Am 2017-02-02 um 11:25 schrieb Rowland Penny via samba:> If you use the Unix Attributes tab on ADUC, these are the attributes > that are used, but ADUC has the code to use them, samba-tool doesn't!I (try to) see it from the user perspective: I as user want to create users that work in all my ADS-domain, on all of my samba-domain-member-servers, with as little overhead or additional administrative steps necessary. And I ask for how to do that. If we have to create users on ADUC, ok with me. If it is better to create them with samba-tool, ok as well. -> searching for the recommended way or "best practice"
On Thu, 2 Feb 2017 11:55:11 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-02-02 um 11:25 schrieb Rowland Penny via samba: > > > If you use the Unix Attributes tab on ADUC, these are the attributes > > that are used, but ADUC has the code to use them, samba-tool > > doesn't! > > I (try to) see it from the user perspective: > > I as user want to create users that work in all my ADS-domain, on all > of my samba-domain-member-servers, with as little overhead or > additional administrative steps necessary. > > And I ask for how to do that. > > If we have to create users on ADUC, ok with me. > If it is better to create them with samba-tool, ok as well. > > -> searching for the recommended way or "best practice" >Sorry, but you are preaching to the converted here ;-) I have proposed patches to make samba-tool work more like ADUC, but they have been rejected because 'we want to do something different', but the 'different way' never appears. Rowland
Hi, On 02/02/2017 11:55 AM, Stefan G. Weichinger via samba wrote:> If we have to create users on ADUC, ok with me. > If it is better to create them with samba-tool, ok as well.We have been using ADUC for years now. Working out nicely. ;-) As an alternative, we were using ldap-account-manager (lam) for our samba3 domain and samba4 AD in the past, and is also did a good job. MJ
Am 2017-02-02 um 12:11 schrieb Rowland Penny via samba:> On Thu, 2 Feb 2017 11:55:11 +0100 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: >> -> searching for the recommended way or "best practice"> Sorry, but you are preaching to the converted here ;-) > > I have proposed patches to make samba-tool work more like ADUC, but > they have been rejected because 'we want to do something different', > but the 'different way' never appears.Oh, I see. So I am not the lazy user not willing to understand ;-)
Am 2017-02-02 um 12:19 schrieb mj via samba:> Hi, > > On 02/02/2017 11:55 AM, Stefan G. Weichinger via samba wrote: >> If we have to create users on ADUC, ok with me. >> If it is better to create them with samba-tool, ok as well. > > We have been using ADUC for years now. Working out nicely. ;-)without uidNumber? Or by setting it manually in that tab somewhere? Haven't seen it yet myself because the installation is remote and no time for that so far (and their admin is off today etc etc)> As an alternative, we were using ldap-account-manager (lam) for our > samba3 domain and samba4 AD in the past, and is also did a good job.Ah, webfrontend. Might be worth a look.
On Thu, Feb 02, 2017 at 11:11:29AM +0000, Rowland Penny via samba wrote:> On Thu, 2 Feb 2017 11:55:11 +0100 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > > > Am 2017-02-02 um 11:25 schrieb Rowland Penny via samba: > > > > > If you use the Unix Attributes tab on ADUC, these are the attributes > > > that are used, but ADUC has the code to use them, samba-tool > > > doesn't! > > > > I (try to) see it from the user perspective: > > > > I as user want to create users that work in all my ADS-domain, on all > > of my samba-domain-member-servers, with as little overhead or > > additional administrative steps necessary. > > > > And I ask for how to do that. > > > > If we have to create users on ADUC, ok with me. > > If it is better to create them with samba-tool, ok as well. > > > > -> searching for the recommended way or "best practice" > > > > Sorry, but you are preaching to the converted here ;-) > > I have proposed patches to make samba-tool work more like ADUC, but > they have been rejected because 'we want to do something different', > but the 'different way' never appears.Please don't be discouraged (sorry). Try again proposing the patch ('cos it's dropped off my inbox list) and let's get the discussion going again. Working code should trump imaginary design work :-). Will be a bit intermittent responding for the next week or so, I'm out at FOSDEM and then visiting family in Sheffield (sorry I can't get to visit, time schedule is very strict this time, and I have my brother's family computers to fix :-). Cheers, Jeremy.