| [926] | 1 | Local Samba users and groups 1.0.4
|
|---|
| 2 | ==================================
|
|---|
| [287] | 3 |
|
|---|
| 4 | With smbusers.exe you can
|
|---|
| 5 | - add users
|
|---|
| 6 | - remove users
|
|---|
| 7 | - add groups
|
|---|
| 8 | - remove groups
|
|---|
| 9 | - map (unix) groups to Samba groups (or as they are called: NT groups)
|
|---|
| 10 | - add users to groups
|
|---|
| 11 | - remove users from groups
|
|---|
| 12 | - view all (and edit some) user properties
|
|---|
| 13 | - configure Samba usermap feature
|
|---|
| 14 | - configure builtin Samba policies
|
|---|
| 15 |
|
|---|
| 16 | Specify --user=yourusername%yourpassword on the commandline to bypass the
|
|---|
| 17 | initial login dialog. If you want to create a WPS object that performs
|
|---|
| 18 | automatic login use --user=yourusername|yourpassword .
|
|---|
| 19 |
|
|---|
| 20 | Currently smbusers.exe checks several files for errors and corrects them:
|
|---|
| 21 |
|
|---|
| 22 | - master.passwd : duplicate entries, UID mismatch and missing user records
|
|---|
| 23 | - Samba users db : UID mismatch, corrupt Smb user (detected only)
|
|---|
| 24 | - group : duplicate entries, missing users, nonexisting users,
|
|---|
| 25 | missing trailing comma
|
|---|
| 26 | - Samba groups : Detect when Samba has forgotten about its groups and only
|
|---|
| 27 | the mapping is still there
|
|---|
| 28 |
|
|---|
| 29 | Editable fields on the users and groups page (alt-left-click into the field)
|
|---|
| 30 | can savely be edited, press "Save" to save to disk.
|
|---|
| 31 |
|
|---|
| 32 | You can perform the following tasks with smbusers.exe:
|
|---|
| 33 |
|
|---|
| 34 | "Users" page:
|
|---|
| 35 |
|
|---|
| 36 | Right click on the columns titles to customize the layout.
|
|---|
| 37 |
|
|---|
| 38 | NOTE: The preconfigured layout is recommended, in case you are not
|
|---|
| 39 | interested into more technical details.
|
|---|
| 40 |
|
|---|
| 41 | NOTE: There is an alternative icon view on the users page, which does not
|
|---|
| 42 | have a particular purpose at this time.
|
|---|
| [926] | 43 |
|
|---|
| 44 | NOTE: Version 1.0.0 optionally also stores the crypted password in
|
|---|
| 45 | master.passwd. You have to turn on this feature manually.
|
|---|
| [287] | 46 |
|
|---|
| 47 | Right click to bring up a context menu.
|
|---|
| 48 |
|
|---|
| 49 | - "Add users": Create new user accounts, these are added both to Samba, the
|
|---|
| 50 | kLIBC files and SWAT. In case the selected user is only a kLIBC
|
|---|
| 51 | user instead of adding a new user the kLIBC user info is shown
|
|---|
| 52 | in order to add Samba user information. This behavior is not
|
|---|
| 53 | intuitive and might be changed in future releases.
|
|---|
| 54 | - "Remove users": The opposite of the above.
|
|---|
| 55 |
|
|---|
| 56 | - "Join group": Add an existing user to an existing group
|
|---|
| 57 | - "Leave group": The opposite of the above.
|
|---|
| 58 |
|
|---|
| 59 | Doubleclick on a user brings up Samba user properties dialogue.
|
|---|
| 60 |
|
|---|
| 61 | This is another (pseudo) notebook with 3 pages:
|
|---|
| 62 |
|
|---|
| 63 | Account flags: Here you can change several user account flags.
|
|---|
| 64 |
|
|---|
| 65 | Profile data: Several of these can be changed now by alt-left-click into
|
|---|
| 66 | the value fields (like on users and group page).
|
|---|
| 67 |
|
|---|
| 68 | Group memberships: Show in which groups the current user is a member.
|
|---|
| 69 |
|
|---|
| 70 | Uncheck the "Show editable fields only" to show all fields.
|
|---|
| 71 |
|
|---|
| 72 | In addition you can modify values using the "pdbedit console" found on this
|
|---|
| 73 | window.
|
|---|
| 74 |
|
|---|
| 75 | NOTE: Due to a bug in the OS/2 Samba code, you MUST NOT add the first guest
|
|---|
| 76 | account to any group at the moment - doing so will make Samba loose
|
|---|
| 77 | the whole group information upon the next restart (see Samba Ticket #59
|
|---|
| 78 | for details). If this happened to you, stop Samba, delete the file
|
|---|
| 79 | group_mapping.tdb in the lock directory and run the rebuild script
|
|---|
| 80 | (below to get Samba groups back).
|
|---|
| 81 |
|
|---|
| 82 | "Groups" page:
|
|---|
| 83 |
|
|---|
| 84 | Right click on the columns titles to customize the layout.
|
|---|
| 85 | NOTE: The preconfigured layout is recommended, in case you are not
|
|---|
| 86 | interested into more technical details.
|
|---|
| 87 |
|
|---|
| 88 | Right click to bring up a context menu.
|
|---|
| 89 |
|
|---|
| 90 | - "Add group": Create a new group, both for Samba and kLIBC.
|
|---|
| 91 | - "Map group": Tie a new Samba group to an existing kLIBC group.
