Context Navigation

source: npl/fileserver/smb-ldap-tool/modified/smbldap-useradd @ 105afb5

Last change on this file since 105afb5 was 3187b26, checked in by Edwin Eefting <edwin@datux.nl>, 7 years ago
flush nscd cache when modifying users
Property mode set to `100755`
File size: 22.5 KB

Line
1	#!/usr/bin/perl -w
2
3	# $Id: smbldap-useradd 6139 2015-07-13 11:38:44Z edwin $
4	#
5	# This code was developped by IDEALX (http://IDEALX.org/) and
6	# contributors (their names can be found in the CONTRIBUTORS file).
7	#
8	# Copyright (C) 2002 IDEALX
9	#
10	# This program is free software; you can redistribute it and/or
11	# modify it under the terms of the GNU General Public License
12	# as published by the Free Software Foundation; either version 2
13	# of the License, or (at your option) any later version.
14	#
15	# This program is distributed in the hope that it will be useful,
16	# but WITHOUT ANY WARRANTY; without even the implied warranty of
17	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	# GNU General Public License for more details.
19	#
20	# You should have received a copy of the GNU General Public License
21	# along with this program; if not, write to the Free Software
22	# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
23	# USA.
24
25	# Purpose of smbldap-useradd : user (posix,shadow,samba) add
26
27	use strict;
28
29	use FindBin;
30	use FindBin qw($RealBin);
31	use lib "$RealBin/";
32	use smbldap_tools;
33	use Crypt::SmbHash;
34	#####################
35
36
37	use Getopt::Std;
38	my %Options;
39
40	my $ok = getopts('o:abnmwiPG:u:O:g:d:s:c:k:t:A:B:C:D:E:F:H:M:N:S:T:W:?', \%Options);
41
42	if ( (!$ok) \|\| (@ARGV < 1) \|\| ($Options{'?'}) ) {
43	print_banner;
44	print "Usage: $0 [-awmugdsckABCDEFGHMNPST?] username\n";
45	print " -o add the user in the organizational unit (relative to the user suffix)\n";
46	print " -a is a Windows User (otherwise, Posix stuff only)\n";
47	print " -b is a AIX User\n";
48	print " -w is a Windows Workstation (otherwise, Posix stuff only)\n";
49	print " -i is a trust account (Windows Workstation)\n";
50	print " -u uid\n";
51	print " -O Organization\n";
52	print " -g gid\n";
53	print " -G supplementary comma-separated groups\n";
54	print " -n do not create a group\n";
55	print " -d home\n";
56	print " -s shell\n";
57	print " -c gecos\n";
58	print " -m creates home directory and copies /etc/skel\n";
59	print " -k skeleton dir (with -m)\n";
60	print " -t time. Wait 'time' seconds before exiting (when adding Windows Workstation)\n";
61	print " -P ends by invoking smbldap-passwd\n";
62	print " -A can change password ? 0 if no, 1 if yes\n";
63	print " -B must change password ? 0 if no, 1 if yes\n";
64	print " -C sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
65	print " -D sambaHomeDrive (letter associated with home share, like 'H:')\n";
66	print " -E sambaLogonScript (DOS script to execute on login)\n";
67	print " -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
68	print " -H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
69	print " -N surname\n";
70	print " -S family name\n";
71	print " -M local mailAddress (comma seperated)\n";
72	print " -T mailToAddress (forward address) (comma seperated)\n";
73	print " -W set groupwareServer field to this value. (used by custom usersync scripts)\n";
74	print " -? show this help message\n";
75	exit (1);
76	}
77
78	my $ldap_master=connect_ldap_master();
79
80
81	# cause problems when dealing with getpwuid because of the
82	# negative ttl and ldap modification
83	my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
84
85	if ($nscd_status == 0) {
86	system "/etc/init.d/nscd stop > /dev/null 2>&1";
87	}
88
89
90	# Read only first @ARGV
91	my $userName = $ARGV[0];
92
93	# For computers account, add a trailing dollar if missing
94	if (defined($Options{'w'})) {
95	if ($userName =~ /[^\$]$/s) {
96	$userName .= "\$";
97	}
98	}
99
100	# untaint $userName (can finish with one or two $)
101	if ($userName =~ /^([\w -.]+\$?)$/) {
102	$userName = $1;
103	} else {
104	print "$0: illegal username\n";
105	exit (1);
106	}
107
108	# user must not exist in LDAP (should it be nss-wide ?)
