All is going well with samba-tool create [user] except for userou=USEROU.
In ADUC. My domain users ou are "down in the tree" further than the
default
OU (used in samba-tool create [user] command.)
Like so:
ad.example.com (domain name)
|>> Users (default location "user create" puts
entry)
|>> CompanyName
|>> Mmbr-folder-redirection (the ou I'd like to have
"user create" place new user entry)
I have tried "userou='Mmbr-folder-redirection'" and it fails
with:
> root at dc1:~# samba-tool user create jean25 --given-name=Jean
--initials=25
> --surname=Samba --uid-number=18700 --gid-number=10000 --profile-path=\\\\
> mbr04.ad.example.com\\profiles\\jean25 --home-drive=M
> --home-directory=\\\\mbr04.ad.example.com\\users\\jean25
*--userou=?OU=Mmbrs-folder-redirection?
> *--password=PASSWORD1
> New Password:
> Retype Password:
> ERROR(<class 'ValueError'>): Failed to add user
'jean25': - unable to
> parse dn string
> File "/usr/lib/python3/dist-packages/samba/netcmd/user.py",
line 395, in
> run
> smartcard_required=smartcard_required)
> File "/usr/lib/python3/dist-packages/samba/samdb.py", line 528,
in
> newuser
> ldbmessage2.dn = ldb.Dn(self, user_dn)
>
I have tried
"userou='Mmbr-folder-redirection,OU='CompanyName'" and it
fails with:
> root at dc1:~# samba-tool user create jean25 --given-name=Jean
--initials=25
> --surname=Samba --uid-number=18700 --gid-number=10000 --profile-path=\\\\
> mbr04.ad.example.com\\profiles\\jean25 --home-drive=M
> --home-directory=\\\\mbr04.ad.example.com\\users\\jean25
> *--userou=?OU=DmnMmbrs-folder-redirection,OU=CompanyName?*
> --password=PASSWORD1
> New Password:
> Retype Password:
> ERROR(<class 'ValueError'>): Failed to add user
'jean25': - unable to
> parse dn string
> File "/usr/lib/python3/dist-packages/samba/netcmd/user.py",
line 395, in
> run
> smartcard_required=smartcard_required)
> File "/usr/lib/python3/dist-packages/samba/samdb.py", line 528,
in
> newuser
> ldbmessage2.dn = ldb.Dn(self, user_dn)
>
Per samba-tool user create --help
> ....snipped....
>
Example3:> samba-tool user create User3 passw3rd *--userou='OU=OrgUnit'*
>
....snipped....>
--userou=USEROU DN of alternative location (> *without domainDN counterpart*) to default
> CN=Users in which new user
> object will be created. E. g. 'OU=<OU
name>'
>
....snipped....>
I tried reversing the order "
*OU=CompanyName,OU=DmnMmbrs-folder-redirection*" in the create string and
got the same failure.
How is "userou=" intended to be configured?
On 11/10/2020 12:42, Robert Wooden via samba wrote:> All is going well with samba-tool create [user] except for userou=USEROU. > > How is "userou=" intended to be configured?Lets start with the other mistakes you have first: You do not put the users password here (if that is what you are trying to do): --password=PASSWORD1 It goes here: samba-tool user create USERNAME PASSWORD You have: --home-drive=M It should be: --home-drive=M: (note the ':' at the end) Now we come to the OU. You show two variants of your OU: OU=Mmbrs-folder-redirection and OU=DmnMmbrs-folder-redirection,OU=CompanyName If your OU is at 'OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=ad,DC=example,DC=com', then you should be using something like --userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName' or to put it another way, it is the OU's DN with the base DN removed. The OU path must exist, it will not be created. Rowland
Yes, thank you for the guidance. Regarding "*You do not put the users password here (if that is what you are trying to do): --password=PASSWORD1*" My experience has been this, no matter where I put "--password=" in the string, after the "user" as the manpage suggests or the end. When I run the create string I am asked for a "New Password:' and then "Retype Password:". Which is fine by me, I want a different password for the test users anyway. Hence, in testing I just left the --password at the end of the string because it did not seem to matter, Samba still asked to enter New and Retype New. Regarding "*--home-drive=M: (note the ':' at the end)*" thanks, it makes sense to add the colon. But, I will comment that on the W10 side the "M" by itself is working fine. Finally regarding the userou=. At this point I have a very simple, *almost default* ou structure. I have added only a "CompanyName OU" and two (2) subOU's of the "CompanyName OU", they are "DmnMmbrs-folder-redirection" and "DmnMmbrUsers". Only "DmnMmbrs-folder-redirection" have any GPO's applied to it. I have tried the same order of OU's you suggest (yes, with the single quotation marks and no spaces in the OU's) and as well have reversed the order of the OU's. Both sequences failed, as my previous email indicated. So, yes, as I read the manpage and it should work in the manner you suggest but, it does not. What else do you need to know? Log files? (If so, please which ones?) On Sun, Oct 11, 2020 at 7:26 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 11/10/2020 12:42, Robert Wooden via samba wrote: > > All is going well with samba-tool create [user] except for userou=USEROU. > > > > How is "userou=" intended to be configured? > > Lets start with the other mistakes you have first: > > You do not put the users password here (if that is what you are trying > to do): --password=PASSWORD1 > > It goes here: samba-tool user create USERNAME PASSWORD > > You have: --home-drive=M > > It should be: --home-drive=M: (note the ':' at the end) > > Now we come to the OU. > > You show two variants of your OU: OU=Mmbrs-folder-redirection and > OU=DmnMmbrs-folder-redirection,OU=CompanyName > > If your OU is at > 'OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=ad,DC=example,DC=com', > then you should be using something like > --userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName' or to put it > another way, it is the OU's DN with the base DN removed. > > The OU path must exist, it will not be created. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >