Am 2017-02-01 um 15:32 schrieb Rowland Penny via samba:> You don't need to do that, there are a couple of attributes (which you > will probably not have) which will store the next uid & gidNumber. > these are 'msSFU30MaxUidNumber' & 'msSFU30MaxGidNumber' and they > should/can be here: > dn: > CN=samdom,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=samdom,DC=example,DC=comWell, I have to "grep" them somewhere as well, right? Or can I point their admin to some spot in his Windows-Tools (RSAT) to read that? feels a bit strange to have to take care of these details I mean, ADS stores dozens of awkward values etc and then I as admin have to keep track of that one attribute? sorry, no ranting, just wondering. thanks for your help.
On Thu, 2 Feb 2017 11:01:06 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-02-01 um 15:32 schrieb Rowland Penny via samba: > > > You don't need to do that, there are a couple of attributes (which > > you will probably not have) which will store the next uid & > > gidNumber. these are 'msSFU30MaxUidNumber' & 'msSFU30MaxGidNumber' > > and they should/can be here: > > dn: > > CN=samdom,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com > > Well, I have to "grep" them somewhere as well, right? > Or can I point their admin to some spot in his Windows-Tools (RSAT) to > read that? > > feels a bit strange to have to take care of these details > > I mean, ADS stores dozens of awkward values etc and then I as admin > have to keep track of that one attribute? > > sorry, no ranting, just wondering. > thanks for your help. > >If you use the Unix Attributes tab on ADUC, these are the attributes that are used, but ADUC has the code to use them, samba-tool doesn't! Rowland
Am 2017-02-02 um 11:25 schrieb Rowland Penny via samba:> If you use the Unix Attributes tab on ADUC, these are the attributes > that are used, but ADUC has the code to use them, samba-tool doesn't!I (try to) see it from the user perspective: I as user want to create users that work in all my ADS-domain, on all of my samba-domain-member-servers, with as little overhead or additional administrative steps necessary. And I ask for how to do that. If we have to create users on ADUC, ok with me. If it is better to create them with samba-tool, ok as well. -> searching for the recommended way or "best practice"