samba - Oct 2014 - 3rd-party tool for creating users as alternative to ADUC

Hello list,

I am using the Microsoft ADUC (Active Directory Users & Computers) tool from
the RSAT suite for creating and modifying my domain users. I am aware of the
"copy" functionality which really is very nice to use. Unfortunately I
am missing two important actions during the user-creation process which I try to
describe:

1.) When I use the template feauture (by using the "Copy..." user)
command, the settings of the tab [Unix Attribute] cannot be copied to the new
user created. So after I copied/created the new user, I have manually to open
him, choose the [UNIX attribute] tab, then click on the "NIS-domain"
field to choose/active MYDOM from the pull-down list. By doing so I am able to
assign a uid to that user and thus allow my member server winbind process to
enumerate that particular user so he is able to access shares on my member
server.

It would be really awesome if this step could be done magically without extra
intervention.

2.) Let's say I am creating the user "John Doe". During the
creation process, in the [Profile] tab I can choose to connect the home share of
that particular user, for example: "Connect Z:\ to
\\membersrv1\home\%username%" after I click the [OK] or [Apply] button, the
ADUC tool automatically is creating on-the-fly the directory
"\\membersrv1\home\johndoe" which works fine. That is a neat feauture
but in my opinion it has one big disadvantage ==> the directory .\johndoe on
the given share is created with the owner name of the user that is logged-in and
using the ADUC tool. In that example, the owner of the directory
"\\membersrv1\home\it-admin1" is "it-admin1". If I would
have used "smbmap" feauture and thus would have mapped it-admin1 to
the root account, the owner of that new automatically created directory would be
"root". In conclusion, that is very normal and I did expect that
behaviour. ADUC provides this feauture, but I would like to have the "owner
= johndoe" in that case. ADUC cannot perform that, I understand it, so I
would have to do a "chown johndoe /srv/samba/home/johndoe" to get the
desired result.

Is there any 3rd-party AD-user-tool available which could solve the mentioned
points?

Mirco.

On 27/10/14 22:05, ?icro MEGAS wrote:
> Hello list,
>
> I am using the Microsoft ADUC (Active Directory Users & Computers) tool
from the RSAT suite for creating and modifying my domain users. I am aware of
the "copy" functionality which really is very nice to use.
Unfortunately I am missing two important actions during the user-creation
process which I try to describe:
>
> 1.) When I use the template feauture (by using the "Copy..."
user) command, the settings of the tab [Unix Attribute] cannot be copied to the
new user created. So after I copied/created the new user, I have manually to
open him, choose the [UNIX attribute] tab, then click on the
"NIS-domain" field to choose/active MYDOM from the pull-down list. By
doing so I am able to assign a uid to that user and thus allow my member server
winbind process to enumerate that particular user so he is able to access shares
on my member server.
>
> It would be really awesome if this step could be done magically without
extra intervention.
>
> 2.) Let's say I am creating the user "John Doe". During the
creation process, in the [Profile] tab I can choose to connect the home share of
that particular user, for example: "Connect Z:\ to
\\membersrv1\home\%username%" after I click the [OK] or [Apply] button, the
ADUC tool automatically is creating on-the-fly the directory
"\\membersrv1\home\johndoe" which works fine. That is a neat feauture
but in my opinion it has one big disadvantage ==> the directory .\johndoe on
the given share is created with the owner name of the user that is logged-in and
using the ADUC tool. In that example, the owner of the directory
"\\membersrv1\home\it-admin1" is "it-admin1". If I would
have used "smbmap" feauture and thus would have mapped it-admin1 to
the root account, the owner of that new automatically created directory would be
"root". In conclusion, that is very normal and I did expect that
behaviour. ADUC provides this feauture, but I would like to have the "owner
= johndoe" in that ca
>   se. ADUC cannot perform that, I understand it, so I would have to do a
"chown johndoe /srv/samba/home/johndoe" to get the desired result.
>
> Is there any 3rd-party AD-user-tool available which could solve the
mentioned points?
>
> Mirco.
Does it have to be a GUI tool and if it doesn't, does it have to run on 
windows ???

Rowland

> Comment from Rowland:
> ---------------------
> Does it have to be a GUI tool and if it doesn't, does it have to run on
windows ???
Hi Rowland,

it would be preferrable, yes. The reason I am asking for such a tool is related
to some of us IT-admins. There are people who are not involved with Linux and
prompts at all, so I'd like to have a GUI tool, similar to ADUC. Any help
appreciated. Thank you in advance.

Mirco

Hello Mirco,

first: I don't know any alternative GUI tool for administrating AD.

The only alternative could be to have a Samba AD based distro like
Univention, that ships it's own administration tools.


Am 27.10.2014 um 23:05 schrieb ?icro MEGAS:
> 1.) When I use the template feauture (by using the "Copy..."
user) command, the
> settings of the tab [Unix Attribute] cannot be copied to the new
> user created. So after I copied/created the new user, I have manually
> to open him, choose the [UNIX attribute] tab, then click on the
> "NIS-domain" field to choose/active MYDOM from the pull-down
list.
> By doing so I am able to assign a uid to that user and thus
> allow my member server winbind process to enumerate
> that particular user so he is able to access shares on my member server.
>
> It would be really awesome if this step could be
> done magically without extra intervention.

I think there's no way with ADUC.



> 2.) Let's say I am creating the user "John Doe". During the
creation
> process, in the [Profile] tab I can choose to connect the home
> share of that particular user, for example: "Connect Z:\ to
> \\membersrv1\home\%username%" after I click the [OK] or
> [Apply] button, the ADUC tool automatically is creating
> on-the-fly the directory "\\membersrv1\home\johndoe" which
> works fine. That is a neat feauture but in my opinion
> it has one big disadvantage ==> the directory .\johndoe
> on the given share is created with the owner name of the user
> that is logged-in and using the ADUC tool.
I think, this results from the ACLs you've set on the share.

Here's an example guide:
https://wiki.samba.org/index.php/Setting_up_a_home_share#Setting_up_the_share_and_filesystem_permissions

(Not tested): Additionally you will add your it-admin group with full
control or modify permissions to the security tab. Then click the
advanced button and change the permissions of that group from "This
folder, subfolders and files" to "This folder only".




Regards,
Marc