samba - Nov 2016 - Using samba-tool to modify group?

Sorry if I am being dense here.

I want to add a gidNumber attribute to the existing group "Domain 
Users". Is this possible using samba-tool? If not, what's the 
recommended way - using ldapmodify?

I can see that "samba-tool group add" supports a --gid-number flag,
but
as this is an important system group I don't want to delete and recreate 
it just to add this attribute.

Thanks,

Brian.

On Mon, 21 Nov 2016 10:57:03 +0000
Brian Candler via samba <samba at lists.samba.org> wrote:
> Sorry if I am being dense here.
> 
> I want to add a gidNumber attribute to the existing group "Domain 
> Users". Is this possible using samba-tool? If not, what's the 
> recommended way - using ldapmodify?
> 
> I can see that "samba-tool group add" supports a --gid-number
flag,
> but as this is an important system group I don't want to delete and
> recreate it just to add this attribute.
> 
> Thanks,
> 
> Brian.
> 
> 
Quickest and easiest way for just one attribute, use 'ldbedit'.

run it on a Samba DC:

ldbedit -e nano -H /usr/local/samba/private/sam.ldb

You can either replace 'nano' with your favourite editor or even leave
it out, in which case it will use 'vi'

You will possibly also have to change the path to 'sam.ldb'

Once you have AD open in the editor, search for 'CN=Domain Users', then
add 'gidNumber: <whatever number you want>' somewhere in the
Domain
Users object, close and save.

Or you could use 'ldbmodify', but this will entail creating an ldif and
feeding this to 'ldbmodify'

Rowland

On 21/11/2016 11:09, Rowland Penny wrote:
> Quickest and easiest way for just one attribute, use 'ldbedit'.
>
> ...
>
> Or you could use 'ldbmodify', but this will entail creating an ldif
and
> feeding this to 'ldbmodify'
OK that's clear, thank you!