On Mon, 17 Aug 2009, Miguel Medalha wrote: > >> Isn't that only for samba-ldap? Can I still use them if I am not running >> samba? I don't want to install and run Samba for no particular reason.. > > It can be used to create Posix accounts only. > > The documentation resides here: > > http://download.gna.org/smbldap-tools/docs/ The samba-ldap tools are great. I don't use their mechanism to store the highest UID/GID in use. Instead, I use a script like the one below. It's interactive, but it'd be to modify to take command-line options for full name, username, etc. ----- %< ----- #!/bin/sh # # script for creating a new user account and its corresponding # group account in Samba+LDAP environment using the smbldap tools # ====================================================================== # # let person running this script know what's about to happen # cat <<__eom__ You're about to create a new system account that allows general login and e-mail access. You'll need to know ahead of time the new user's preferred username and his or her full name. The system will take care of the rest... __eom__ # # figure out the highest UID and GID currently in production, but # rule out really high numbers (greater than 8000) which are typically # assigned to pseudo accounts like "nobody." # AWKTEST='END { print HUID } { if (($3 > HUID) && ($3 < 8000)) HUID = $3}' HUID=$(/usr/bin/getent passwd | /bin/gawk -F: "$AWKTEST") HGID=$(/usr/bin/getent group | /bin/gawk -F: "$AWKTEST") # # increment those UID and GID numbers by 1 for use with the new # account # let HUID=$HUID+1 let HGID=$HGID+1 # # poll for new account holder's username and full name. # read -p "Username: " UNAME read -p "Full name: " FNAME # # test to see if username or associated group name is already in use. # exit now if it is. # /usr/bin/getent passwd $UNAME >/dev/null if test $? -eq 0; then echo "" >/dev/stderr echo "Sorry. Username $UNAME is already in use:" >/dev/stderr /usr/bin/getent passwd $UNAME >/dev/stderr echo "" >/dev/stderr echo "Exiting now." >/dev/stderr exit 1 fi /usr/bin/getent group $UNAME >/dev/null if test $? -eq 0; then echo "" >/dev/stderr echo "Sorry. Group $UNAME is already in use:" >/dev/stderr /usr/bin/getent group $UNAME >/dev/stderr echo "" >/dev/stderr echo "Exiting now." >/dev/stderr exit 1 fi # # ask the account creator to verify details of the new account. exit # immediately if things are amiss. # echo echo "Please verify the details of the new account:" echo "=============================================" echo "Full name : $FNAME" echo "Username : $UNAME" echo "UID : $HUID" echo "Group name: $UNAME" echo "GID : $HGID" echo "=============================================" echo read -p "Do you want to create that account [yes/No]? " ANSWER case "$ANSWER" in [yY]es) echo echo "OK. Full steam ahead!" echo ;; [yY]*) echo echo "If you mean 'yes' then you have to type 'yes'" echo exit ;; *) echo echo "You're a cautious one. That's cool. Try again later." echo exit ;; esac # # use the smbldap tools to create the new group account and then # the new user account. those tools don't appear to set the Windows # display-name attibute correctly, however, so use pdbedit for # that task. # echo "Creating new group $UNAME with GID $HGID ..." /usr/sbin/smbldap-groupadd -a -g $HGID $UNAME echo "Creating new user $UNAME with UID $HUID ..." /usr/sbin/smbldap-useradd -a -c "$FNAME" -g $HGID -u $HUID $UNAME echo "Setting Windows display name for user $UNAME ..." /usr/bin/pdbedit -f "$FNAME" $UNAME # # for now, create a random password for the new account, just # to make sure account is not accessed accidentally ... # echo "Installing temporary random password for user $UNAME ..." PASSW=$(/usr/bin/openssl rand -base64 12) echo -e "$PASSW\n$PASSW" | /usr/bin/smbpasswd -s $UNAME # # all done! # echo echo "done ... for now ..." echo ----- %< ----- -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/