I am testing my new member server and have found the following. Found on the Sambawiki "Samba Member Server Troubleshooting" page: root at dtdc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ Users | grep 'gidNumber' root at dtdc01:~# My question is what is the best manner to add this uidNumber? Is there general instructions somewhere (that I have missed) for use of "ldbsearch, ldbmodify, etc." besides the 'manpage'? -- Bob Wooden
On 19/06/2020 15:11, Robert E. Wooden via samba wrote:> I am testing my new member server and have found the following. > > Found on the Sambawiki "Samba Member Server Troubleshooting" page: > > root at dtdc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ > Users | grep 'gidNumber' > root at dtdc01:~# > > My question is what is the best manner to add this uidNumber?I take it you mean 'gidNumber' ;-) The easiest way is to upgrade to 4.12.x and then use 'samba-tool group addunixattrs', otherwise you could use ldbedit or create an ldif and use ldbmodify or ldapmodify. Another option would be to use something like LAM. Rowland
On Fri, Jun 19, 2020 at 10:11 AM Robert E. Wooden via samba < samba at lists.samba.org> wrote:> My question is what is the best manner to add this uidNumber? >Hi Robert, One of the primary functions of my utility, "ADMan", is to assign uidNumber/gidNumber attributes to users and groups: https://gitlab.com/JonathonReinhart/adman Jonathon
On 6/19/2020 10:00 AM, Rowland penny via samba wrote:> > I take it you mean 'gidNumber' ;-)Sorry, yes you are correct . . . gidNumber. (on Debian 10.4 with Samba 4.12.3) So I did: root at dc01:~# samba-tool group add unixattrs Added group unixattrs root at dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ Users | grep 'gidNumber' root at dc01:~# Still no gidNumber is offered. I see that it did add a unixattrs group (samba-tool group list). Did I misunderstand? -- Bob Wooden
On 6/19/2020 10:00 AM, Rowland penny via samba wrote:> > The easiest way is to upgrade to 4.12.x and then use '_*samba-tool > group addunixattrs*_', otherwise you could use ldbedit or create an > ldif and use ldbmodify or ldapmodify. Another option would be to use > something like LAM. > > RowlandSorry, but, there is what you told me to do in your first email reply. AND it does not matter to me, who did what. I have already _deleted the "unixattrs" group that had been created_. Now, on to this. When I do this: root at dc01:~# samba-tool? group list Server Operators Distributed COM Users IIS_IUSRS Group Policy Creator Owners Domain Computers Print Operators Cert Publishers DnsAdmins Incoming Forest Trust Builders Guests Event Log Readers Backup Operators Replicator Domain Admins Cryptographic Operators Windows Authorization Access Group Terminal Server License Servers RAS and IAS Servers Network Configuration Operators Allowed RODC Password Replication Group Remote Desktop Users Denied RODC Password Replication Group Enterprise Read-only Domain Controllers Performance Log Users Read-only Domain Controllers Enterprise Admins Users Account Operators Performance Monitor Users Domain Guests Domain Users Schema Admins Pre-Windows 2000 Compatible Access DnsUpdateProxy Certificate Service DCOM Access Domain Controllers Administrators I do not see a group "addunixattrs"? If I run your suggestion "/samba-tool group addunixattrs <groupnane> <next_available_gidNumber>/" how do I determine the "<next_available_gidNumber>" or is that "next number" found by your command suggestion? Clearly, the "groupname" is 'Domain Users'. Finding the "next gidNumber" becomes the next question? Bob Wooden