|
|---|
| 92 | - "Delete group": Opposite of "add group"
|
|---|
| 93 | - "Unmap group": Opposite of "map group"
|
|---|
| 94 | - "Script": Create a script of the current Samba groups in order to recreate
|
|---|
| 95 | groups in case of an error (created for exploring Ticket #59). You
|
|---|
| 96 | still can create the rebuild script in case the group information
|
|---|
| 97 | is already lost as part of the information is still accessible).
|
|---|
| 98 | Do not forget to remove the offending guest account also from the
|
|---|
| 99 | user list in the etc\group file.
|
|---|
| 100 | - "Well-known": As long as no groups exists, this will create the well-known
|
|---|
| 101 | Samba groups that should be present in every Samba installation.
|
|---|
| 102 |
|
|---|
| 103 | "Policies" page
|
|---|
| 104 |
|
|---|
| 105 | The Policies page found in Version 0.9.0 or better acts as a front end to
|
|---|
| 106 | pdbedit.exe policy editing capabilities. The drop down box lists all available
|
|---|
| 107 | policies and allows to update their values. In addition you may reset all
|
|---|
| 108 | policies to their default values.
|
|---|
| 109 |
|
|---|
| 110 | "Settings" page
|
|---|
| 111 |
|
|---|
| 112 | The Settings page found in Version 0.5.0 or better has the following options:
|
|---|
| 113 |
|
|---|
| 114 | "Debug": Previously found on the main window, opens a console window and
|
|---|
| 115 | shows useful log information
|
|---|
| 116 |
|
|---|
| 117 | "Fix errors": smbusers.exe detects several errors in master.passwd and group
|
|---|
| 118 | files and optionally coorects them. This option was present in
|
|---|
| 119 | older versions of smbusers.exe, just not changeable. You should
|
|---|
| 120 | leave it on normally.
|
|---|
| 121 |
|
|---|
| 122 | "Syncronize GECOS with Samba Full name": The GECOS field in master.passwd
|
|---|
| 123 | usually holds the full name of the user, much like the Samba Full name
|
|---|
| 124 | field. However per definition the GECOS field also may hold address
|
|---|
| 125 | data and so on. If you want to store address data in the GECOS field
|
|---|
| 126 | disable this option.
|
|---|
| 127 |
|
|---|
| 128 | "Syncronize primary GID": This rather experimental option makes sure that the
|
|---|
| 129 | GID field in master.passwd is the same as the RID stored by Samba.
|
|---|
| 130 | Usually that is the case anyway. This option is useful on older
|
|---|
| 131 | installations, where the GID field was set to UID. Samba internally
|
|---|
| 132 | set the RID to 513 (users) in that case. This option takes care of
|
|---|
| 133 | this situation and changes the GID appropriately.
|
|---|
| 134 | NOTE: The "guest" account is not touched, as this would trigger a
|
|---|
| 135 | Ticket #59 situation (groups broken).
|
|---|
| 136 |
|
|---|
| [926] | 137 | NOTE: If smbusers.exe detects an error during startup (inspect the console
|
|---|
| 138 | for "ERROR could not find ...." messages), it will not let you save any
|
|---|
| 139 | changes to disk, as this might make the situation worse than it is.
|
|---|
| 140 |
|
|---|
| 141 | NOTE: Make sure you have read and understood Ticket #59 at
|
|---|
| 142 | http://svn.netlabs.org/samba before using smbusers.exe!
|
|---|
| [287] | 143 |
|
|---|
| [926] | 144 | NOTE: Ticket #59 seems to be gone in Samba 3.3.x!
|
|---|
| 145 |
|
|---|
| 146 | NOTE: smbusers.exe needs rexxini.dll, drctl017.dll, rxcrypt.dll and vrobj.dll
|
|---|
| 147 | somewhere in the LIBPATH. In case you installed a recent Samba WPI this
|
|---|
| 148 | is requirement is fullfilled.
|
|---|
| 149 |
|
|---|
| 150 | NOTE: Version 0.5.0 or better are designed to work with the new usermod.cmd
|
|---|
| 151 | script (enclosed for conveniance), which replaces useradd.cmd,
|
|---|
| 152 | userren.cmd and userdel.cmd. Don't forget to update your smb.conf
|
|---|
| 153 | (look into usermod.cmd to see what changes need to be done!).
|
|---|
| 154 |
|
|---|
| 155 | NOTE: In case it is not possible to change smb.conf there are forwarder
|
|---|
| 156 | scripts included that translate the old calling convention into the
|
|---|
| 157 | new one.
|
|---|
| 158 |
|
|---|
| 159 |
|
|---|
| [287] | 160 | How to get back to a working state in case of a pwd_mkdb.exe error:
|
|---|
| 161 |
|
|---|
| 162 | 1. Copy %UNIXROOT%\ETC\master.passwd.bak to master.passwd
|
|---|
| 163 | 2. Copy %UNIXROOT%\ETC\group.bak to group
|
|---|
| 164 | 3. Remove %UNIXROOT%\ETC\*db.tmp
|
|---|
| 165 | 4. Run pwd_mkdb.exe -d %UNIXROOT%\ETC %UNIXROOT%\ETC\master.passwd
|
|---|
| 166 | Running usermod.cmd with parameters does exactly that.
|
|---|
| 167 |
|
|---|
| 168 | You should be back now.
|
|---|
| 169 |
|
|---|
| 170 | Bug reports appreciated.
|
|---|
| [926] | 171 | mailto:herwig.bauernfeind@bitwiseworks.com
|
|---|
