Hi, My tests on DC server and File/print server have some problem with account management... user access right on home share is very strange. if we use ADUC and home share (not homes) for new user, it work. All howto in samba's wiki ask administrator to use windows tools for manage users and groups and share like home share so... I know that is possible to add unix tab on aduc (already done). adding and view unix data is OK, but my question is what must file I must add to samba for NIS server (for example) and where can I configure xID range ? I know that there are some peoples here who have this view with ADUC (if aduc do like that... samba-tool must do in same way) :-)) So anyone have a good howto ? If samba team want to have the same view for management, a howto about aduc, rsat, unix tab ans nis server become a good think for me... anyone for write a howto ? thx St?phane Purnelle ----------------------------------- St?phane PURNELLE Admin. Syst?mes et R?seaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
On 10/12/13 16:40, St?phane PURNELLE wrote:> Hi, > > My tests on DC server and File/print server have some problem with account > management... > > user access right on home share is very strange. > if we use ADUC and home share (not homes) for new user, it work. > > All howto in samba's wiki ask administrator to use windows tools for > manage users and groups and share like home share > > so... I know that is possible to add unix tab on aduc (already done). > adding and view unix data is OK, but my question is what must file I must > add to samba for NIS server (for example) and where can I configure xID > range ? > > I know that there are some peoples here who have this view with ADUC (if > aduc do like that... samba-tool must do in same way) :-)) > > So anyone have a good howto ? > If samba team want to have the same view for management, a howto about > aduc, rsat, unix tab ans nis server become a good think for me... > > anyone for write a howto ? > thx > > St?phane Purnelle > > ----------------------------------- > St?phane PURNELLE Admin. Syst?mes et R?seaux > Service Informatique Corman S.A. Tel : 00 32 (0)87/342467Hi, I might just be the 'some people' you refer to ;-) What OS does your server run? does it have a gtk based GUI and do you feel like being a guinea pig? Rowland
On Tue, 2013-12-10 at 17:40 +0100, St?phane PURNELLE wrote:> Hi, > > My tests on DC server and File/print server have some problem with > account > management... > > user access right on home share is very strange. > if we use ADUC and home share (not homes) for new user, it work. > > All howto in samba's wiki ask administrator to use windows tools for > manage users and groups and share like home shareWhat Samba then does is translate the ntacl's into something the filesystem on your Linux server can deal with. You already have the command line tool to do this; samba-tool ntacl, but as you will no doubt have found out, sddl to posix and xattr's is by no means trivial. Understanding the former is an art in itself.> > so... I know that is possible to add unix tab on aduc (already done). > adding and view unix data is OK, but my question is what must file I > must > add to samba for NIS server (for example) and where can I configure > xID > range ?The NIS server is just another way of keeping consistent uid's between servers. It uses a centralised flat database which all other boxes must refer to, There can exist NIS slave servers too. LDAP took over from NIS as the preferred method to distribute uid's around a network, but the principals are exactly the same. refer to a single or replicated database so that everyone has the same uid. AD is just a variation on LDAP. We can use it, in exactly the same way as NIS to distribute uid consistently around the network. Again, you already have the tools you need to put uid into an AD DC. You have already seen ADUC. If you don't want to use that. let's say that the uid in NIS for user stephane is 1234567, so we simply use ldbmodify to add the attribute pair: uidNumber: 1234567 to the DN for stephane in AD. It is then distributed in _exactly_ the same way as it is in NIS. Of course, instead of having a NIS client running we have winbind/sssd/nss-ldapd running on the client instead.