109	my ($rc, $dn) = get_user_dn2($userName);
110	if ($rc and defined($dn)) {
111	print "$0: user $userName exists\n";
112	exit (9);
113	} elsif (!$rc) {
114	print "$0: error in get_user_dn2\n";
115	exit(10);
116	}
117
118	# Read options
119	# we create the user in the specified ou (relative to the users suffix)
120	my $user_ou=$Options{'o'};
121	my $node;
122	if (defined $user_ou) {
123	if (!($user_ou =~ m/^ou=(.*)/)) {
124	$node=$user_ou;
125	$user_ou="ou=$user_ou";
126	} else {
127	($node)=($user_ou=~m/ou=(.*)/);
128	}
129	# $config{usersdn}="$user_ou,$config{usersdn}";
130	# if the ou does not exist, we create it
131	my $mesg = $ldap_master->search ( base => "$config{usersdn}",
132	scope => "one",
133	filter => "(&(objectClass=organizationalUnit)(ou=$node))"
134	);
135	$mesg->code && die $mesg->error;
136	if ($mesg->count eq 0) {
137	print "creating $user_ou first (as $user_ou,$config{usersdn})\n";
138	# add organizational unit
139	my $add = $ldap_master->add ("ou=$node,$config{usersdn}",
140	attr => [
141	'objectclass' => ['top','organizationalUnit','zarafa-company'],
142	'ou' => "$node"
143	]
144	);
145	$add->code && die "failed to add entry: ", $add->error ;
146	}
147	$config{usersdn}="$user_ou,$config{usersdn}";
148	}
149
150	my $userUidNumber = $Options{'u'};
151	if (!defined($userUidNumber)) {
152	$userUidNumber=get_next_id($config{usersdn},"uidNumber");
153	} elsif (getpwuid($userUidNumber)) {
154	die "Uid already exists.\n";
155	}
156
157	if ($nscd_status == 0) {
158	system "/etc/init.d/nscd start > /dev/null 2>&1";
159	}
160	system "nscd -i passwd; nscd -i group";
161
162	my $createGroup = 0;
163	my $userGidNumber = $Options{'g'};
164	# gid not specified ?
165	if (!defined($userGidNumber)) {
166	# windows machine => $config{defaultComputerGid}
167	if (defined($Options{'w'})) {
168	$userGidNumber = $config{defaultComputerGid};
169	# } elsif (!defined($Options{'n'})) {
170	# create new group (redhat style)
171	# find first unused gid starting from $config{GID_START}
172	# while (defined(getgrgid($config{GID_START}))) {
173	# $config{GID_START}++;
174	# }
175	# $userGidNumber = $config{GID_START};
176
177	# $createGroup = 1;
178
179	} else {
180	# user will have gid = $config{defaultUserGid}
181	$userGidNumber = $config{defaultUserGid};
182	}
183	} else {
184	my $gid;
185	if (($gid = parse_group($userGidNumber)) < 0) {
186	print "$0: unknown group $userGidNumber\n";
187	exit (6);
188	}
189	$userGidNumber = $gid;
190	}
191
192	my $group_entry;
193	my $userGroupSID;
194	my $userRid;
195	my $user_sid;
196	if (defined $Options{'a'} or defined $Options{'i'}) {
197	# as grouprid we use the value of the sambaSID attribute for
198	# group of gidNumber=$userGidNumber
199	$group_entry = read_group_entry_gid($userGidNumber);
200	$userGroupSID = $group_entry->get_value('sambaSID');
201	unless ($userGroupSID) {
202	print "Error: SID not set for unix group $userGidNumber\n";
203	print "check if your unix group is mapped to an NT group\n";
204	exit (7);
205	}
206
207	# as rid we use 2 * uid + 1000
208	$userRid = 2 * $userUidNumber + 1000;
209	# let's test if this SID already exist
210	$user_sid="$config{SID}-$userRid";
211	my $test_exist_sid=does_sid_exist($user_sid,$config{usersdn});
212	if ($test_exist_sid->count == 1) {
213	print "User SID already owned by\n";
214	# there should not exist more than one entry, but ...
