g*rSSKrSSKJr SSKJr SSKJr SSKJr SSK J r J r J r SSK Jr "SS\ 5rg) N)getpass)generate_random_password)system_session)Command CommandErrorOption)SamDBc",\rSrSrSrSr\"SSS\SSS 9\"S S S S 9\"SSS S 9\"SSS S 9\"SSS S 9\"SS\S9\"SS\S9\"SS\S9\"SS\S9\"SS\S9\"SS \S9\"S!S"\S9\"S#S$\S9\"S%S&\S9\"S'S(\S9\"S)S*\S9\"S+S,\S9\"S-S.\S9\"S/S0\S9\"S1S2\S9\"S3S4\S9\"S5S6S S 9\"S7S8\S9\"S9S:\S9\"S;S<\S9\"S=S>\S9\"S?S@\S9\"SASB\S9\"SCSD\S9/r SESF/r \ R\ R\ RSG.rSKSIjrSJrgH)L cmd_user_add a Add a new user. This command adds a new user account to the Active Directory domain. The username specified on the command is the sAMaccountName. User accounts may represent physical entities, such as people or may be used as service accounts for applications. User accounts are also referred to as security principals and are assigned a security identifier (SID). A user account enables a user to logon to a computer and domain with an identity that can be authenticated. To maximize security, each user should have their own unique user account and password. A user's access to domain resources is based on permissions assigned to the user account. Unix (RFC2307) attributes may be added to the user account. Attributes taken from NSS are obtained on the local machine. Explicitly given values override values obtained from NSS. Configure 'idmap_ldb:use rfc2307 = Yes' to use these attributes for UID/GID mapping. The command may be run from the root userid or another authorized userid. The -H or --URL= option can be used to execute the command against a remote server. Example1: samba-tool user add User1 passw0rd --given-name=John --surname=Smith --must-change-at-next-login -H ldap://samba.samdom.example.com -Uadministrator%passw1rd Example1 shows how to add a new user to the domain against a remote LDAP server. The -H parameter is used to specify the remote target server. The -U option is used to pass the userid and password authorized to issue the command remotely. Example2: sudo samba-tool user add User2 passw2rd --given-name=Jane --surname=Doe --must-change-at-next-login Example2 shows how to add a new user to the domain against the local server. sudo is used so a user may run the command as root. In this example, after User2 is created, he/she will be forced to change their password when they logon. Example3: samba-tool user add User3 passw3rd --userou='OU=OrgUnit' Example3 shows how to add a new user in the OrgUnit organizational unit. Example4: samba-tool user add User4 passw4rd --rfc2307-from-nss --gecos 'some text' Example4 shows how to add a new user with Unix UID, GID and login-shell set from the local NSS and GECOS set to 'some text'. Example5: samba-tool user add User5 passw5rd --nis-domain=samdom --unix-home=/home/User5 \ --uid-number=10005 --login-shell=/bin/false --gid-number=10000 Example5 shows how to add a new RFC2307/NIS domain enabled user account. If --nis-domain is set, then the other four parameters are mandatory. z'%prog [] [options]z-Hz--URLz%LDB URL for database or target serverURLH)helptypemetavardestz--must-change-at-next-loginz*Force password to be changed on next login store_true)ractionz--random-passwordzGenerate random passwordz--smartcard-requiredz*Require a smartcard for interactive logonsz--use-username-as-cnz"Force use of username as user's CNz--userouzDN of alternative location (without domainDN counterpart) to default CN=Users in which new user object will be created. E. g. 'OU=')rrz --surnamezUser's surnamez --given-namezUser's given namez --initialszUser's initialsz--profile-pathzUser's profile pathz --script-pathzUser's logon script pathz --home-drivezUser's home drive letterz--home-directoryzUser's home directory pathz --job-titlezUser's job titlez --departmentzUser's departmentz --companyzUser's companyz --descriptionzUser's descriptionz--mail-addresszUser's email addressz--internet-addresszUser's home pagez--telephone-numberzUser's phone numberz--physical-delivery-officezUser's office locationz--rfc2307-from-nsszWCopy Unix user attributes from NSS (will be overridden by explicit UID/GID/GECOS/shell)z --nis-domainzUser's Unix/RFC2307 NIS domainz --unix-homez"User's Unix/RFC2307 home directoryz--uidzUser's Unix/RFC2307 usernamez --uid-numberzUser's Unix/RFC2307 numeric UIDz --gid-numberz&User's Unix/RFC2307 primary GID numberz--gecoszUser's Unix/RFC2307 GECOS fieldz --login-shellzUser's Unix/RFC2307 login shellusernamez password?) sambaoptscredopts versionoptsNc#U"(a&UbUS:wa [S5eU(a [S5eU(aU"(d [SS5nU"(aOEUbUS:waO;[S5n[S5n#UU#:XdSnURR S5 MMU(a;[ R "U5n$UcUnUcU$S nUcU$S nU cU$S n U!cU$S n!UR5n%URU%5n&U(dU(a1U%RS 5(dURR S5 UbSUU!UU4;a [S5e[U[5U&U%S9n'U'RXUXXU UUUUUUUUUUUUUUUUUU U!U"S9 URR SU-5 g![an([SU-U(5eSn(A(ff=f)NzNIt is not allowed to specify --newpassword together with --smartcard-required.z\It is not allowed to specify --must-change-at-next-login together with --smartcard-required.zNew Password: zRetype Password: zSorry, passwords do not match. zidmap_ldb:use rfc2307zYou are setting a Unix/RFC2307 UID or GID. You may want to set 'idmap_ldb:use rfc2307 = Yes' to use those attributes for XID/SID-mapping. zMissing parameters. To enable NIS features, the following options have to be given: --nis-domain=, --uid-number=, --login-shell=, --unix-home=, --gid-number= Operation cancelled.)url session_info credentialslp)'force_password_change_at_next_login_requseusernameascnuserousurname givennameinitials profilepath homedrive scriptpath homedirectoryjobtitle departmentcompany description mailaddressinternetaddresstelephonenumberphysicaldeliveryoffice nisdomainunixhomeuid uidnumber gidnumbergecos loginshellsmartcard_requiredzFailed to add user '%s': zUser '%s' added successfully )rrroutfwritepwdgetpwnam get_loadparmget_credentialsgetr rnewuser Exception))selfrpasswordrrrrmust_change_at_next_loginrandom_passworduse_username_as_cnr'r( given_namer* profile_path script_path home_drivehome_directory job_titler0r1r2 mail_addressinternet_addresstelephone_numberphysical_delivery_officerfc2307_from_nss nis_domain unix_homer9 uid_number gid_numberr< login_shellr>passwordverifypwentr$credssamdbes) 7/usr/lib/python3/dist-packages/samba/netcmd/user/add.pyruncmd_user_add.runs& #B"$IJJ)"$IJJ #5/S9H!#B/0H$%89N~-  BC LL*E{!"1X !"1X }a"#Ah  # # %((, 66122 !no  ! KJGG"$011  Jan.>&+4E MM(Vo*&;#F%?cJ~$>SI!(D3O}#5C@~$7cB{!1<%9D&<3G#*<3G#*?cJ+2JQTU#m" $ ~$D3O}#G w;#F~$ECP~$LSVWy@sK%FSQW,M\k*J))..-- EI@EDHGK>BGKGKr}s/, *%66qE7qErv