> 2018-07-23 18:38 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>: >> Then it looks like I need to add something to the Samba wiki about this. > > Hi: > maybe. please wait a moment. I will re-setup the environment to > check it the theory is correct.Hi: the theory seems correct. although I don't have windows with ADUC for my testing domain, I can only use ldbmodify to add rfc2307 attributes for "Domain Users" group like below: msSFU30NisDomain: samdom gidNumber: 10513 msSFU30Name: Domain Users the gidNumber seems can be anything inside the idmap range. then I create user and I can use "getent passwd" to see the user without user login. BTW, I don't see document in the wiki for adding rfc2307 attributes for "domain users". maybe I miss it?
On Mon, 23 Jul 2018 19:45:11 +0800 d tbsky <tbskyd at gmail.com> wrote:> > 2018-07-23 18:38 GMT+08:00 Rowland Penny via samba > > <samba at lists.samba.org>: > >> Then it looks like I need to add something to the Samba wiki about > >> this. > > > > Hi: > > maybe. please wait a moment. I will re-setup the environment to > > check it the theory is correct. > > Hi: > the theory seems correct. although I don't have windows with ADUC > for my testing domain, I can only use ldbmodify to add rfc2307 > attributes for "Domain Users" group like below: > > msSFU30NisDomain: samdom > gidNumber: 10513 > msSFU30Name: Domain Users > > the gidNumber seems can be anything inside the idmap range. then I > create user and I can use "getent passwd" to see the user without user > login. > > BTW, I don't see document in the wiki for adding rfc2307 attributes > for "domain users". maybe I miss it?There is a good reason for this, the page was never written, something else for my TODO list ;-) Rowland
2018-07-23 19:56 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 23 Jul 2018 19:45:11 +0800 >> BTW, I don't see document in the wiki for adding rfc2307 attributes >> for "domain users". maybe I miss it? > > There is a good reason for this, the page was never written, something > else for my TODO list ;-) > > RowlandHi: anyway thanks a lot for figure out the problem. maybe you should just promote "unix_primary_group = yes". it seems much simple and clear. the disadvantage is that user may have different primary group under windows and unix. but I can live with it. it really make life easier.