215	foreach my $entry ($test_exist_sid->all_entries) {
216	my $dn= $entry->dn;
217	chomp($dn);
218	print "$dn\n";
219	}
220	exit(7);
221	}
222	}
223
224	my $userHomeDirectory;
225	my ($givenName,$userCN, $userSN);
226	my @userMailLocal;
227	my @userMailTo;
228	my $tmp;
229	if (!defined($userHomeDirectory = $Options{'d'})) {
230	$userHomeDirectory = &subst_user($config{userHome}, $userName);
231	}
232	# RFC 2256
233	# sn: : nom (option S)
234	# givenName: prenom (option N)
235	# cn: person's full name
236	$userHomeDirectory=~s/\/\//\//;
237	$config{userLoginShell} = $tmp if (defined($tmp = $Options{'s'}));
238	$config{userGecos} = $tmp if (defined($tmp = $Options{'c'}));
239	$config{skeletonDir} = $tmp if (defined($tmp = $Options{'k'}));
240	$givenName = (utf8Encode($Options{'N'}) \|\| $userName);
241	$userSN = (utf8Encode($Options{'S'}) \|\| $userName);
242	if ($Options{'N'} and $Options{'S'}) {
243	$userCN="$givenName"." $userSN";
244	} else {
245	$userCN=$userName;
246	}
247
248	@userMailLocal = &split_arg_comma($Options{'M'});
249	@userMailTo = &split_arg_comma($Options{'T'});
250
251	########################
252
253	# MACHINE ACCOUNT
254	if (defined($Options{'w'}) or defined($Options{'i'})) {
255
256	# if Options{'i'} and username does not end with $ caracter => we add it
257	if ( $Options{'i'} and !($userName =~ m/\$$/) ) {
258	$userName.="\$";
259	}
260
261	if (!add_posix_machine ($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
262	die "$0: error while adding posix account\n";
263	}
264
265	if (defined($Options{'i'})) {
266	# For machine trust account
267	# Objectclass sambaSAMAccount must be added now !
268	my $pass;
269	my $pass2;
270
271	system "stty -echo";
272	print "New password : ";
273	chomp($pass=<STDIN>);
274	print "\n";
275	system "stty echo";
276
277	system "stty -echo";
278	print "Retype new password : ";
279	chomp($pass2=<STDIN>);
280	print "\n";
281	system "stty echo";
282
283	if ($pass ne $pass2) {
284	print "New passwords don't match!\n";
285	exit (10);
286	}
287	my ($lmpassword,$ntpassword) = ntlmgen $pass;
288	my $date=time;
289	my $modify = $ldap_master->modify ( "uid=$userName,$config{computersdn}",
290	changes => [
291	replace => [objectClass => ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
292	add => [sambaLogonTime => '0'],
293	add => [sambaLogoffTime => '2147483647'],
294	add => [sambaKickoffTime => '2147483647'],
295	add => [sambaPwdCanChange => '0'],
296	add => [sambaPwdMustChange => '2147483647'],
297	add => [sambaPwdLastSet => "$date"],
298	add => [sambaAcctFlags => '[I ]'],
299	add => [sambaLMPassword => "$lmpassword"],
300	add => [sambaNTPassword => "$ntpassword"],
301	add => [sambaSID => "$user_sid"],
302	add => [sambaPrimaryGroupSID => "$config{SID}-515"]
303	]
304	);
305
306	$modify->code && die "failed to add entry: ", $modify->error ;
307	}
308
309	$ldap_master->unbind;
310	exit 0;
311	}
312
313	# USER ACCOUNT
314	# add posix account first
315	my $add;
316	#Syn-3 uses option $Options{'a'} to add a user
