Andrey Repin
2015-Apr-08 21:01 UTC
[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?
Greetings, All! I've added a few domain users/groups for test, but they don't have ?idNumber, even though the relevant schema is loaded? How can I tell it to include relevant schema for all newly created users/groups? -- With best regards, Andrey Repin Wednesday, April 8, 2015 20:52:10 Sorry for my terrible english...
Rowland Penny
2015-Apr-09 15:22 UTC
[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?
On 08/04/15 22:01, Andrey Repin wrote:> Greetings, All! > > I've added a few domain users/groups for test, but they don't have ?idNumber, > even though the relevant schema is loaded? > How can I tell it to include relevant schema for all newly created > users/groups? > >Well, you could try walking up to the DC and giving it a good talking to :-D But seriously, your choices are a bit limited, you can use ADUC on a windows machine, this involves creating a user and then adding the required attributes with the UNIX attributes tab. You could create your users with samba-tool, but you will need the latest samba 4 to get all the required attributes and you will still have to keep a record of the uidNumbers & gidNumbers you have used, samba-tool will not do this. Other than this, you can write your own scripts in your favourite computer language. Rowland
Andrey Repin
2015-Apr-09 16:17 UTC
[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?
Greetings, Rowland Penny!>> I've added a few domain users/groups for test, but they don't have ?idNumber, >> even though the relevant schema is loaded? >> How can I tell it to include relevant schema for all newly created >> users/groups? >> >>> Well, you could try walking up to the DC and giving it a good talking to > :-D> But seriously, your choices are a bit limited, you can use ADUC on a > windows machine, this involves creating a user and then adding the > required attributes with the UNIX attributes tab. You could create your > users with samba-tool, but you will need the latest samba 4 to get all > the required attributes and you will still have to keep a record of the > uidNumbers & gidNumbers you have used, samba-tool will not do this. > Other than this, you can write your own scripts in your favourite > computer language.That's kind of not what I would expect from Linux system. smbldap-tools were crude, but an order of magnitude more effective, as they allowed me to have working installation for years without an issue other, than inability to correctly join only Win7 machine I had in the network. I have ~50 users in the domain, of them, 10 are Linux systems and 6 Windows, 25 are users that accessing Linux systems directly in one or another way, so they do need correct uidNumber at all times, and 8 that only access Linux file server through Samba share. While not necessary, I would still like to see their SID's resolved to uid properly, when viewing the share from Linux side. The last account? That is me. It have uid=1000 and is basically duplicated on all Linux systems already. -- With best regards, Andrey Repin Thursday, April 9, 2015 19:10:25 Sorry for my terrible english...