samba - Oct 2020 - userou= question

Yes, thank you for the guidance.

Regarding "*You do not put the users password here (if that is what you are
trying to do): --password=PASSWORD1*"

My experience has been this, no matter where I put "--password=" in
the
string, after the "user" as the manpage suggests or the end. When I
run the
create string I am asked for a "New Password:' and then "Retype
Password:".
Which is fine by me, I want a different password for the test users anyway.
Hence, in  testing I just left the --password at the end of the string
because it did not seem to matter, Samba still asked to enter New and
Retype New.

Regarding "*--home-drive=M: (note the ':' at the end)*"
thanks, it makes
sense to add the colon. But, I will comment that on the W10 side the
"M" by
itself is working fine.

Finally regarding the userou=. At this point I have a very simple, *almost
default* ou structure. I have added only a "CompanyName OU" and two
(2)
subOU's of the "CompanyName OU", they are
"DmnMmbrs-folder-redirection" and
"DmnMmbrUsers". Only "DmnMmbrs-folder-redirection" have any
GPO's applied
to it.

I have tried the same order of OU's you suggest (yes, with the single
quotation marks and no spaces in the OU's) and as well have reversed the
order of the OU's. Both sequences failed, as my previous email indicated.
So, yes, as I read the manpage and it should work in the manner you suggest
but, it does not.

What else do you need to know? Log files? (If so, please which ones?)

On Sun, Oct 11, 2020 at 7:26 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 11/10/2020 12:42, Robert Wooden via samba wrote:
> > All is going well with samba-tool create [user] except for
userou=USEROU.
> >
> > How is "userou=" intended to be configured?
>
> Lets start with the other mistakes you have first:
>
> You do not put the users password here (if that is what you are trying
> to do): --password=PASSWORD1
>
> It goes here: samba-tool user create USERNAME PASSWORD
>
> You have: --home-drive=M
>
> It should be: --home-drive=M: (note the ':' at the end)
>
> Now we come to the OU.
>
> You show two variants of your OU: OU=Mmbrs-folder-redirection and
> OU=DmnMmbrs-folder-redirection,OU=CompanyName
>
> If your OU is at
>
'OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=ad,DC=example,DC=com',
> then you should be using something like
> --userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName' or to put
it
> another way, it is the OU's DN with the base DN removed.
>
> The OU path must exist, it will not be created.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 11/10/2020 13:59, Robert Wooden wrote:
> Yes, thank you for the guidance.
>
> Regarding "/You do not put the users password here (if that is what 
> you are trying to do): --password=PASSWORD1/"
>
> My experience has been this, no matter where I put "--password="
in
> the string, after the "user" as the manpage suggests or the end.
When
> I run the create string I am asked for a "New Password:' and then 
> "Retype Password:". Which is fine by me, I want a different
password
> for the test users anyway. Hence, in? testing I just left the 
> --password at the end of the string because it did not seem to matter, 
> Samba still asked to enter New and Retype New.
Lets say you want to create a user called fred, with the password 
'fredspassword', you would do this:

samba-tool user create fred fredspassword

The '--password=' is for authentication when creating the user, not the 
users passwords.
>
> Regarding "/--home-drive=M: (note the ':' at the end)/"
thanks, it
> makes sense to add the colon. But, I will comment that on the W10 side 
> the "M" by itself is working fine.
Without the ':', it has never worked for myself.
>
> Finally regarding the userou=. At this point I have a very simple, 
> _almost default_ ou structure. I have added only a "CompanyName
OU"
> and two (2) subOU's of the "CompanyName OU", they are 
> "DmnMmbrs-folder-redirection" and "DmnMmbrUsers". Only 
> "DmnMmbrs-folder-redirection" have any GPO's applied to it.
>
> I have tried the same order of OU's you suggest (yes, with the single 
> quotation marks and no spaces in the OU's) and as well have reversed 
> the order of the OU's. Both sequences failed, as my previous email 
> indicated. So, yes, as I read the manpage and it should work in the 
> manner you suggest but, it does not.
>
OK, I did this:

samba-tool ou create 'OU=CompanyName'

and got this:

Created ou "OU=CompanyName,DC=samdom,DC=example,DC=com"

Then I did this:

samba-tool ou create 'OU=DmnMmbrs-folder-redirection,OU=CompanyName'

which lead to this:

Created ou 
"OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=samdom,DC=example,DC=com"

I then did this:

samba-tool user create robert P4ssw0rd* --given-name=Robert 
--surname=Wooden
--userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName'

and got this:

User 'robert' created successfully

With this in AD:

dn: CN=Robert 
Wooden,OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Robert Wooden
sn: Wooden
givenName: Robert
instanceType: 4
whenCreated: 20201011131747.0Z
whenChanged: 20201011131747.0Z
displayName: Robert Wooden
uSNCreated: 1497670
name: Robert Wooden
objectGUID: e0ffd79f-786c-4e02-8cfd-90db74101f89
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-1768301897-3342589593-1064908849-5198
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: robert
sAMAccountType: 805306368
userPrincipalName: robert at samdom.example.com
objectCategory: 
CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
pwdLastSet: 132468958672325130
userAccountControl: 512
uSNChanged: 1497672
distinguishedName: CN=Robert 
Wooden,OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=samdom,DC=example,DC=com

So, what are you doing differently ?

