samba - Apr 2015 - How can I have new users/groups to include posixAccount/posixGroup schema automatically?

Greetings, Rowland Penny!
>>>>>>> well tough, the smbldap-tools were written to do a
job, map windows
>>>>>>> users to unix users and vice versa.
>>>>>> No. smbldap-tools were doing exactly the same as AD do:
kept all users in one
>>>>>> database.
>>>>>>
>>>>> Similar, but not the same, with smbldap-tools you had Unix
and ldap
>>>>> users,
>>>> If you want to put it that way...
>>>>
>>>>> with Samba4 AD,
>>>> ...I have Unix and AD users.
>>>>
>>>>> just like windows AD, you just have AD users.
>>>> No.
>>> Lets put it this way, you cannot have a local Unix user and an AD
user
>>> with the same name.
>> That is true for LDAP users as well. When LDAP available, it always
overshadow
>> my local account with LDAP one.
> This is one area you need to read up on, whilst with LDAP you can have a 
> user called 'joe' in /etc/passwd and LDAP, you cannot do this with
AD,
> your users must be either in /etc/passwd or AD, but not in both.
$ id
uid=1000(anrdaemon) gid=1000(anrdaemon)
groups=1000(anrdaemon),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),114(lpadmin),118(sambashare),120(admin),512(domain
admins),513(domain users)

Practice >>> Theory
>>>>> The user tools are there, they are mostly on windows
though.
>>>> Can you list some of them?
>>>> RSAT is not an option - the only Win7 Pro system at work is a
render farm that
>>>> have its own work to do, than to let me twitch the checkboxes
in some
>>>> overloaded GUI.
So, what about tools?
Do you really know any, or just throwing ideas to the wind?
>>> If you only have access to one windows domain machine, why are you
>>> running an AD domain, you would probably be better of running NFS
>> I have six Windows machines that I'm responsible for. Only one of
them is Win7.
>> There's other machines (personal notebooks that are not part of the
domain),
>> that are using SSH/VPN/CIFS access to the servers.
>>
>>> I am coming to believe that you want everything handing to you on
plate,
>>> i.e. you don't really want to help yourself, you want everybody
to do
>>> your work for you.
>> I've already "helped myself" in the past three months.
That's a big chunk of
>> life taken away by something that should have been a relatively simple
>> process.
>> All I want now is a working system that would not require my everyday
>> attention for the next seven years.
>> Is this too much to ask for?
>>
>>


-- 
With best regards,
Andrey Repin
Friday, April 10, 2015 15:23:25

Sorry for my terrible english...

On 10/04/15 13:50, Andrey Repin wrote:
> Greetings, Rowland Penny!
>
>>>>>>>> well tough, the smbldap-tools were written to
do a job, map windows
>>>>>>>> users to unix users and vice versa.
>>>>>>> No. smbldap-tools were doing exactly the same as AD
do: kept all users in one
>>>>>>> database.
>>>>>>>
>>>>>> Similar, but not the same, with smbldap-tools you had
Unix and ldap
>>>>>> users,
>>>>> If you want to put it that way...
>>>>>
>>>>>> with Samba4 AD,
>>>>> ...I have Unix and AD users.
>>>>>
>>>>>> just like windows AD, you just have AD users.
>>>>> No.
>>>> Lets put it this way, you cannot have a local Unix user and an
AD user
>>>> with the same name.
>>> That is true for LDAP users as well. When LDAP available, it always
overshadow
>>> my local account with LDAP one.
>> This is one area you need to read up on, whilst with LDAP you can have
a
>> user called 'joe' in /etc/passwd and LDAP, you cannot do this
with AD,
>> your users must be either in /etc/passwd or AD, but not in both.
> $ id
> uid=1000(anrdaemon) gid=1000(anrdaemon)
groups=1000(anrdaemon),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),114(lpadmin),118(sambashare),120(admin),512(domain
admins),513(domain users)
>
> Practice >>> Theory
OK, I will accept your so called 'Practise' and raise you an actual 
attempt to create a Unix user that already exists in AD:

root at dtest:~# getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
root at dtest:~# useradd -d /home/rowland -g domain_users -m -p xxxxxxxxxxx 
rowland
useradd: user 'rowland' already exists

>
>>>>>> The user tools are there, they are mostly on windows
though.
>>>>> Can you list some of them?
>>>>> RSAT is not an option - the only Win7 Pro system at work is
a render farm that
>>>>> have its own work to do, than to let me twitch the
checkboxes in some
>>>>> overloaded GUI.
> So, what about tools?
> Do you really know any, or just throwing ideas to the wind?
>
If you were not such a know it all, I may have shared my tools with you, 
but from the way you are talking, you can go whistle.

Rowland

Greetings, Rowland Penny!
>>>>>>>>> well tough, the smbldap-tools were written
to do a job, map windows
>>>>>>>>> users to unix users and vice versa.
>>>>>>>> No. smbldap-tools were doing exactly the same
as AD do: kept all users in one
>>>>>>>> database.
>>>>>>>>
>>>>>>> Similar, but not the same, with smbldap-tools you
had Unix and ldap
>>>>>>> users,
>>>>>> If you want to put it that way...
>>>>>>
>>>>>>> with Samba4 AD,
>>>>>> ...I have Unix and AD users.
>>>>>>
>>>>>>> just like windows AD, you just have AD users.
>>>>>> No.
>>>>> Lets put it this way, you cannot have a local Unix user and
an AD user
>>>>> with the same name.
>>>> That is true for LDAP users as well. When LDAP available, it
always overshadow
>>>> my local account with LDAP one.
>>> This is one area you need to read up on, whilst with LDAP you can
have a
>>> user called 'joe' in /etc/passwd and LDAP, you cannot do
this with AD,
>>> your users must be either in /etc/passwd or AD, but not in both.
>> $ id
>> uid=1000(anrdaemon) gid=1000(anrdaemon)
groups=1000(anrdaemon),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),114(lpadmin),118(sambashare),120(admin),512(domain
admins),513(domain users)
>>
>> Practice >>> Theory
> OK, I will accept your so called 'Practise' and raise you an actual
> attempt to create a Unix user that already exists in AD:
> root at dtest:~# getent passwd rowland
> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
> root at dtest:~# useradd -d /home/rowland -g domain_users -m -p xxxxxxxxxxx
> rowland
> useradd: user 'rowland' already exists
You said "can't have", not "can't create".
Creation of existing user will predictable fail.
>>>>>>> The user tools are there, they are mostly on
windows though.
>>>>>> Can you list some of them?
>>>>>> RSAT is not an option - the only Win7 Pro system at
work is a render farm that
>>>>>> have its own work to do, than to let me twitch the
checkboxes in some
>>>>>> overloaded GUI.
>> So, what about tools?
>> Do you really know any, or just throwing ideas to the wind?
>>
> If you were not such a know it all, I may have shared my tools with you, 
> but from the way you are talking, you can go whistle.
You resorted to trolling? That's a new low.


-- 
With best regards,
Andrey Repin
Friday, April 10, 2015 17:03:47

Sorry for my terrible english...