On Wednesday, January 5, 2022, 12:07:19 p.m. EST, Rowland Penny via samba <samba at lists.samba.org> wrote: On Wed, 2022-01-05 at 16:25 +0000, Carl Hunter via samba wrote:>> >? My next question is about user creation.? We used to create users > with the following commands for the NT4 domain.? > pdbedit -a -t usernameadduser username usersadduser username > studentsusermod -g students usernamechgrp -R students > /home/usernamechmod -R o-rx /home/username> I know I can use the samba-tool to create a Windows AD user but what > would be the equivalent to the above with that tool??Not entirely sure, your pdbedit command seems to be mangled, can you check it and give us a bit more info. Are you using any Unix domain members and if so, what winbind backend are you using ? It is possible you will need to use a script to replace the pdbedit command, but answer the question and unmangle that pdbedit command. Rowland I'm not sure why the carriage returns aren't working for me.? I'll try the commands in quotes all on the same line.? "pdbedit -a -t username" "adduser username users" "adduser username students" "usermod -g students username" "chgrp -R students /home/username" "chmod -R o-rx /home/username".? Those are the commands that are run for the old NT4 domain.? As for the Unix domain member, I'm guessing I'm not since I'm not sure what that is.? I've only got one server if that makes sense.?? Thanks Carl
On Wed, 2022-01-05 at 18:49 +0000, Carl Hunter via samba wrote:> On Wednesday, January 5, 2022, 12:07:19 p.m. EST, Rowland Penny via > samba <samba at lists.samba.org> wrote: > >> I'm not sure why the carriage returns aren't working for me. I'll > try the commands in quotes all on the same line.> "pdbedit -a -t username"samba-tool user create username <password>> "adduser username users"Nothing because 'users' is a member of Domain Users and all users are members of Domain Users> "adduser username students"samba-tool group addmembers students username (you will also need to create the group 'students')> "usermod -g students username"Nothing> "chgrp -R students /home/username" "chmod -R o-rx /home/username".After creating a user in AD (note: you do not create them as Unix users), the users home directory will not exist. It will need to be created when they login into a Unix domain member directory (by pam_mkhomedir) or by a root preexec script when they connect to their homedir via Samba (I can supply more info after you have decided which you want to use).> Those are the commands that are run for the old NT4 domain. As for > the Unix domain member, I'm guessing I'm not since I'm not sure what > that is. I've only got one server if that makes sense.'server' covers a multitude of types, fileserver, printserver etc, but it sounds like you have a Samba AD DC. A Windows or Unix (Linux is a type of Unix) computer can be a domain member. A domain member is any computer that is a member of an AD domain that isn't a DC. Rowland