Rowland

Okay great.

First I ran:
> root at dc1:~# samba-tool user create seth28 *pas$w0rd*  --given-name=Seth
> --initials=28 --surname=Samba
> --userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName'
--uid-number=19000
> --gid-number=10000
--profile-path=\\\\mbr04.subdom.example.com\\profiles\\seth28
> --home-drive=M:
--home-directory=\\\\mbr04.subdom.example.com\\users\\seth28
> --company="Donelson Trophy" --job-title="Training
Doegee"
> --description="user created by Samba-tool"
--telephone-number=555.555.1295
> ERROR(ldb): Failed to add user 'seth28':  - 0000052D: Constraint
violation
> - check_password_restrictions: the password is too short. *It should be
> equal or longer than 7 characters!*
>
Then I switched to your generic password:
> root at dc1:~# samba-tool user create seth28 *P4ssw0rd** --given-name=Seth
> --initials=28 --surname=Samba
> --userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName'
--uid-number=19000
> --gid-number=10000
--profile-path=\\\\mbr04.subdom.example.com\\profiles\\seth28
> --home-drive=M:
--home-directory=\\\\mbr04.subdom.example.com\\users\\seth28
> --company="Donelson Trophy" --job-title="Training
Doegee"
> --description="user created by Samba-tool"
--telephone-number=555.555.1295
> User 'seth28' created successfully
>
All this time my eight character password (pas$w0rd) was not liked by
Samba. It likes your password though.

As always, you're the best!! THANKS. (Especially thanks for being available
on the weekends.)

On Sun, Oct 11, 2020 at 8:25 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 11/10/2020 13:59, Robert Wooden wrote:
> > Yes, thank you for the guidance.
> >
> > Regarding "/You do not put the users password here (if that is
what
> > you are trying to do): --password=PASSWORD1/"
> >
> > My experience has been this, no matter where I put
"--password=" in
> > the string, after the "user" as the manpage suggests or the
end. When
> > I run the create string I am asked for a "New Password:' and
then
> > "Retype Password:". Which is fine by me, I want a different
password
> > for the test users anyway. Hence, in  testing I just left the
> > --password at the end of the string because it did not seem to matter,
> > Samba still asked to enter New and Retype New.
>
> Lets say you want to create a user called fred, with the password
> 'fredspassword', you would do this:
>
> samba-tool user create fred fredspassword
>
> The '--password=' is for authentication when creating the user, not
the
> users passwords.
>
> >
> > Regarding "/--home-drive=M: (note the ':' at the
end)/" thanks, it
> > makes sense to add the colon. But, I will comment that on the W10 side
> > the "M" by itself is working fine.
> Without the ':', it has never worked for myself.
> >
> > Finally regarding the userou=. At this point I have a very simple,
> > _almost default_ ou structure. I have added only a "CompanyName
OU"
> > and two (2) subOU's of the "CompanyName OU", they are
> > "DmnMmbrs-folder-redirection" and "DmnMmbrUsers".
Only
> > "DmnMmbrs-folder-redirection" have any GPO's applied to
it.
> >
> > I have tried the same order of OU's you suggest (yes, with the
single
> > quotation marks and no spaces in the OU's) and as well have
reversed
> > the order of the OU's. Both sequences failed, as my previous email
> > indicated. So, yes, as I read the manpage and it should work in the
> > manner you suggest but, it does not.
> >
> OK, I did this:
>
> samba-tool ou create 'OU=CompanyName'
>
> and got this:
>
> Created ou "OU=CompanyName,DC=samdom,DC=example,DC=com"
>
> Then I did this:
>
> samba-tool ou create
'OU=DmnMmbrs-folder-redirection,OU=CompanyName'
>
> which lead to this:
>
> Created ou
>
"OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=samdom,DC=example,DC=com"
>
> I then did this:
>
> samba-tool user create robert P4ssw0rd* --given-name=Robert
> --surname=Wooden
--userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName'
>
> and got this:
>
> User 'robert' created successfully
>
> With this in AD:
>
> dn: CN=Robert
>
>
Wooden,OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=samdom,DC=example,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Robert Wooden
> sn: Wooden
> givenName: Robert
> instanceType: 4
> whenCreated: 20201011131747.0Z
> whenChanged: 20201011131747.0Z
> displayName: Robert Wooden
> uSNCreated: 1497670
> name: Robert Wooden
> objectGUID: e0ffd79f-786c-4e02-8cfd-90db74101f89
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-5198
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: robert
> sAMAccountType: 805306368
> userPrincipalName: robert at samdom.example.com
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
> pwdLastSet: 132468958672325130
> userAccountControl: 512
> uSNChanged: 1497672
> distinguishedName: CN=Robert
>
>
Wooden,OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=samdom,DC=example,DC=com
>
> So, what are you doing differently ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>