On 16/10/15 16:51, Sketch wrote:> On Fri, 16 Oct 2015, Rowland Penny wrote:
>
>> Hi, do your users have a uidNumber attribute containing a unique
>> number between 10000 to 999999 ?
>> Also, does 'Domain Users' have a gidNumber, again inside the
>> 10000-99999 range ?
>>
>> These attributes *do not* exist as standard, you have to create them
>> manually, either using the ADUC Unix Attributes tab or by directly
>> editing AD, you cannot do this with samba-tool.
>
> You are correct about groups. The samba-tool group add command has no
> provision to specify a gid. The only way to give a group a gid is by
> modifying the LDAP entry with ADUC or ldbmodify/ldbedit or the like.
>
> However, while you also can't do this for existing users with
> samba-tool, you can do it for new users (once you have your groups set
> up):
Your version of samba-tool must be a bit old, you can now add a
gidNumber when you create a group. None of this will help the OP if
their users and groups don't have a uid/gidNumber, you cannot add them
with samba-tool and as you say the admin users has to keep track of them
themselves, even though there are two attributes available to do this
for you.
>
> samba-tool user create jsmith --uid-number=10000 --gid-number=10000
>
> See "samba-tool user create --help" for all the options. Note
that
> samba-tool will not prevent you from assigning the same UID to two
> users, you must make sure the UIDs are unique yourself. Wouldn't be
> too hard to write a wrapper script that does a getent passwd and picks
> the next unused sequential number.
>
You are quite correct, It isn't hard to write a wrapper script.
Rowland