I would like to reopen bug 1037. We currently use Samba 3.0.2a on SuSE-Linux. In a trust relationship between to PDCs (s1/dom1 and s2/dom2) the user bob (of dom2) logs in on client workstation w1 (member of dom1). During the login- process samba calls the add user script trying to create an account for user bob. Because this is not done as root (as stated in smb.conf(5)) the add user script only works if we run it using sudo. Refering to Jerrys cases (https://bugzilla.samba.org/show_bug.cgi?id=1037#c3) this is a new one: (c) The add user script is used to create an account for a user of a trusted domain which is not already known locally. The user bob is connected to s1 and the add user script is called using the guest context. Thanks. Carsten
I am having the same problem as described by Carsten, but on Debian running samba 3.0.14a-3. My workaround was to run chmod 4755 /usr/sbin/useradd. while this opens up a very large security hole it does work.
The recommended solution at this point is to run winbindd for trusted domains.