I have created an AD domain controller using the following guide: wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller I am seeking to setup a domain member using the following guide: wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member I have opted to use idmap_ad using the following guide: wiki.samba.org/index.php/Idmap_config_ad All of the kerberos and DNS tests pass. On the member server wbinfo -u lists all the users user1 at jupiter:~$ wbinfo -u JUPITER\user1 user2 user1 administrator krbtgt guest On the member server wbinfo -g lists all the groups: user1 at jupiter:~$ wbinfo -g allowed rodc password replication group enterprise read-only domain controllers denied rodc password replication group read-only domain controllers group policy creator owners ras and ias servers domain controllers enterprise admins domain computers cert publishers dnsupdateproxy domain admins domain guests schema admins domain users dnsadmins On the member server getent passwd only lists only the users where a unix id has been set in ADUC. Does this mean the NIS domain and UID must be set for every user manually using the following: wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC It appears strange that this is not done when the domain was originally provisioned. When creating a new user is there a way to specify a default NIS domain and have the UID set automatically?
Hi Henry, I had exactly the same questions to the list about two months ago. See my answers to you below in your text. On 14.11.2015 06:25, Henry McLaughlin wrote:> I have created an AD domain controller using the following guide: > wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller > > I am seeking to setup a domain member using the following guide: > wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member > > I have opted to use idmap_ad using the following guide: > wiki.samba.org/index.php/Idmap_config_ad > > All of the kerberos and DNS tests pass. > > On the member server wbinfo -u lists all the users > [...] > > On the member server wbinfo -g lists all the groups: > [...] > > On the member server getent passwd only lists only the users where a unix > id has been set in ADUC. > > Does this mean the NIS domain and UID must be set for every user manually > using the following: > wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUCYes, it's just like that.> It appears strange that this is not done when the domain was originally > provisioned. > > When creating a new user is there a way to specify a default NIS domain and > have the UID set automatically?There seems no built-in way to do so, unfortunately. I guess that's because Samba does not want to assume a "one size fits all" approach. In order to achieve this, you would have to script user creation. Cheers, Viktor
On 14/11/15 05:25, Henry McLaughlin wrote:> I have created an AD domain controller using the following guide: > wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller > > I am seeking to setup a domain member using the following guide: > wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member > > I have opted to use idmap_ad using the following guide: > wiki.samba.org/index.php/Idmap_config_ad > > All of the kerberos and DNS tests pass. > > On the member server wbinfo -u lists all the users > user1 at jupiter:~$ wbinfo -u > JUPITER\user1 > user2 > user1 > administrator > krbtgt > guest > > On the member server wbinfo -g lists all the groups: > user1 at jupiter:~$ wbinfo -g > allowed rodc password replication group > enterprise read-only domain controllers > denied rodc password replication group > read-only domain controllers > group policy creator owners > ras and ias servers > domain controllers > enterprise admins > domain computers > cert publishers > dnsupdateproxy > domain admins > domain guests > schema admins > domain users > dnsadmins > > On the member server getent passwd only lists only the users where a unix > id has been set in ADUC.This is correct.> > Does this mean the NIS domain and UID must be set for every user manually > using the following: > wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUCYes, or you can use samba-tool> > It appears strange that this is not done when the domain was originally > provisioned.Why, how would the provision know that you have any Unix users, or what number to start them from.> > When creating a new user is there a way to specify a default NIS domain and > have the UID set automatically?Using samba-tool you can sort of do this, if you run 'samba-tool user create --help' it will list all the options you can set, but you will still have to give the NIS domain and UID. Rowland