Thu, 16 Jul 2020 12:36:58 +0100 Rowland penny via samba <samba at lists.samba.org>:> On 16/07/2020 12:22, RhineDevil wrote: > > Thu, 16 Jul 2020 11:45:19 +0100 Rowland penny via samba <samba at lists.samba.org>: > >> On 16/07/2020 11:24, RhineDevil wrote: > >>> Thu, 16 Jul 2020 10:56:58 +0100 Rowland penny via samba <samba at lists.samba.org>: > >>>> On 16/07/2020 10:39, RhineDevil wrote: > >>>>> Thu, 16 Jul 2020 10:31:04 +0100 Rowland penny via samba <samba at lists.samba.org>: > >>>>>> On 16/07/2020 10:14, RhineDevil via samba wrote: > >>>>>>> How could I add users and groups using ldif files without interacting with samba-tool? > >>>>>> You will need to write your own scripts around ldapmodify or ldbmodify. > >>>>>> > >>>>>> Rowland > >>>>>> > >>>>> Yes but what fields are required and what autogenerated? > >>>>> Could I have a basic example? > >>>> It depends on whether we are talking about pure Windows users & groups > >>>> or Unix users & groups. I suppose it also depends on where you are going > >>>> to administrate them from. > >>>> > >>>> Can I ask what is wrong with using samba-tool ? > >>>> > >>>> Rowland > >>>> > >>> AFAIK doesn't allow full 1:1 export about gecos, shell and various things from /etc/ flat files > >>> We're talking about Unix users and groups, but made in a way that they're both available in the AD and in NIS. This obviously takes as requirement that RFC2307 was enabled during installation > >> No it doesn't, first, all the RFC2307 attributes are available from the > >> standard AD schema, what isn't installed is the ldif required by IDMU. > >> Secondly, samba-tool can add the required RFC2307 attributes when you > >> create a user or group, you just need to add the required switches to > >> the command. See 'samba-tool user create --help' and 'samba-tool group > >> add --help' for more info and examples. > >> > >> Rowland > >> > > What's IDMU? > Identity Management for UNIX or what gave you the Unix attribute tabs on > ADUC (Active Directory Users & Computers) > > Yeah I knew how to add RFC2307 support, didn't explain well > > Seen right now the samba-tool user create options, they look nice, maybe migration would be more easy than I thought > > > > And about other data normally supported by a full schema like /etc/aliases /etc/fstab (potentially) /etc/hosts, /etc/networks, /etc/protocols, /etc/rpc, /etc/services and /etc/netgroup? > > That would be NIS, you do not need NIS, but if you do and can make it > work, you will need to add the ypServ30.ldif > > Rowland >(Maybe) last question, how do I purge samba databases? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: Firma digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20200716/2b5f6e3c/attachment.sig>
On 16/07/2020 13:51, RhineDevil wrote:> Thu, 16 Jul 2020 12:36:58 +0100 Rowland penny via samba <samba at lists.samba.org>: >> On 16/07/2020 12:22, RhineDevil wrote: >>> Thu, 16 Jul 2020 11:45:19 +0100 Rowland penny via samba <samba at lists.samba.org>: >>>> On 16/07/2020 11:24, RhineDevil wrote: >>>>> Thu, 16 Jul 2020 10:56:58 +0100 Rowland penny via samba <samba at lists.samba.org>: >>>>>> On 16/07/2020 10:39, RhineDevil wrote: >>>>>>> Thu, 16 Jul 2020 10:31:04 +0100 Rowland penny via samba <samba at lists.samba.org>: >>>>>>>> On 16/07/2020 10:14, RhineDevil via samba wrote: >>>>>>>>> How could I add users and groups using ldif files without interacting with samba-tool? >>>>>>>> You will need to write your own scripts around ldapmodify or ldbmodify. >>>>>>>> >>>>>>>> Rowland >>>>>>>> >>>>>>> Yes but what fields are required and what autogenerated? >>>>>>> Could I have a basic example? >>>>>> It depends on whether we are talking about pure Windows users & groups >>>>>> or Unix users & groups. I suppose it also depends on where you are going >>>>>> to administrate them from. >>>>>> >>>>>> Can I ask what is wrong with using samba-tool ? >>>>>> >>>>>> Rowland >>>>>> >>>>> AFAIK doesn't allow full 1:1 export about gecos, shell and various things from /etc/ flat files >>>>> We're talking about Unix users and groups, but made in a way that they're both available in the AD and in NIS. This obviously takes as requirement that RFC2307 was enabled during installation >>>> No it doesn't, first, all the RFC2307 attributes are available from the >>>> standard AD schema, what isn't installed is the ldif required by IDMU. >>>> Secondly, samba-tool