search for: idamp

Rowland, I found something related that you were doing. "[PATCH] samba-tool: Easily edit a users object in AD" Did you finish the script? On Fri, Dec 1, 2017 at 3:24 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 1 Dec 2017 15:00:39 -0200 > Elias Pereira <empbilly at gmail.com> wrote: > > > Thanks Rowland for the quick answer!! :)

Can you share with me? :) On Fri, Dec 1, 2017 at 4:43 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 1 Dec 2017 16:27:11 -0200 > Elias Pereira <empbilly at gmail.com> wrote: > > > Rowland, > > > > I found something related that you were doing. > > > > "[PATCH] samba-tool: Easily edit a users object in AD" >

Correcting! :) #!/bin/bash # GROUP=ADM GUID=10000 # Domain Users UID=10000 # get the next ID ? for USER in $(samba-tool group listmembers $GROUP) do samba-tool user edit $USER --nis-domain=samdom \ --unix-home=/home/$USER \ --uid-number=${NEXTID} \ --login-shell=/sbin/nologin \ --gid-number=$GUID done Of course that script is very simple, but is a beginning. :)

> > Sorry, but that isn't going to work with 'samba-tool user edit' > You would need to write an 'editor' script to do what you would need to > do. Ok. Bit busy, just now, give me some time, I have a script somewhere that > should do what you want. Of course Rowland. Work on what you're working on. I do not want to disturb you. :) I'll give a

hi, Knowing the 3 idmap backends (ad, rid and autorid) available to configure samba as a domain member, could you give examples of scenarios in which each backend would be more suitable? -- Elias Pereira

Hi, On Fri, Jun 14, 2024 at 4:44?PM Elias Pereira via samba < samba at lists.samba.org> wrote: > hi, > > Knowing the 3 idmap backends (ad, rid and autorid) available to configure > samba as a domain member, could you give examples of scenarios in which > each backend would be more suitable? > > I also wrote some documentation for the ubuntu server guide about this,

Hello friends, My doubts are as follows. In an environment where we have, for example, 1000 users, I believe that rid would be the best choice in a fileserver environment, because we don't need to manually configure via RSAT a unix attribute for each user. Is that more or less the thought, or am I wrong? -- Elias Pereira

On Fri, 14 Jun 2024 17:32:30 -0300 Andreas Hasenack via samba <samba at lists.samba.org> wrote: > Hi, > > On Fri, Jun 14, 2024 at 4:44?PM Elias Pereira via samba < > samba at lists.samba.org> wrote: > > > hi, > > > > Knowing the 3 idmap backends (ad, rid and autorid) available to > > configure samba as a domain member, could you give examples

Found it! :) I thought in make a script more or less that way. #!/bin/bash # GROUP=ADM GUID=10000 # Domain Users UID=10000 # get the next ID ? for USER in $(samba-tool group listmembers $GROUP) do samba-tool user edit $USER -H ldap://samdom.example.com \ -U administrato --nis-domain=samdom \ --unix-home=/home/$USER \ --uid-number=${NEXTID} \

Thanks Rowland for the quick answer!! :) If you are going to use more > than one Unix domain member as a fileserver, then you will probably be > better off using the winbind ad backend, this way you can ensure your > users and groups have the same ID everywhere. Maybe in the near future I'll set up a new fileserver. That way, I believe that ad as a backend is the best choice. I

Thank you all!!!! Great content!!! Speaking of scenarios... What would be the best backend for? Scenario 1: 3 DCs and 1 fileserver 2800 users Scenario 2: 4 DCs and 2 fileserver 2800+ users On Sat, Jun 15, 2024 at 4:49?AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 14 Jun 2024 17:32:30 -0300 > Andreas Hasenack via samba <samba at lists.samba.org>

On Sat, 2 Dec 2017 12:13:08 -0200 Elias Pereira via samba <samba at lists.samba.org> wrote: > > > > Sorry, but that isn't going to work with 'samba-tool user edit' > > You would need to write an 'editor' script to do what you would > > need to do. > > > Ok. > > Bit busy, just now, give me some time, I have a script somewhere that

On Sat, 2 Dec 2017 10:21:07 -0200 Elias Pereira <empbilly at gmail.com> wrote: > Correcting! :) > > #!/bin/bash > # > GROUP=ADM > GUID=10000 # Domain Users > UID=10000 # get the next ID ? > > for USER in $(samba-tool group listmembers $GROUP) > do > samba-tool user edit $USER --nis-domain=samdom \ > --unix-home=/home/$USER \ >

...conf matter at all? > > _Rob > > Hi Rob, You can try to use tdbtool to delete the offending key with uid 2020. https://www.samba.org/samba/docs/man/manpages-3/tdbtool.8.html I'd stop samba make an backup of winbind_idmap.tdb and give it a try. In my case deleting the mappings from idamp.tdb fixed the issue of changing uid's. achim~

...= srvfile reset on zero vc = yes server string = encrypt passwords = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes idmap config *:backend = tdb idmap config *:range = 10000-20000 idmap config DOMAIN:backend = ad idamp config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 0-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind offline logon = false vfs objects = acl...

...Hi Rob, >> >> You can try to use tdbtool to delete the offending key with uid 2020. >> https://www.samba.org/samba/docs/man/manpages-3/tdbtool.8.html >> I'd stop samba make an backup of winbind_idmap.tdb and give it a try. >> In my case deleting the mappings from idamp.tdb fixed the issue of changing >> uid's. >> >> achim~ >> >> > Did the uid change from 2018 to 2020 or is this an different user or member > server? If it changed editing winbindd_idmap.tdb might not fix your problem. It didn't change, it was my cop...

...to 'root'. > > If I run mmc.dsc on the win7 PC and connect to the share, everything > works for me. I actually have the same problem. The Security tab works as expected. Only "Sessions" and "Open Files" do not work. On an DM but work on a DC. This is with the idamp AD backend not rid and Administrator does not have an uid assigned. In the logs I see this: Successful AuthZ: [srvsvc,ncacn_np] user [BRAIN-02]\[Administrator] [S-1-22-1-0] at [Mi, 06 Dez 2017 10:00:22.032080 CET] Remote host [ipv4:x.x.x.x:35170] local host [NULL] Dec 6 10:00:22 lx-sv-03 smbd_a...

...erver string = > encrypt passwords = yes > > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > idmap config *:backend = tdb > idmap config *:range = 10000-20000 > idmap config DOMAIN:backend = ad > idamp config DOMAIN:schema_mode = rfc2307 > idmap config DOMAIN:range = 0-40000 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind offline logo...

...t;> >> > Hi Rob, > > You can try to use tdbtool to delete the offending key with uid 2020. > https://www.samba.org/samba/docs/man/manpages-3/tdbtool.8.html > I'd stop samba make an backup of winbind_idmap.tdb and give it a try. > In my case deleting the mappings from idamp.tdb fixed the issue of > changing uid's. > > achim~ > > Did the uid change from 2018 to 2020 or is this an different user or member server? If it changed editing winbindd_idmap.tdb might not fix your problem.

...n the ldap database. But when I do "su <some ads user>" on the secondary the uid of <some ads user> is stored in the ldap database of the secondary when the uid hasn't been seen before on the primary. When I do "su - <another ads user>" on the primary the idamp is stored in the ldap database of the primary and replicated to the secondary correctly. There are no log messages the indicate a problem or a hint for a solution. I have seen a message on this list concerning the same problem but no answer, so I thought I give you a little more information on th...