I am working to deploy Samba4 on the SME Server: A customized version of Centos with a web management GUI and configuration API. One of the challenges we see is how we synchronize our SME Server configuration API with users who are created using tools outside of *nix. For example if a user were created using the windows administration tools. Are there any triggers in Samba that could be set to let the system know a new user was created by tools other than those provided by Samba? Thanks, -- Greg J. Zartman Board Member Koozali Foundation, Inc. 2755 19th Street SE Salem, Oregon 97302 Cell: 541-5218449 SME Server user and community member since 2000
On 12/11/14 20:54, Greg Zartman wrote:> I am working to deploy Samba4 on the SME Server: A customized version of > Centos with a web management GUI and configuration API. > > One of the challenges we see is how we synchronize our SME Server > configuration API with users who are created using tools outside of *nix. > For example if a user were created using the windows administration tools. > > Are there any triggers in Samba that could be set to let the system know a > new user was created by tools other than those provided by Samba? > > Thanks, > >Hi Greg, the whole idea of Samba 4 running as an AD DC, is that you cannot tell it from a windows AD DC, so as far as I know, there is no way to tell where the user was created or how. Rowland
On Wed, 2014-11-12 at 12:54 -0800, Greg Zartman wrote:> I am working to deploy Samba4 on the SME Server: A customized version of > Centos with a web management GUI and configuration API. > > One of the challenges we see is how we synchronize our SME Server > configuration API with users who are created using tools outside of *nix. > For example if a user were created using the windows administration tools. > > Are there any triggers in Samba that could be set to let the system know a > new user was created by tools other than those provided by Samba?We do some things internally when a new user is created - the samldb module is one of the (many) places we hook on, in our ldb module stack. But yes, we don't call out to an external script any more. We also have to be a bit careful when doing so, as we would still be under the transaction lock. I agree we can improve in this area. We wouldn't match AD any more - all the servers would have to be matching Samba servers - but we should do better. Ideally we would re-use the existing option, to keep things consistent. Andrew Bartlett -- Andrew Bartlett samba.org/~abartlet Authentication Developer, Samba Team samba.org Samba Developer, Catalyst IT catalyst.net.nz/services/samba