Local Samba users and groups 1.0.4
==================================
      
With smbusers.exe you can
- add users
- remove users
- add groups
- remove groups
- map (unix) groups to Samba groups (or as they are called: NT groups)
- add users to groups
- remove users from groups
- view all (and edit some) user properties
- configure Samba usermap feature
- configure builtin Samba policies
      
Specify --user=yourusername%yourpassword on the commandline to bypass the 
initial login dialog. If you want to create a WPS object that performs 
automatic login use --user=yourusername|yourpassword .
      
Currently smbusers.exe checks several files for errors and corrects them:

- master.passwd  :  duplicate entries, UID mismatch and missing user records
- Samba users db :  UID mismatch, corrupt Smb user (detected only)
- group          :  duplicate entries, missing users, nonexisting users,
                    missing trailing comma
- Samba groups   :  Detect when Samba has forgotten about its groups and only
                    the mapping is still there                   

Editable fields on the users and groups page (alt-left-click into the field) 
can savely be edited, press "Save" to save to disk.

You can perform the following tasks with smbusers.exe:

"Users" page:

Right click on the columns titles to customize the layout.

NOTE: The preconfigured layout is recommended, in case you are not
      interested into more technical details.
      
NOTE: There is an alternative icon view on the users page, which does not
      have a particular purpose at this time.
      
NOTE: Version 1.0.0 optionally also stores the crypted password in 
      master.passwd. You have to turn on this feature manually.

Right click to bring up a context menu.

- "Add users": Create new user accounts, these are added both to Samba, the 
               kLIBC files and SWAT. In case the selected user is only a kLIBC 
               user instead of adding a new user the kLIBC user info is shown 
               in order to add Samba user information. This behavior is not 
               intuitive and might be changed in future releases.
- "Remove users": The opposite of the above.

- "Join group": Add an existing user to an existing group
- "Leave group": The opposite of the above.

Doubleclick on a user brings up Samba user properties dialogue.

This is another (pseudo) notebook with 3 pages:

Account flags: Here you can change several user account flags.

Profile data: Several of these can be changed now by alt-left-click into 
the value fields (like on users and group page). 

Group memberships: Show in which groups the current user is a member.

Uncheck the "Show editable fields only" to show all fields.

In addition you can modify values using the "pdbedit console" found on this 
window.

NOTE: Due to a bug in the OS/2 Samba code, you MUST NOT add the first guest
      account to any group at the moment - doing so will make Samba loose
      the whole group information upon the next restart (see Samba Ticket #59
      for details). If this happened to you, stop Samba, delete the file
      group_mapping.tdb in the lock directory and run the rebuild script 
      (below to get Samba groups back).
      
"Groups" page:

Right click on the columns titles to customize the layout.
NOTE: The preconfigured layout is recommended, in case you are not
      interested into more technical details.

Right click to bring up a context menu.

- "Add group": Create a new group, both for Samba and kLIBC.
- "Map group": Tie a new Samba group to an existing kLIBC group.
- "Delete group": Opposite of "add group"
- "Unmap group": Opposite of "map group"
- "Script": Create a script of the current Samba groups in order to recreate
            groups in case of an error (created for exploring Ticket #59). You
            still can create the rebuild script in case the group information
            is already lost as part of the information is still accessible).
            Do not forget to remove the offending guest account also from the
            user list in the etc\group file.
- "Well-known": As long as no groups exists, this will create the well-known
                Samba groups that should be present in every Samba installation.

"Policies" page

The Policies page found in Version 0.9.0 or better acts as a front end to 
pdbedit.exe policy editing capabilities. The drop down box lists all available
policies and allows to update their values. In addition you may reset all 
policies to their default values.

"Settings" page

The Settings page found in Version 0.5.0 or better has the following options:

"Debug": Previously found on the main window, opens a console window and
         shows useful log information
         
"Fix errors": smbusers.exe detects several errors in master.passwd and group
              files and optionally coorects them. This option was present in
              older versions of smbusers.exe, just not changeable. You should
              leave it on normally.
              
"Syncronize GECOS with Samba Full name": The GECOS field in master.passwd 
         usually holds the full name of the user, much like the Samba Full name
         field. However per definition the GECOS field also may hold address
         data and so on. If you want to store address data in the GECOS field
         disable this option.
         
"Syncronize primary GID": This rather experimental option makes sure that the 
         GID field in master.passwd is the same as the RID stored by Samba.
         Usually that is the case anyway. This option is useful on older 
         installations, where the GID field was set to UID. Samba internally 
         set the RID to 513 (users) in that case. This option takes care of 
         this situation and changes the GID appropriately.
         NOTE: The "guest" account is not touched, as this would trigger a
         Ticket #59 situation (groups broken).

NOTE: If smbusers.exe detects an error during startup (inspect the console
      for "ERROR could not find ...." messages), it will not let you save any 
      changes to disk, as this might make the situation worse than it is.
      
NOTE: Make sure you have read and understood Ticket #59 at 
      http://svn.netlabs.org/samba before using smbusers.exe!

NOTE: Ticket #59 seems to be gone in Samba 3.3.x!      

NOTE: smbusers.exe needs rexxini.dll, drctl017.dll, rxcrypt.dll and vrobj.dll 
      somewhere in the LIBPATH. In case you installed a recent Samba WPI this 
      is requirement is fullfilled.
      
NOTE: Version 0.5.0 or better are designed to work with the new usermod.cmd
      script (enclosed for conveniance), which replaces useradd.cmd, 
      userren.cmd and userdel.cmd. Don't forget to update your smb.conf
      (look into usermod.cmd to see what changes need to be done!). 
      
NOTE: In case it is not possible to change smb.conf there are forwarder
      scripts included that translate the old calling convention into the
      new one.


How to get back to a working state in case of a pwd_mkdb.exe error:

1. Copy %UNIXROOT%\ETC\master.passwd.bak to master.passwd
2. Copy %UNIXROOT%\ETC\group.bak to group
3. Remove %UNIXROOT%\ETC\*db.tmp
4. Run pwd_mkdb.exe -d %UNIXROOT%\ETC %UNIXROOT%\ETC\master.passwd
   Running usermod.cmd with parameters does exactly that.

You should be back now.

Bug reports appreciated.
mailto:herwig.bauernfeind@bitwiseworks.com