On Sun, 25 Mar 2018 14:59:47 +0200
Rene Schmidt via samba <samba at lists.samba.org> wrote:
> Hello,
>
>
> I have just started to experiment with Samba4 as an AD.
>
> All together I have 3 sambas DCs in 3 locations.
>
> In my SMB. CONF stands the following entry: idmap_ldb:use rfc2307 > yes
>
> If I provide new users or groups, I do this about RSAT of a Windows
> Server 2008 R2. This Windows Server is only normal Domainmember.
>
> I have problems with the care of the Unix attributes:
>
> - If I put in a new user, I must still select by hand the NIS-Domain
> and the Default group as well as the Shell placed. Can be fixed
> there, e. g. , default or let itself steer this in such a way which
> takes here the normal primary group?
This is how RSAT works.
>
> - The bigger problem is the care of the groups. If I change
> memberships of a group, I must do always in the tab members and in
> the tab Unix Attributes.
Again this is how RSAT works
>
> If one maintains not by hand, there is a difference between the
> attributes "member" and "memberUid". If this is normal
or what one
> can do against it, so that this is automatically comaintained.
This is not really a problem, windows does not use the 'memberUid'
attribute and you don't need it on a properly set up Unix domain member.
Using RSAT has its benefits, but I think you will find it easier to use
samba-tool to create users & groups and maintain group membership etc.
You can write scripts around the various samba-tool subcommands (run
'samba-tool --help' to find these). There is also the possibility of
using a couple of attributes to store the next UID & GID (you would need
to create these) and your scripts could then use them.
owland