317	# if AIX account, inetOrgPerson obectclass can't be used
318	if (defined($Options{'b'})) {
319	$add = $ldap_master->add ("uid=$userName,$config{usersdn}",
320	attr => [
321	'objectclass' => ['top','person', 'organizationalPerson', 'posixAccount','shadowAccount'],
322	'cn' => "$userCN",
323	'sn' => "$userSN",
324	'uid' => "$userName",
325	'uidNumber' => "$userUidNumber",
326	'gidNumber' => "$userGidNumber",
327	'homeDirectory' => "$userHomeDirectory",
328	'loginShell' => "$config{userLoginShell}",
329	'gecos' => "$config{userGecos}",
330	'userPassword' => "{crypt}x"
331	]
332	);
333	} else {
334	#extra info for Syn-3
335	my $SHADOW_MIN = "0";
336	my $SHADOW_MAX = "9999";
337	my $SHADOW_WARN = "7";
338	my $SHADOW_EXPIRE = "0";
339	my $OrganiZation=$Options{'O'};
340	my $PREF_LANG = "NL";
341	my $MAIL_ENAB = "OK";
342	my $OX_APP_DAYS = "5";
343	my $STD_GID = "500";
344	my $INET_MAIL = "TRUE";
345	my $OX_TASK_DAYS = "5";
346	my $OX_TZ = "Europe/Amsterdam";
347	my $WRITE_GLOBAL_ADDR = "TRUE";
348
349	my $GROUPWARE_SERVER="none";
350	if (defined($Options{'W'}))
351	{
352	$GROUPWARE_SERVER=$Options{'W'};
353	}
354
355	$add = $ldap_master->add ("uid=$userName,$config{usersdn}",
356	attr => [
357	'objectclass' => ['top','inetOrgPerson','posixAccount','shadowAccount','person','organizationalPerson','OXUserObject'],
358	'cn' => "$userCN",
359	'sn' => "$userSN",
360	'givenName' => "$givenName",
361	'uid' => "$userName",
362	'uidNumber' => "$userUidNumber",
363	'gidNumber' => "$userGidNumber",
364	'homeDirectory' => "$userHomeDirectory",
365	'loginShell' => "$config{userLoginShell}",
366	'gecos' => "$config{userGecos}",
367	'userPassword' => "{crypt}x",
368	#'OpenLDAPaci' => "1#entry#grant;r,w,s,c;cn,initials,mail,title,ou,l,birthday,description,street,postalcode,st,c,oxtimezone,homephone,mobile,pager,facsimiletelephonenumber,telephonenumber,labeleduri,jpegphoto,loginDestination,sn,givenname,;r,s,c;[all]#self#",
369	'shadowMin' => "$SHADOW_MIN",
370	'shadowMax' => "$SHADOW_MAX",
371	'shadowWarning' => "$SHADOW_WARN",
372	'shadowExpire' => "$SHADOW_EXPIRE",
373	'description' => "$userName",
374	'givenName' => "$userSN $userCN",
375	'o' => "$OrganiZation",
376	'preferredLanguage' => "$PREF_LANG",
377	'userCountry' => "Syn3world",
378	'mailEnabled' => "$MAIL_ENAB",
379	'lnetMailAccess' => "$INET_MAIL",
380	'OXAppointmentDays' => "$OX_APP_DAYS",
381	'OXGroupID' => "$STD_GID",
382	'OXTaskDays' => "$OX_TASK_DAYS",
383	'OXTimeZone' => "$OX_TZ",
384	'writeGlobalAddressBook' => "$WRITE_GLOBAL_ADDR",
385	'groupwareServer' => "$GROUPWARE_SERVER"
386	]
387	);
388	}
389	$add->code && warn "failed to add entry: ", $add->error ;
390
391	my $add2 = $ldap_master->add ("ou=addr,uid=$userName,$config{usersdn}", attr => [ 'objectclass' => ['top','organizationalUnit'], 'ou' => "addr" ] );
392
393	my $add3 = $ldap_master->modify ("cn=AddressAdmins,o=AddressBook,$config{suffix}",add => { member => "uid=$userName,$config{usersdn}" });
394	$add3->code && warn "failed to add entry: ", $add3->error ;
395
396
