Am 2017-09-01 um 09:17 schrieb Rowland Penny via samba:>> The user can login to the domain, it only can't connect to a share on >> the DM (group membership is OK, we only filter for "Domain Users", and >> the GPOs are applied). > > Have you given the user a 'uidNumber' attribute containing a unique > number inside 10000-9999999 ? and have you given Domain Users a > gidNumber attribute containing a number inside the same range (I don't > think you have, or it wouldn't be '100' above)We expected that creating the user via RSAT would be enough. But now as I read this I remember a similar thread from back then. How to add that uidNumber in the easiest way? I would like to be able to let the local admin do that ... can't remember the steps anymore, something with LDAP, I assume? thx
On Fri, 1 Sep 2017 09:35:50 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-09-01 um 09:17 schrieb Rowland Penny via samba: > > >> The user can login to the domain, it only can't connect to a share > >> on the DM (group membership is OK, we only filter for "Domain > >> Users", and the GPOs are applied). > > > > Have you given the user a 'uidNumber' attribute containing a unique > > number inside 10000-9999999 ? and have you given Domain Users a > > gidNumber attribute containing a number inside the same range (I > > don't think you have, or it wouldn't be '100' above) > > We expected that creating the user via RSAT would be enough. > But now as I read this I remember a similar thread from back then. > > How to add that uidNumber in the easiest way? > I would like to be able to let the local admin do that ... > > can't remember the steps anymore, something with LDAP, I assume? > > thx > >It all depends on what version of Windows you are running RSAT on, If you are using a version before Win10, you can add the Unix attributes tab and set the uidNumber there. Windows 10 doesn't have the Unix attributes tab, it has been removed, so you would have to use the attribute editor. If you want to do this on the Samba DC, then you can create new users with the required rfc2307 attributes using 'samba-tool user create'. If you want to add rfc2307 attributes, then you will have to write your own scripts, there are no Samba tools to do this. Rowland
Am 2017-09-01 um 10:02 schrieb Rowland Penny via samba:> It all depends on what version of Windows you are running RSAT on, If > you are using a version before Win10, you can add the Unix attributes > tab and set the uidNumber there. Windows 10 doesn't have the Unix > attributes tab, it has been removed, so you would have to use the > attribute editor.The admin runs Win7 pro on his RSAT-machine. I will google how to add that tab. In general: why isn't that attribute added automatically?> If you want to do this on the Samba DC, then you can create new users > with the required rfc2307 attributes using 'samba-tool user create'.The mentioned user was created like that, and seems not to have that attribute ... ?> If you want to add rfc2307 attributes, then you will have to write your > own scripts, there are no Samba tools to do this.I expected things to get easier with ADS ;-)