> > I know that there are some peoples here who have this view with ADUC > (if > aduc do like that... samba-tool must do in same way) :-)) >Absolutely. We must retain a reference standard otherwise there would be chaos. If a windows server doesn't do it, then we shouldn't include it.Hi, My tests on DC server and File/print server have some problem with account management... user access right on home share is very strange. if we use ADUC and home share (not homes) for new user, it work. All howto in samba's wiki ask administrator to use windows tools for manage users and groups and share like home share so... I know that is possible to add unix tab on aduc (already done). adding and view unix data is OK, but my question is what must file I must add to samba for NIS server (for example) and where can I configure xID range ? You don't need to add any file. All NIS does exactly is the same as AD does; it maintains a central database of rfc2307 information so that users can e.g. log into any computer on the network and be sure to obtain their own stuff. Always. Why? Because that information is always being obtained from the same source. The only tool where you must specify xID ranges is winbind. YOu do tat in smb.conf. I know that there are some peoples here who have this view with ADUC (if aduc do like that... samba-tool must do in same way) :-))>So anyone have a good howto ?If samba team want to have the same view for management, a howto about aduc, rsat, unix tab ans nis server become a good think for me... anyone for write a howto ? thx Of course, your idea of standard will differ from the standard standard. You as I would include in the standard, rfc2307. So long as it behaves as it does on a windows server then fine. What _we_ then do to our individual domains is up to us. So long as our non standard standard doesn't become the standard then the standard will remain a standard lol.> So anyone have a good howto ? > If samba team want to have the same view for management, a howto > about > aduc, rsat, unix tab ans nis server become a good think for me... > > anyone for write a howto ? > thxI think that most of the howto's have already been written. ldbmodify, winbind, sssd, nslcd, AD and rfc2307. . . Could you be a little more specific as to what howto's you would like to see? Cheers, Steve
On 10/12/13 16:40, St?phane PURNELLE wrote:> Hi, > > My tests on DC server and File/print server have some problem with account > management... > > user access right on home share is very strange. > if we use ADUC and home share (not homes) for new user, it work. > > All howto in samba's wiki ask administrator to use windows tools for > manage users and groups and share like home share > > so... I know that is possible to add unix tab on aduc (already done). > adding and view unix data is OK, but my question is what must file I must > add to samba for NIS server (for example) and where can I configure xID > range ?As you do not seem to be interested in my offer, I will try and see if I can help and and I think what you mean is: what needs adding to the Samba 4 database to give you the uidNumber automatically in the UNIX Attributes tab on ADUC. You need to add a couple of attributes, msSFU30MaxUidNumber & msSFU30MaxGidNumber create an ldif: dn: CN=<YOURDOMAIN>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,<YOUR BASE DN> changetype: modify add: msSFU30MaxUidNumber msSFU30MaxUidNumber: 10000 - add: msSFU30MaxGidNumber msSFU30MaxGidNumber: 10000 alter 10000 to fit in with your server (but 10000 is the std windows number) Add the ldif with: ldbmodify --url=ldap://<hostname of your samba4 server> --kerberos=yes --krb5-ccache=/tmp/krb5cc_0 /path/to/the/ldif These would already have been there, except for an Australian telling someone else not add them when ypServe30.ldif was originally added. I will leave you to put a name to the Australian, but I will also tell you that he also said this: "Please file a bug, so it isn't lost over the Christmas season, but clearly I need to change the code not to rely on posixAccount and posixGroup. The steps you performed are reasonable, and while we can improve our tool to add that objectClass, if AD isn't adding it using the standard GUI tools, we shouldn't require it either." xID number is in idmap.ldb Rowland> > I know that there are some peoples here who have this view with ADUC (if > aduc do like that... samba-tool must do in same way) :-)) > > So anyone have a good howto ? > If samba team want to have the same view for management, a howto about > aduc, rsat, unix tab ans nis server become a good think for me... > > anyone for write a howto ? > thx > > St?phane Purnelle > > ----------------------------------- > St?phane PURNELLE Admin. Syst?mes et R?seaux > Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
Apparently Analagous Threads
- Howto migrate shares from samba 3 / ADUC changing uid/uidnumber when activating UNIX (posix) attributes
- Is there something similar to ADUC in Samba?
- URGENT: big problem with displayName.
- Configure profile TS and environment tab with ADUC and samba 4
- UNIX attribute UID no longer increments with RSAT