397	#if ($createGroup) {
398	# group_add($userName, $userGidNumber);
399	#}
400
401	if ($userGidNumber != $config{defaultUserGid}) {
402	group_add_user($userGidNumber, $userName);
403	}
404
405	my $grouplist;
406	# adds to supplementary groups
407	if (defined($grouplist = $Options{'G'})) {
408	add_grouplist_user($grouplist, $userName);
409	}
410
411	# If user was created successfully then we should create his/her home dir
412	if (defined($tmp = $Options{'m'})) {
413	unless ( $userName =~ /\$$/ ) {
414	if ( !(-e $userHomeDirectory) ) {
415	system "mkdir $userHomeDirectory 2>/dev/null";
416	system "cp -a $config{skeletonDir}/.[a-z,A-Z]* $config{skeletonDir}/* $userHomeDirectory 2>/dev/null";
417	system "chown -R $userUidNumber:$userGidNumber $userHomeDirectory 2>/dev/null";
418	if (defined $config{userHomeDirectoryMode}) {
419	system "chmod $config{userHomeDirectoryMode} $userHomeDirectory 2>/dev/null";
420	} else {
421	system "chmod 700 $userHomeDirectory 2>/dev/null";
422	}
423	}
424	}
425	}
426
427	# we start to defined mail adresses if option M or T is given in option
428	my @adds;
429	if (@userMailLocal) {
430	my @mail;
431	foreach my $m (@userMailLocal) {
432	my $domain = $config{mailDomain};
433	if ($m =~ /^(.+)@/) {
434	push (@mail, $m);
435	# mailLocalAddress contains only the first part
436	$m= $1;
437	} else {
438	push(@mail, $m.($domain ? '@'.$domain : ''));
439	}
440	}
441	push(@adds, 'mailLocalAddress' => [ @userMailLocal ]);
442	push(@adds, 'mail' => [ @mail ]);
443	}
444	if (@userMailTo) {
445	push(@adds, 'mailRoutingAddress' => [ @userMailTo ]);
446	}
447	if (@userMailLocal \|\| @userMailTo) {
448	push(@adds, 'objectClass' => 'inetLocalMailRecipient');
449	}
450
451	# Add Samba user infos
452	if (defined($Options{'a'})) {
453	if (!$config{with_smbpasswd}) {
454
455	my $winmagic = 2147483647;
456	my $valpwdcanchange = 0;
457	my $valpwdmustchange = $winmagic;
458	my $valpwdlastset = 0;
459	my $valacctflags = "[UX]";
460
461	if (defined($tmp = $Options{'A'})) {
462	if ($tmp != 0) {
463	$valpwdcanchange = "0";
464	} else {
465	$valpwdcanchange = "$winmagic";
466	}
467	}
468
469	if (defined($tmp = $Options{'B'})) {
470	if ($tmp != 0) {
471	$valpwdmustchange = "0";
472	# To force a user to change his password:
473	# . the attribut sambaPwdLastSet must be != 0
474	# . the attribut sambaAcctFlags must not match the 'X' flag
475	$valpwdlastset=$winmagic;
476	$valacctflags = "[U]";
477	} else {
478	$valpwdmustchange = "$winmagic";
479	}
480	}
481
482	if (defined($tmp = $Options{'H'})) {
483	$valacctflags = "$tmp";
484	}
485
486
487	my $modify = $ldap_master->modify ( "uid=$userName,$config{usersdn}",
488	changes => [
489	add => [objectClass => 'sambaSAMAccount'],
490	add => [sambaPwdLastSet => "$valpwdlastset"],
491	add => [sambaLogonTime => '0'],
492	add => [sambaLogoffTime => '2147483647'],
493	add => [sambaKickoffTime => '2147483647'],
494	add => [sambaPwdCanChange => "$valpwdcanchange"],
495	add => [sambaPwdMustChange => "$valpwdmustchange"],
