Bug 252 - delete user script = /usr/local/samba/bin/del_user %u
delete user script = /usr/local/samba/bin/del_user %u
Product: Samba 3.0
Classification: Unclassified
Component: Config Files
All other
: P2 major
: 3.0.1
Assigned To: Gerald (Jerry) Carter
Depends on:
Blocks: 807 822
  Show dependency treegraph
Reported: 2003-07-25 06:56 UTC by robert ruegner
Modified: 2005-11-14 09:24 UTC (History)
0 users

See Also:

Log of a failed user account deletion using the NT4 domain user manager. (193.88 KB, text/plain)
2003-07-26 12:54 UTC, John H Terpstra
no flags Details
smb.conf file with which failures were found. (3.19 KB, text/plain)
2003-07-26 19:40 UTC, John H Terpstra
no flags Details
RemoveSidForeignDomain (13.55 KB, patch)
2003-12-01 21:28 UTC, Gerald (Jerry) Carter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description robert ruegner 2003-07-25 06:56:06 UTC
man file says 
delete user script (G)
This is the full pathname to a script that will be run by smbd(8) when managing 
users with remote RPC (NT) tools. 

This script is called when a remote client removes a user from the server, 
normally using 'User Manager for Domains' or rpcclient.

This script should delete the given UNIX username.

Default: delete user script = <empty string>

Example: delete user script = /usr/local/samba/bin/del_user %u

this is not working with suse 8.2 with
delete user script = /usr/sbin/userdel %u invoked by usrmgr
Comment 1 robert ruegner 2003-07-25 06:57:11 UTC
in the log there is a message : this is not implemented yet
Comment 2 John H Terpstra 2003-07-26 12:54:25 UTC
Created attachment 57 [details]
Log of a failed user account deletion using the NT4 domain user manager.

The above level 5 log is against CVS code of July 26.

The error message in DomUserMgr is: Incorrect Function.
Comment 3 John H Terpstra 2003-07-26 19:36:45 UTC
Additional test notes:

Adding of Global groups does not work - it did previously
Deleting of Global groups does not work - it did previously

Deletion of multiple users from Global group membership fails with access denied.
Addition of multiple users to Global groups reports failure, but actually works.

Execution of:
    net groupmap add ntgroup="Funkies" unixgroup=nobody  rid=3333
works, but on examining this under DomUsrMgr has a default random user member
that can not be removed.

Viewing of the last group in the groups list fails with the error message:
"Not enough storage is available to process this command."

Copying of a user or group in DomUsrMgr fails with an error message that the
connection to the domain was lost. On restarting the DomUsrMgr the copy was
Comment 4 John H Terpstra 2003-07-26 19:40:18 UTC
Created attachment 58 [details]
smb.conf file with which failures were found.
Comment 5 Carsten Menke 2003-07-27 16:16:12 UTC
I too get this message in the log files using samba-3.0beta3 on FreeBSD-4.8 STABLE

  _samr_unknown_2d: Not yet implemented.

Though, deleting of groups works, -> Terpstra, from your smb.conf you have the
wrong delete group script, that add's a group not deletes it, maybe that's the
cause for not being able to delete gloable groups ?

Also to be able to do this I had to adjust all NT Groups with

net groupmap modifiy
Comment 6 robert ruegner 2003-07-28 02:06:04 UTC
this is my example pdc smb.conf (older posting)

with usrmgr.exe
add user work
add group work
delete group work
add user to group work
delete user from group work
# Samba config file created using SWAT
# from (
# Date: 2003/06/22 23:08:41

