1 <samba:parameter xmlns:samba="http://samba.org/common">
2 <term><anchor id="ADDUSERSCRIPT"/>add user script (G)</term>
3 <listitem><para>This is the full pathname to a script that will
4 be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle>
5 <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para>
7 <para>Normally, a Samba server requires that UNIX users are
8 created for all users accessing files on this server. For sites
9 that use Windows NT account databases as their primary user database
10 creating these users and keeping the user list in sync with the
11 Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users
12 <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para>
14 <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle>
15 <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter>
16 and <parameter moreinfo="none">add user script</parameter>
17 must be set to a full pathname for a script that will create a UNIX
18 user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into
19 the UNIX user name to create.</para>
21 <para>When the Windows user attempts to access the Samba server,
22 at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle>
23 <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and
24 attempts to authenticate the given user with the given password. If the
25 authentication succeeds then <command moreinfo="none">smbd</command>
26 attempts to find a UNIX user in the UNIX password database to map the
27 Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script
28 </parameter> is set then <command moreinfo="none">smbd</command> will
29 call the specified script <emphasis>AS ROOT</emphasis>, expanding
30 any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para>
32 <para>If this script successfully creates the user then <command moreinfo="none">smbd
33 </command> will continue on as though the UNIX user
34 already existed. In this way, UNIX users are dynamically created to
35 match existing Windows NT accounts.</para>
37 <para>See also <link linkend="SECURITY"><parameter moreinfo="none">
38 security</parameter></link>, <link linkend="PASSWORDSERVER">
39 <parameter moreinfo="none">password server</parameter></link>,
40 <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user
41 script</parameter></link>.</para>
43 <para>Default: <command moreinfo="none">add user script = <empty string>
46 <para>Example: <command moreinfo="none">add user script = /usr/local/samba/bin/add_user