Steps 6 & 7 can be placed in a script, provided we know how to interact with useradd, passwd, & smbpasswd.  Let's look at the supplied versions & their capabilities in our selected distros. 

Distro Command Version Documented Undocumented Unknown
RH 9 useradd ??? -c   PT method
RH 9 passwd ??? --stdin   encrypted
RH 9 smbpasswd 2.2.7a PTA   encrypted
Woody useradd ??? -c   PT method
Woody passwd ??? --stdin  does not work any method
Woody smbpasswd ???   PTA encrypted

Notes

A secure method to add samba users & their passwords would be to provide a table of user information which includes the encrypted password.  There are two flaws in this approach: 

  1. Even though useradd can accept an encrypted password, there is no documented way for smbpasswd to do this. 
  2. All the documentation I can find on crypt (RH et al.) & mcrypt (Debian) is abominable.  There is the implication that you can pipe a plaintext password through these commands to get an encrypted password for useradd, but no straightforward method for doing so.             RTFM...RTFM?...WAFRFM,AH!!

For RH, at least, we will be able to it all in plaintext.  I would capture the user table as a text file (users.txt) & process it using awk.  I would embed the necessary bash commands in the awk script using its (awk's) system command:  

#! /bin/bash
     .
     .
     .
awk -F: ' /^[^#]/ {
      system ( "useradd -m -G accts -c " "\"" $1 "\" " $2)   # Step 6 (1)   
      system ( "echo " $3 "| passwd --stdin " $2)            # Step 6 (2)
      system ( "smbpasswd  " $2 $3 )                         # Step 6 (3)
      system ( "mkdir -p " $5)                               # Step 7 (1)
      system ( "chown " $2 " " $5)                           # Step 7 (2)
   }' users.txt
chgrp -R accts /data                                         # Step 7 (3)
chmod -R ug+rwxs,o-r+x /data                                 # Step 7 (4)
Here is code to test the above awk script:  
# test code
awk -F: ' /^[^#]/ {
      print "useradd -m -G accts -c " "\"" $1 "\" " $2
      print "echo " $3 "  | passwd --stdin " $2
      print "smbpasswd  " $2 $3
      print "mkdir -p " $5
      print "chown " $2 " " $5
      print ""
   }' users.txt  | less

Step 13 can be acomplished by re-running the Step 7 code:  

awk -F\\t '{
      system ( "mkdir -p " $5)                               # Step 7 & 13
      system ( "chown " $2 " " $5)                           # Step 7 & 13 
   }' users.txt
chgrp -R accts /data                                         # Step 7 & 13
chmod -R ug+rwxs,o-r+x /data                                 # Step 7 & 13

.  .  .  .  .  . 

  1. system ( " ")

-- RickArchibald - 21 Mar 2005

Topic SambaUserScripting . { Edit | Attach | 5B%5EA-Za-z%5D">Ref-By | Printable | Diffs | r1.6 | > | r1.5 | > | r1.4 | More }
Revision r1.6 - 22 Mar 2005 - 00:23 GMT - RickArchibald Copyright © 2003-2007 by F. A. Archibald III & the contributing authors