Greeting- Ok I went back and re-read the page on the AD DC HowTo, and now I remember that it was the first way I tried to set up the server two weeks ago. When I tried to start the server it failed to start, which is why I went searching out an smb4.conf online. I can go through the setup from the start again, but I am still at a loss as to how to match the UID numbers in the Samba AD to the historical UID numbers that all the existing unix users have. The situation is that historically everything here was Unix of some sort, but we are adding a small flock of windows boxes, which is why I am looking at trying to bring Samba 4 on line. If someone can point me to a clear simple explanation on how to force particular UIDs in Samba I would appreciate that. I will tackle the lack of encryption once I get the UID situation solved. Here is a partial output of pdbedit -Lv for my account: Unix username: wynkoop NT username: Account Flags: [U ] User SID: S-1-5-21-3503051414-2097048719-4239445089-1105 Primary Group SID: S-1-5-21-3503051414-2097048719-4239445089-513 Full Name: Home Directory: HomeDir Drive: (null) Logon Script: Profile Path: Domain: Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 0 Kickoff time: never Password last set: Mon, 15 Dec 2014 15:17:39 EST Password can change: Mon, 15 Dec 2014 15:17:39 EST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF I am not sure what Rowland meant when he said give them a UIDnumber containing the numbers I need. I do not see any field marked as UID above. Do I need to extend the database with the addition of another field? Thanks so much everyone. It has been years since I needed to use samba, so I am climbing the learning curve on this new version. -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 A free people ought to be armed. - George Washington
I think Rowland meant to use rfc2307 attributes in your domain. Therefore it is needed to provision your domain with --use-rfc2307 parameter. When you have done this the schema doesn't need to be extended. When you are using ADUC in Windows, are you seeing a Unix tab in preferences of a user or group? If not you need to install the "Server for NIS Tools" extension for ADUC. Then you can Unix attribs in ADUC. Regards Tim Am 19. Dezember 2014 08:33:15 MEZ, schrieb Brett Wynkoop <wynkoop+samba at wynn.com>:>Greeting- > >Ok I went back and re-read the page on the AD DC HowTo, and now I >remember that it was the first way I tried to set up the server two >weeks ago. When I tried to start the server it failed to start, which >is >why I went searching out an smb4.conf online. > >I can go through the setup from the start again, but I am still at a >loss as to how to match the UID numbers in the Samba AD to the >historical UID numbers that all the existing unix users have. The >situation is that historically everything here was Unix of some sort, >but we are adding a small flock of windows boxes, which is why I am >looking at trying to bring Samba 4 on line. > >If someone can point me to a clear simple explanation on how to force >particular UIDs in Samba I would appreciate that. I will tackle the >lack of encryption once I get the UID situation solved. > >Here is a partial output of pdbedit -Lv for my account: > > >Unix username: wynkoop >NT username: >Account Flags: [U ] >User SID: S-1-5-21-3503051414-2097048719-4239445089-1105 >Primary Group SID: S-1-5-21-3503051414-2097048719-4239445089-513 >Full Name: >Home Directory: >HomeDir Drive: (null) >Logon Script: >Profile Path: >Domain: >Account desc: >Workstations: >Munged dial: >Logon time: 0 >Logoff time: 0 >Kickoff time: never >Password last set: Mon, 15 Dec 2014 15:17:39 EST >Password can change: Mon, 15 Dec 2014 15:17:39 EST >Password must change: never >Last bad password : 0 >Bad password count : 0 >Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF > >I am not sure what Rowland meant when he said give them a UIDnumber >containing the numbers I need. I do not see any field marked as UID >above. Do I need to extend the database with the addition of another >field? > >Thanks so much everyone. It has been years since I needed to use >samba, so I am climbing the learning curve on this new version. > >-Brett > >-- > >wynkoop at wynn.com >http://prd4.wynn.com/wynkoop/pgp-keys.txt >917-642-6925 >929-272-0000 > >A free people ought to be armed. - George Washington > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
On Fri, 19 Dec 2014 09:17:25 +0100 Tim <rintimtim at gmx.net> wrote:> I think Rowland meant to use rfc2307 attributes in your domain. > Therefore it is needed to provision your domain with --use-rfc2307 > parameter. When you have done this the schema doesn't need to be > extended.Hmmm well used rfc2307 on one of my previous attempts, but still saw no way to set the UID to what I wanted them to be. They were something like 5 or 6 digit numbers. So is there a way to force a particular UID, meaning can I create account smith with UID 553 in a Samba DC? My plan is after I figure this out to script the process and feed /etc/passwd into the AD. At the moment I do not have an MS-Windows box here yet, so I can not check what is shown in an MS-Windows control pannel. This task is in preparation for the arrival of a small flock of ms-windows boxes that are coming in for a special project, but they need to be integrated with the existing network of FreeBSD, Solaris, GNU/Linux and Mac OSX boxes, all of which are suing NIS and NFS. Since they can all authenticate against LDAP and Kerberos (AKA AD) my plan is to just move over to AD on a samba box, but if a user is on a Windows box I need him to have the same UID on created files as if he was on a Unix box. Did I miss something with smbpasswd or pdbedit where I can set specific UID just like I can by editing /etc/passwd? Here is something interesting..... root at prd2:/home/wynkoop # pdbedit -L | grep wynkoop wynkoop:34: root at prd2:/home/wynkoop # root at prd2:/home/wynkoop # id wynkoop uid=34(wynkoop) gid=34(wynkoop) groups=34(wynkoop),0(wheel),80(www) root at prd2:/home/wynkoop # root at prd2:/home/wynkoop # pdbedit -Lv wynkoop (config output snipped) ldb_wrap open of idmap.ldb Home server: prd2 Home server: prd2 Unix username: wynkoop NT username: Account Flags: [U ] User SID: S-1-5-21-3503051414-2097048719-4239445089-1105 Primary Group SID: S-1-5-21-3503051414-2097048719-4239445089-513 Full Name: Home Directory: HomeDir Drive: (null) Logon Script: Profile Path: Domain: Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 0 Kickoff time: never Password last set: Mon, 15 Dec 2014 15:17:39 EST Password can change: Mon, 15 Dec 2014 15:17:39 EST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Nowhere in the verbose output do I see 34, and then we have this: root at prd2:/archive/test # ls -l total 1 -rw-r--r-- 1 3000014 wheel 236 Dec 19 03:50 hosts root at prd2:/archive/test # Hosts was transferred into that directory using smbclient from another box and as you can see the owner is a user that does not exist on the system. How the heck did it come up with a UID of 3000014? So I think I am getting more confused as things go along. I have a mind to deinstall everything, remove all the database files and try again from scratch, but that still leaves the burning question how do I do something like this: root at prd2:/archive/test # adduser Username: bew Full name: B^C root at prd2:/archive/test # adduser Username: example Full name: Ex Ample Uid (Leave empty for default): 554 Login group [example]: Login group is example. Invite example into other groups? []: with Samba. I suppose I could drop back to samba 2 or 3, or run in legacy mode, but that is not what I would consider optimal. Thanks! -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 A free people ought to be armed. - George Washington