Thanks Rowland for the quick answer!! :) If you are going to use more> than one Unix domain member as a fileserver, then you will probably be > better off using the winbind ad backend, this way you can ensure your > users and groups have the same ID everywhere.Maybe in the near future I'll set up a new fileserver. That way, I believe that ad as a backend is the best choice. I have about 1000 users in our DC. They are all without unix attributes configured, as I inserted them via script + samba-tool. I know I can edit each user via "samba-too user edit <options>". Knowing this, I believe it is possible to insert these attributes via script. In the script I commented above, I inserted users by reading a csv file that contained those users. Can I read these users directly from DC to insert the new attributes? On Fri, Dec 1, 2017 at 2:43 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 1 Dec 2017 14:14:05 -0200 > Elias Pereira via samba <samba at lists.samba.org> wrote: > > > Hello friends, > > > > My doubts are as follows. In an environment where we have, for > > example, 1000 users, I believe that rid would be the best choice in a > > fileserver environment, because we don't need to manually configure > > via RSAT a unix attribute for each user. > > > > Is that more or less the thought, or am I wrong? > > > > If you don't want to add anything to AD and you can live with all your > users having the same login shell and Unix home directory, then the > winbind rid backend is a good choice. If you are going to use more > than one Unix domain member as a fileserver, then you will probably be > better off using the winbind ad backend, this way you can ensure your > users and groups have the same ID everywhere. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira
On Fri, 1 Dec 2017 15:00:39 -0200 Elias Pereira <empbilly at gmail.com> wrote:> Thanks Rowland for the quick answer!! :) > > If you are going to use more > > than one Unix domain member as a fileserver, then you will probably > > be better off using the winbind ad backend, this way you can ensure > > your users and groups have the same ID everywhere. > > > Maybe in the near future I'll set up a new fileserver. That way, I > believe that ad as a backend is the best choice. > > I have about 1000 users in our DC. They are all without unix > attributes configured, as I inserted them via script + samba-tool. I > know I can edit each user via "samba-too user edit <options>". > Knowing this, I believe it is possible to insert these attributes via > script. > > In the script I commented above, I inserted users by reading a csv > file that contained those users. Can I read these users directly from > DC to insert the new attributes? >Probably, you could read them via ldap or 'samba-tool user list' or 'wbinfo -u', etc Rowland
Rowland, I found something related that you were doing. "[PATCH] samba-tool: Easily edit a users object in AD" Did you finish the script? On Fri, Dec 1, 2017 at 3:24 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 1 Dec 2017 15:00:39 -0200 > Elias Pereira <empbilly at gmail.com> wrote: > > > Thanks Rowland for the quick answer!! :) > > > > If you are going to use more > > > than one Unix domain member as a fileserver, then you will probably > > > be better off using the winbind ad backend, this way you can ensure > > > your users and groups have the same ID everywhere. > > > > > > Maybe in the near future I'll set up a new fileserver. That way, I > > believe that ad as a backend is the best choice. > > > > I have about 1000 users in our DC. They are all without unix > > attributes configured, as I inserted them via script + samba-tool. I > > know I can edit each user via "samba-too user edit <options>". > > Knowing this, I believe it is possible to insert these attributes via > > script. > > > > In the script I commented above, I inserted users by reading a csv > > file that contained those users. Can I read these users directly from > > DC to insert the new attributes? > > > > Probably, you could read them via ldap or 'samba-tool user list' or > 'wbinfo -u', etc > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira