G'day All,
I'm new to AD and the following things are causing issues trying to
integrate our existing unix based infrastructure into AD. I may well be
doing something wrong or just missing something, but I'm going to ask
anyway. I'm stuck.
We've been running Apple's OD (LDAP, Kerberos, and some Apple
magic) with samba3 for years. With W7+ we need AD to manage our Windows
lab machines, and S4 is doing a great job of that, with S3 as the file
and profile servers. I started off trying to get profile re-direction
going with this set up and getting nowhere. I was getting permission
type errors. (Operation not permitted).
Our current S4 was first installed from an Alpha version, and I
didn't include the rfc2307 stuff, and upgraded through the versions to
4.0.9. I've recently set up a 4.1.9 server with rfc2307 and noticed
that "samba-tool user add" has the --rfc2307-from-nss option, which is
great. However, when you do this, the Unix home directory does not get
set up in the AD. I have to go into
UAC-->domain-->Users-->"username"-->Unix_Attributes,
select the
Nis-domain, and then add the correct unix-home-directory there. Is this
something that can be added to "samba-tool user add"? There is an
option for "--home-directory" but this is for Windows, not unix.
Also, when I go into UAC and select a new user I've created through
samba-tool, then look at their Unix Attributes, I have to select "nis
doman". When I do this, the Unix settings for the newly created user
are not there, but I can see them with "getent passwd user" on a
domain
attached linux server (albeit with the wrong homedirectory showing", and
wrong group. Am I missing something. Is there a way to get AD to know
what the default NIS-domain is, so that when I create accounts and
groups, etc, they are set up with it?
Another thing, is it possible to set the GUID of a newly created
group via samba-tool. If not, could this be added?
Getting all these things sorted would make it really easy to script
the set up of users into S4 with the correct Unix attributes, so that I
can have the same UID in OD and AD - the aim is to get rid of OD and all
Macs and Linux/unix boxes will point to AD.
After having manually fixed up the Unix attributes on an account,
profile re-direction started to work - once or twice, then I stuffed it
up again whilst trying to change groups and permissions on the AD user
so that it better fix our current set up.
Sorry for rambling. (all of our stuff is on Centos 6.5 and
compiled from source).
--
Cheers,
David Minard.
Ph: 0247 360 155
Fax: 0247 360 770
School of Computing, Engineering, and Mathematics
Building Y - Penrith Campus (Kingswood)
Locked bag 1797
Penrith South DC
NSW 1797
[Sometimes waking up just isn't worth the insult of the day to come.]
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