496	add => [displayName => "$config{userGecos}"],
497	add => [sambaAcctFlags => "$valacctflags"],
498	add => [sambaSID => "$config{SID}-$userRid"]
499	]
500	);
501
502	$modify->code && die "failed to add entry: ", $modify->error ;
503
504	} else {
505	my $FILE="\|smbpasswd -s -a $userName >/dev/null" ;
506	open (FILE, $FILE) \|\| die "$!\n";
507	print FILE <<EOF;
508	x
509	x
510	EOF
511	;
512	close FILE;
513	if ($?) {
514	print "$0: error adding samba account\n";
515	exit (10);
516	}
517	} # with_smbpasswd
518
519	$tmp = defined($Options{'E'}) ? $Options{'E'} : $config{userScript};
520	my $valscriptpath = &subst_user($tmp, $userName);
521
522	$tmp = defined($Options{'C'}) ? $Options{'C'} : $config{userSmbHome};
523	my $valsmbhome = &subst_user($tmp, $userName);
524
525	my $valhomedrive = defined($Options{'D'}) ? $Options{'D'} : $config{userHomeDrive};
526	# if the letter is given without the ":" symbol, we add it
527	$valhomedrive .= ':' if ($valhomedrive && $valhomedrive !~ /:$/);
528
529	$tmp = defined($Options{'F'}) ? $Options{'F'} : $config{userProfile};
530	my $valprofilepath = &subst_user($tmp, $userName);
531
532	if ($valhomedrive) {
533	push(@adds, 'sambaHomeDrive' => $valhomedrive);
534	}
535	if ($valsmbhome) {
536	push(@adds, 'sambaHomePath' => $valsmbhome);
537	}
538
539	if ($valprofilepath) {
540	push(@adds, 'sambaProfilePath' => $valprofilepath);
541	}
542	if ($valscriptpath) {
543	push(@adds, 'sambaLogonScript' => $valscriptpath);
544	}
545	if (!$config{with_smbpasswd}) {
546	push(@adds, 'sambaPrimaryGroupSID' => $userGroupSID);
547	push(@adds, 'sambaLMPassword' => "XXX");
548	push(@adds, 'sambaNTPassword' => "XXX");
549	}
550	my $modify = $ldap_master->modify ( "uid=$userName,$config{usersdn}",
551	add => {
552	@adds
553	}
554	);
555
556	$modify->code && die "failed to add entry: ", $modify->error ;
557	}
558
559	# add AIX user
560	if (defined($Options{'b'})) {
561	my $modify = $ldap_master->modify ( "uid=$userName,$config{usersdn}",
562	changes => [
563	add => [objectClass => 'aixAuxAccount'],
564	add => [passwordChar => "!"],
565	add => [isAdministrator => "false"]
566	]
567	);
568
569	$modify->code && die "failed to add entry: ", $modify->error ;
570	}
571
572
573	$ldap_master->unbind; # take down session
574
575
576	if (defined($Options{'P'})) {
577	exec "$RealBin/smbldap-passwd \"$userName\""
578	}
579
580	exit 0;
581
582	########################################
583
584	=head1 NAME
585
586	smbldap-useradd - Create a new user
587
588	=head1 SYNOPSIS
589
590	smbldap-useradd [-o user_ou] [-c comment] [-d home_dir] [-g initial_group] [-G group[,...]] [-m [-k skeleton_dir]] [-s shell] [-u uid [ -o]] [-P] [-A canchange] [-B mustchange] [-C smbhome] [-D homedrive] [-E scriptpath] [-F profilepath] [-H acctflags] login
591
592	=head1 DESCRIPTION
593
594	Creating New Users
595	The smbldap-useradd command creates a new user account using the values specified on the command line and the default values from the system and from the configuration files (in /etc/smbldap-tools directory).
