Am 2017-09-01 um 10:32 schrieb Rowland Penny via samba:> On Fri, 1 Sep 2017 10:09:43 +0200 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:>> In general: why isn't that attribute added automatically? > > Because no one knows what to set the ID to and Samba doesn't have the > 'counting' attributes by default.aha ... And how do *I* know what to set the ID to?> Probably because the create command wasn't run correctly, to create a > Unix user with samba-tool you need something like this: > > samba-tool user create User5 passw5rd --nis-domain=samdom > --unix-home=/home/User5 --uid-number=10005 --login-shell=/bin/false > --gid-number=10000 > > Your user was probably created with this: > > samba-tool user create User5 passw5rd > > Which makes it just a windows user.fine, will test that asap, thanks.>>> If you want to add rfc2307 attributes, then you will have to write >>> your own scripts, there are no Samba tools to do this. >> >> I expected things to get easier with ADS ;-) > > Once you get everything right, it is ;-):-P
Am 2017-09-01 um 10:36 schrieb Stefan G. Weichinger via samba:>> samba-tool user create User5 passw5rd >> >> Which makes it just a windows user.Additional q: how to *add* that attribute without re-creating that user? Or can I recreate a user that has already been used to log into a Windows PC (and has its profile there already etc)? I assume that this wouldn't work because of some mismatching IDs etc etc ?
Just follow the win 7 steps. https://wiki.samba.org/index.php/Installing_RSAT And make sure you activate : Server for NIS Tools Samba get the next uid/gid from AD. ( starts normaly at 10.000 uid and gid. ) If you goto a user his unix tap, and select you NIX domain, the first next uid is used. If you have multple groups with GID, make sure you select the correct "primary group" I suggest, use only Domain Users for all you windows users. ( linux only users from Ad can be any GID, imo. ) This has all todo with GPO settings, share rights, etc. You can configure template (shell/homedir) on the servers als fallback if you forget to set shell or homedir. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: vrijdag 1 september 2017 10:46 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] user works on DC, not on DM > > Am 2017-09-01 um 10:36 schrieb Stefan G. Weichinger via samba: > > >> samba-tool user create User5 passw5rd > >> > >> Which makes it just a windows user. > > Additional q: how to *add* that attribute without re-creating > that user? > > Or can I recreate a user that has already been used to log > into a Windows PC (and has its profile there already etc)? I > assume that this wouldn't work because of some mismatching > IDs etc etc ? > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Fri, 1 Sep 2017 10:36:38 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-09-01 um 10:32 schrieb Rowland Penny via samba: > > On Fri, 1 Sep 2017 10:09:43 +0200 > > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > > >> In general: why isn't that attribute added automatically? > > > > Because no one knows what to set the ID to and Samba doesn't have > > the 'counting' attributes by default. > > aha ... > > And how do *I* know what to set the ID to?This is your decision and why you must set ' idmap config SAMDOM : range =' in smb.conf on a Unix domain member. You set it based on what you have set your uidNumber & gidNumber attributes in AD. RSAT using the 'Unix attributes' starts at 10000 by default. Rowland
Am 2017-09-01 um 11:31 schrieb L.P.H. van Belle:> Just follow the win 7 steps. > > https://wiki.samba.org/index.php/Installing_RSAT > > And make sure you activate : Server for NIS Tools > > Samba get the next uid/gid from AD. ( starts normaly at 10.000 uid and gid. ) > > If you goto a user his unix tap, and select you NIX domain, the first next uid is used. > If you have multple groups with GID, make sure you select the correct "primary group" > I suggest, use only Domain Users for all you windows users. > ( linux only users from Ad can be any GID, imo. ) > This has all todo with GPO settings, share rights, etc. > > You can configure template (shell/homedir) on the servers als fallback if you forget to set shell or homedir.yes, thanks, we check that asap (the admin there is at home already today) ...