samba - Jan 2022 - Ubuntu 18.04 classicupgrade help

On Wed, 2022-01-05 at 18:49 +0000, Carl Hunter via samba
wrote:
>  On Wednesday, January 5, 2022, 12:07:19 p.m. EST, Rowland Penny via
> samba <samba at lists.samba.org> wrote:
>  
>  
> I'm not sure why the carriage returns aren't working for me. 
I'll
> try the commands in quotes all on the same line.
>   "pdbedit -a -t username"
samba-tool user create username <password>
>  "adduser username users"
Nothing because 'users' is a member of Domain Users and all users are
members of Domain Users
>  "adduser username students"
samba-tool group addmembers students username (you will also need to
create the group 'students')
>  "usermod -g students username"
Nothing
>  "chgrp -R students /home/username" "chmod -R o-rx
/home/username".
After creating a user in AD (note: you do not create them as Unix
users), the users home directory will not exist. It will need to be
created when they login into a Unix domain member directory (by
pam_mkhomedir) or by a root preexec script when they connect to their
homedir via Samba (I can supply more info after you have decided which
you want to use).
 
> Those are the commands that are run for the old NT4 domain.  As for
> the Unix domain member, I'm guessing I'm not since I'm not sure
what
> that is.  I've only got one server if that makes sense.  
'server' covers a multitude of types, fileserver, printserver etc, but
it sounds like you have a Samba AD DC. A Windows or Unix (Linux is a
type of Unix) computer can be a domain member. A domain member is any
computer that is a member of an AD domain that isn't a DC.

Rowland

On Wednesday, January 5, 2022, 02:20:28 p.m. EST, Rowland Penny via samba
<samba at lists.samba.org> wrote:
 
 
 On Wed, 2022-01-05 at 18:49 +0000, Carl Hunter via samba
wrote:
>? On Wednesday, January 5, 2022, 12:07:19 p.m. EST, Rowland Penny via
> samba <samba at lists.samba.org> wrote:
>? 
>? 
> I'm not sure why the carriage returns aren't working for me.?
I'll
> try the commands in quotes all on the same line.
>? "pdbedit -a -t username"
samba-tool user create username <password>
>? "adduser username users"
Nothing because 'users' is a member of Domain Users and all users are
members of Domain Users
>? "adduser username students"
samba-tool group addmembers students username (you will also need to
create the group 'students')
>? "usermod -g students username"
Nothing
>? "chgrp -R students /home/username" "chmod -R o-rx
/home/username".?
After creating a user in AD (note: you do not create them as Unix
users), the users home directory will not exist. It will need to be
created when they login into a Unix domain member directory (by
pam_mkhomedir) or by a root preexec script when they connect to their
homedir via Samba (I can supply more info after you have decided which
you want to use).
 
> Those are the commands that are run for the old NT4 domain.? As for
> the Unix domain member, I'm guessing I'm not since I'm not sure
what
> that is.? I've only got one server if that makes sense.? 
'server' covers a multitude of types, fileserver, printserver etc, but
it sounds like you have a Samba AD DC. A Windows or Unix (Linux is a
type of Unix) computer can be a domain member. A domain member is any
computer that is a member of an AD domain that isn't a DC.

Rowland
So my environment is one Ubuntu 18.04 server that's been classicupgraded to
a Samba AD DC.? All machines connecting to the AD are Windows 7 machines and
eventually Windows 10 machines.? The server is running Samba file shares but no
printserver.? Each user has their own /home folder on the file server and access
to a few other shares which are mapped by a logon.cmd script when they log in.??
For the example commands above, the students group was already created in the
NT4 domain and converted to the AD domain.? I do see a "Creating a Windows
and Unix user" section on the samba wiki but I'm not sure what all the
unix options mean.??
Thanks
Carl