samba - Jan 2015 - How to provision many users with unix Attributes without RSAT

Hi,

I would like to provision a huge number of users to a Samba AD/DC and I
would like to have the unix attributes set too. I don't want to use the
RSAT GUI and manually set each.

Is there any tool or script I can use to get that?

I have identified some attributes in the AD that are added when I set unix
attributes with RSAT GUI. However there must be more changes...


These are the attributes:

msSFU30Name:
msSFU30NisDomain:
loginShell:
gidNumber:
uid:
uidNumber:
unixHomeDirectory:
unixUserPassword::

I don't know how the unixUserPassword is obtained.

The uid and uidNumber must be unique afaik, but there must be a last used
uid or something... If I add the unix attributes manually without the RSAT
GUI (the uid is the next free one) when I run the RSAT GUI on another user
it chooses a uid already used.



Thank you!

Best regards.

On 23/01/15 08:36, Luis Sanchez wrote:
> Hi,
>
> I would like to provision a huge number of users to a Samba AD/DC and I
> would like to have the unix attributes set too. I don't want to use the
> RSAT GUI and manually set each.
>
> Is there any tool or script I can use to get that?
>
> I have identified some attributes in the AD that are added when I set unix
> attributes with RSAT GUI. However there must be more changes...
>
>
> These are the attributes:
>
> msSFU30Name:
> msSFU30NisDomain:
> loginShell:
> gidNumber:
> uid:
> uidNumber:
> unixHomeDirectory:
> unixUserPassword::
>
> I don't know how the unixUserPassword is obtained.
>
> The uid and uidNumber must be unique afaik, but there must be a last used
> uid or something... If I add the unix attributes manually without the RSAT
> GUI (the uid is the next free one) when I run the RSAT GUI on another user
> it chooses a uid already used.
>
>
>
> Thank you!
>
> Best regards.
You can do this with ldbmodify by writing your own script.

I also think that you are getting a bit mixed up over 'uid' & 
'uidNumber'. The 'uid' attribute should contain what is in 
'sAMAccountName' and uidNumber is a unique number to identify the user 
on Unix.

'unixUserPassword' will for the present contain
'ABCD!efgh12345$67890',
this is the default if unix password sync is not enabled and at present 
you cannot enable it on a Samba AD DC.

You also need to know about a couple more attributes 
'msSFU30MaxUidNumber' & 'msSFU30MaxGidNumber', these
attributes hold the
next available 'uidNumber' & 'gidNumber' and both start from
'10000' if
you use ADUC. These attributes do not exist as standard and will need to 
be created, they need to be added to 
'CN=<workgroup>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=example,DC=com'

Rowland

Thank you Rowland for the explanation.

I think I will use samba-tool + some other script to add all the unix
attributes. Maybe these tool https://github.com/laotse/SambaPosix