can add the required RFC2307 attributes when you >>>> create a user or group, you just need to add the required switches to >>>> the command. See 'samba-tool user create --help' and 'samba-tool group >>>> add --help' for more info and examples. >>>> >>>> Rowland >>>> >>> What's IDMU? >> Identity Management for UNIX or what gave you the Unix attribute tabs on >> ADUC (Active Directory Users & Computers) >>> Yeah I knew how to add RFC2307 support, didn't explain well >>> Seen right now the samba-tool user create options, they look nice, maybe migration would be more easy than I thought >>> >>> And about other data normally supported by a full schema like /etc/aliases /etc/fstab (potentially) /etc/hosts, /etc/networks, /etc/protocols, /etc/rpc, /etc/services and /etc/netgroup? >> That would be NIS, you do not need NIS, but if you do and can make it >> work, you will need to add the ypServ30.ldif >> >> Rowland >> > (Maybe) last question, how do I purge samba databases?Which Samba databases ? If you mean 'my user is using the wrong ID' then 'net cache flush' Rowland
Thu, 16 Jul 2020 14:11:52 +0100 Rowland penny via samba <samba at lists.samba.org>:> On 16/07/2020 13:51, RhineDevil wrote: > > Thu, 16 Jul 2020 12:36:58 +0100 Rowland penny via samba <samba at lists.samba.org>: > >> On 16/07/2020 12:22, RhineDevil wrote: > >>> Thu, 16 Jul 2020 11:45:19 +0100 Rowland penny via samba <samba at lists.samba.org>: > >>>> On 16/07/2020 11:24, RhineDevil wrote: > >>>>> Thu, 16 Jul 2020 10:56:58 +0100 Rowland penny via samba <samba at lists.samba.org>: > >>>>>> On 16/07/2020 10:39, RhineDevil wrote: > >>>>>>> Thu, 16 Jul 2020 10:31:04 +0100 Rowland penny via samba <samba at lists.samba.org>: > >>>>>>>> On 16/07/2020 10:14, RhineDevil via samba wrote: > >>>>>>>>> How could I add users and groups using ldif files without interacting with samba-tool? > >>>>>>>> You will need to write your own scripts around ldapmodify or ldbmodify. > >>>>>>>> > >>>>>>>> Rowland > >>>>>>>> > >>>>>>> Yes but what fields are required and what autogenerated? > >>>>>>> Could I have a basic example? > >>>>>> It depends on whether we are talking about pure Windows users & groups > >>>>>> or Unix users & groups. I suppose it also depends on where you are going > >>>>>> to administrate them from. > >>>>>> > >>>>>> Can I ask what is wrong with using samba-tool ? > >>>>>> > >>>>>> Rowland > >>>>>> > >>>>> AFAIK doesn't allow full 1:1 export about gecos, shell and various things from /etc/ flat files > >>>>> We're talking about Unix users and groups, but made in a way that they're both available in the AD and in NIS. This obviously takes as requirement that RFC2307 was enabled during installation > >>>> No it doesn't, first, all the RFC2307 attributes are available from the > >>>> standard AD schema, what isn't installed is the ldif required by IDMU. > >>>> Secondly, samba-tool can add the required RFC2307 attributes when you > >>>> create a user or group, you just need to add the required switches to > >>>> the command. See 'samba-tool user create --help' and 'samba-tool group > >>>> add --help' for more info and examples. > >>>> > >>>> Rowland > >>>> > >>> What's IDMU? > >> Identity Management for UNIX or what gave you the Unix attribute tabs on > >> ADUC (Active Directory Users & Computers) > >>> Yeah I knew how to add RFC2307 support, didn't explain well > >>> Seen right now the samba-tool user create options, they look nice, maybe migration would be more easy than I thought > >>> > >>> And about other data normally supported by a full schema like /etc/aliases /etc/fstab (potentially) /etc/hosts, /etc/networks, /etc/protocols, /etc/rpc, /etc/services and /etc/netgroup? > >> That would be NIS, you do not need NIS, but if you do and can make it > >> work, you will need to add the ypServ30.ldif > >> > >> Rowland > >> > > (Maybe) last question, how do I purge samba databases? > > Which Samba databases ? > > If you mean 'my user is using the wrong ID' then 'net cache flush' > > Rowland > > >I mean all dbs containing samba ad-dc data Forgot to ask something, an LDAP client connecting to samba LDAP implementation can use `cn=mycn,dc=domain,dc=tld` or it's forced to provide DC and CN in uppercase? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: Firma digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20200717/5ceb29a3/attachment.sig>