596
597	For Samba users, rid is '2uidNumber+1000', and sambaPrimaryGroupSID is '$SID-2gidNumber+1001', where $SID is the domain SID. Thus you may want to use :
598	$ smbldap-useradd -a -g "Domain Admins" -u 500 Administrator
599	to create an domain administrator account (admin rid is 0x1F4 = 500 and grouprid is 0x200 = 512).
600
601	Without any option, the account created will be an Unix (Posix) account. The following options may be used to add information:
602
603	-o
604	The user's account will be created in the specified organazional unit. It is relative to the user suffix dn ($usersdn) defined in the configuration file.
605
606	-a
607	The user will have a Samba account (and Unix).
608
609	-b
610	The usrer is an AIX acount
611
612	-w
613	Creates an account for a Samba machine (Workstation), so that it can join a sambaDomainName.
614
615	-i
616	Creates an interdomain trust account (machine Workstation). A password will be asked for the trust account.
617
618	-c "comment"
619	The new user's comment field (gecos).
620
621	-d home_dir
622	The new user will be created using home_dir as the value for the user's login directory. The default is to append the login name to userHomePrefix (defined in the configuration file) and use that as the login directory name.
623
624	-g initial_group
625	The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group. The default group number is defined in the configuration file (defaultUserGid="513").
626
627	-G group,[...]
628	A list of supplementary groups which the user is also a member of. Each group is separated to the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. The default is for the user to belong only to the initial group.
629
630	-m
631	The user's home directory will be created if it does not exist. The files contained in skeletonDir will be copied to the home directory if the -k option is used, otherwise the files contained in /etc/skel will be used instead. Any directories contained in skeletonDir or /etc/skel will be created in the user's home directory as well. The -k option is only valid in conjunction with the -m option. The default is to not create the directory and to not copy any files.
632
633	-s shell
634	The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell.
635
636	-t time
637	Wait <time> seconds before exiting script when adding computer's account. This is useful when Master/PDC and Slaves/BDCs are connected through the internet (replication is not real time)
638
639	-u uid
640	The numerical value of the user's ID. This value must be unique, unless the -o option is used. The value must be nonnegative. The default is to use the smallest ID value greater than 1000 and greater than every other user.
641
642	-P
643	ends by invoking smbldap-passwd
644
645	-A
646	can change password ? 0 if no, 1 if yes
647
648	-B
649	must change password ? 0 if no, 1 if yes
650
651	-C sambaHomePath
652	SMB home share, like '\\\\PDC-SRV\\homes'
653
654	-D sambaHomeDrive
655	letter associated with home share, like 'H:'
656
657	-E sambaLogonScript
658	relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat'
659
660	-F sambaProfilePath
661	profile directory, like '\\\\PDC-SRV\\profiles\\foo'
662
663	-H sambaAcctFlags
664	spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]'
665
666	-M local mail aliases (multiple addresses are seperated by spaces)
667
668	-N canonical name
669	defaults to gecos or username, if gecos not set
670
671	-S surname
672	defaults to username
673
674	-T mailToAddress (forward address) (multiple addresses are seperated by spaces)
675
676	-n do not print banner message
677
678	=head1 SEE ALSO
679
680	useradd(1)
681
682	=cut
683
684	#'

Note: See TracBrowser for help on using the repository browser.

Download in other formats: