Am 2017-02-01 um 14:49 schrieb Rowland Penny via samba:> If you just run 'samba-tool user create testuser' you will get a user > without a uidNumber. See example5 from 'samba-tool user create --help' > for how to create a user with a uidNumber, but there is a gotcha, you > will need to track the next uidNumber or gidNumber yourself.yes, we figured that out and tested it already, thanks I will write some script or alias to read the highest uidnumber from LDAP for their admin. A bit strange to have to do that, but it seems to be so for samba domain servers, right?
On Wed, 1 Feb 2017 15:20:47 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-02-01 um 14:49 schrieb Rowland Penny via samba: > > > If you just run 'samba-tool user create testuser' you will get a > > user without a uidNumber. See example5 from 'samba-tool user create > > --help' for how to create a user with a uidNumber, but there is a > > gotcha, you will need to track the next uidNumber or gidNumber > > yourself. > > yes, we figured that out and tested it already, thanks > > I will write some script or alias to read the highest uidnumber from > LDAP for their admin. > > A bit strange to have to do that, but it seems to be so for samba > domain servers, right? > > >You don't need to do that, there are a couple of attributes (which you will probably not have) which will store the next uid & gidNumber. these are 'msSFU30MaxUidNumber' & 'msSFU30MaxGidNumber' and they should/can be here: dn: CN=samdom,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com Rowland
Am 2017-02-01 um 15:32 schrieb Rowland Penny via samba:> You don't need to do that, there are a couple of attributes (which you > will probably not have) which will store the next uid & gidNumber. > these are 'msSFU30MaxUidNumber' & 'msSFU30MaxGidNumber' and they > should/can be here: > dn: > CN=samdom,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=samdom,DC=example,DC=comWell, I have to "grep" them somewhere as well, right? Or can I point their admin to some spot in his Windows-Tools (RSAT) to read that? feels a bit strange to have to take care of these details I mean, ADS stores dozens of awkward values etc and then I as admin have to keep track of that one attribute? sorry, no ranting, just wondering. thanks for your help.