# Global parameters
    netbios name = linux
    large readwrite = yes
    dos charset = ISO8859-15
    unix charset = CP850
    display charset = CP850
    workgroup = LINUX
    interfaces = lo, eth2
    bind interfaces only = Yes
    server schannel = Yes
    passdb backend = smbpasswd:/etc/samba/smbpasswd, guest
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *password* %n\n *password* %n\n *changed*
    username map = /etc/samba/smbusers
    unix password sync = Yes
    log level = 2
    syslog = 0
    log file = /var/log/samba/%m
    name resolve order = wins bcast hosts
    time server = Yes
    keepalive = 255
    socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192
    load printers = No
    printcap name = cups
    add user script = /usr/sbin/useradd -m %u
###############################################################not #working
#delete user script = /usr/sbin/userdel -r %u
    add group script = /usr/sbin/groupadd -r %g
    delete group script = /usr/sbin/groupdel %g
    add user to group script = /usr/bin/gpasswd -a %u %g
    delete user from group script = /usr/bin/gpasswd -d %u %g
    set primary group script = /usr/sbin/usermod -g '%g' '%u'
    add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null
-s /bin/false %u
    shutdown script = /sbin/shutdown
    abort shutdown script = /sbin/shutdown -c
    logon script = login.bat
    logon path = \\linux\profiles\%u
    logon drive = Z:
    logon home = \\linux\%u
    domain logons = Yes
    os level = 255
    preferred master = Yes
    domain master = Yes
    wins proxy = Yes
    wins support = Yes
    ldap ssl = no
    add share command =
    change share command =
    delete share command =
    utmp = Yes
    host msdfs = Yes
    idmap uid = 15000-20000
    idmap gid = 15000-20000
    admin users = root
    hosts allow = 127., 10.10.30.
    use sendfile = Yes
    veto files = /*.eml/*.nws/riched20.dll/*.{*}/

    comment = Home Directories
    read only = No
    create mask = 0640
    directory mask = 0750
    browseable = No
        nt acl support = no
        blocking locks = No
        csc policy = disable
        locking = No
        oplocks = No
        level2 oplocks = No
        posix locking = No
        strict locking = No
        share modes = No
    comment = Netlogon Share
    path = /var/lib/samba/netlogon
    write list = root
    guest ok = Yes
    nt acl support = No
        browseable = No
        blocking locks = No
        csc policy = disable
        locking = No
        oplocks = No
        level2 oplocks = No
        posix locking = No
        strict locking = No
        share modes = No
    comment = Roaming Profile Share
    path = /var/lib/samba/profiles
    read only = No
    create mask = 0600
    directory mask = 0700
    nt acl support = no
    blocking locks = No
        csc policy = disable
        locking = No
        oplocks = No
        level2 oplocks = No
        posix locking = No
        strict locking = No
        share modes = No
Comment 7 robert ruegner 2003-08-18 07:21:43 UTC
I tested now samba 3 rc1,
user delete parameter invoked by usrmgr, is still not working
i wonder anyone has worked on this bug 
Comment 8 Gerald (Jerry) Carter 2003-08-18 08:55:05 UTC
Bugs are marked as fixed as we get to them.  When this one 
is done, you shoudl receive an email notification about it.
Any change4s along the way will also be logged here.  

I've added this on the list of things to be fixed before rc2.
Comment 9 Gerald (Jerry) Carter 2003-08-20 09:07:42 UTC
Should be fixed in CVS.  Implemented missing
Comment 10 robert ruegner 2003-08-26 13:29:44 UTC
delete user works now with latest cvs
but when deletion is finished
usrmgr pops up message   user cannot be found
but inreal the user was deleted in the linux system as syslog shows
perhaps only a failure of beauty, but it would be nice to have this fixed
Comment 11 Gerald (Jerry) Carter 2003-08-26 20:34:15 UTC
not going to be fixed for 3.0.0 I'm afraid.  we'll come back to it.
Comment 12 robert ruegner 2003-12-01 02:10:21 UTC
the user moni existed before in the system was deleted but not refreshed
with smbpasswd, this problem is not related to the bug.
i noticed that to late please ignore entries about this user.
i can delete users with this setup, create groups, add members to groups,
delete them from groups, and delete groups.

Adding users fails, this works very nice with the same smb.conf on samba 
version 3
Comment 13 Gerald (Jerry) Carter 2003-12-01 17:10:10 UTC
Jianliang Lu pointed out that I goofed the RemoveUserForeignDomain().
Looks like it should be RemoveSIDForeignDomain().  I'll fix this up tonight.
I'm going to cross my fingers and hope that fixing that one RPC will
solve bug 822 as well.
Comment 14 Gerald (Jerry) Carter 2003-12-01 21:28:43 UTC
Created attachment 292 [details]

try this patch.  It compiles, but I'll spend more time 
testing it tomorrow.  Also might apply to bug 822.
Comment 15 Gerald (Jerry) Carter 2003-12-03 19:31:55 UTC
I'm checking in a slightly modified version of the RemoveSidForeignDomain()
function that works for me.  This should be fixed now.
Comment 16 Gerald (Jerry) Carter 2005-02-07 09:04:44 UTC
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.
Comment 17 Gerald (Jerry) Carter 2005-08-24 10:20:26 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 18 Gerald (Jerry) Carter 2005-11-14 09:24:04 UTC
database cleanup