similar to: SambaPosix tool

Greg, > Unfortunately, these attributes do not exist as standard, so you would > either have to add a user with ADUC or manually add them yourselves with > ldbedit. As standard on windows, they both start at '10000', though you > can set them to whatever you require, just make sure that they do not > interfere with any local Unix users. If you like to manage Unix users

El 09/04/15 a les 14:57, Andrey Repin ha escrit: >> Using the RFC2307 attributes, you will get the same ID number on every >> Unix machine, whereas if you use the 'rid' backend, whilst you should >> get the same ID on each Unix machine, you will never get the same ID on >> an AD DC, in fact without intervention, you will get a different ID on >> different

El 09/04/15 a les 16:20, Rowland Penny ha escrit: > On 09/04/15 14:58, Luca Olivetti wrote: >> El 09/04/15 a les 14:57, Andrey Repin ha escrit: >>>> Using the RFC2307 attributes, you will get the same ID number on every >>>> Unix machine, whereas if you use the 'rid' backend, whilst you should >>>> get the same ID on each Unix machine, you will

Greetings, Rowland Penny! >>>>> Ok, good. >>>>> Now, how can I get RFC2307 attributes populated automatically upon >>>>> users or >>>>> groups creation? >>>> You can't :-( >>>> I'm experimenting with >>>> https://github.com/laotse/SambaPosix >>>> but it's quite buggy (at least

On Mon, Dec 1, 2014 at 2:05 AM, Lars Hanke <debian at lhanke.de> wrote: > > If you like to manage Unix users from the Unix side and ldbedit seems too > awkward, you might try my Python script: https://github.com/laotse/ > SambaPosix > > I appreciate comments, experiences, and contributions to make it a useful > tool. > Thanks Lars. I'm working on building a

Rowland, How are you selecting you UID to store in the AD uidNumber attribute? I initially thought UID could be pulled from the last set of digits from SID, ut this does not appear to be what others are doing :( What are you using determine the UID number??? Thanks

On 09/04/15 16:22, Andrey Repin wrote: > Greetings, Rowland Penny! > >>>>>> Ok, good. >>>>>> Now, how can I get RFC2307 attributes populated automatically upon >>>>>> users or >>>>>> groups creation? >>>>> You can't :-( >>>>> I'm experimenting with >>>>>

Hi, I'm going to migrate my old CUPS server to a new setup. It shall provide the printing backend for Samba4 and should integrate as seamless as possible. Both Windows and Linux users should not require additional passwords, but should be authenticated by their Kerberos tickets. Is there anything particular to consider? E.g. has the CUPS server to be joined to the AD and should it run a

I run a Samba4 AD and joined a Synology NAS running Samba 3.6.9. I can access the shares using smbclient or mount -t cifs from all Linux machines (usually running Samba 3.6.6 clients). I can mount the shares from WinXP home and Win7 home. However, with a Win7 Ultimate machine joined to the AD most of the time it doesn't work. I can logon to the machine with my AD credentials, but I am

On 09/04/15 15:32, Luca Olivetti wrote: > El 09/04/15 a les 16:20, Rowland Penny ha escrit: >> On 09/04/15 14:58, Luca Olivetti wrote: >>> El 09/04/15 a les 14:57, Andrey Repin ha escrit: >>>>> Using the RFC2307 attributes, you will get the same ID number on every >>>>> Unix machine, whereas if you use the 'rid' backend, whilst you should

I created a demo share on my AD DC. After obtaining a copy of Win7 Ultimate I could now verify that the share has all rights granted to anyone (don't know how Windoze call "Jeder" in English). I can read and write the Share using AD\Administrator. AD\StandardUser can mount the share and read, what the Administrator put there. But he cannot create or modify files.

Hi, I would like to provision a huge number of users to a Samba AD/DC and I would like to have the unix attributes set too. I don't want to use the RSAT GUI and manually set each. Is there any tool or script I can use to get that? I have identified some attributes in the AD that are added when I set unix attributes with RSAT GUI. However there must be more changes... These are the

Is it a bug or a feature? While --gid maps to the gidNumber OID of posixAccount, --uid maps to uid, which is supposed to contain the textual user name. The numerical uid should be in uidNumber, but there doesn't seem to be an option to set this. Of course the aim is to migrate an existing OpenLDAP, Kerberos, Samba3 infrastructure to Samba4 AD. Thanks for your help, - lars.

Well, seems like I hit every mudhole that could be on the way ... root at samba4:/# getent passwd | grep mgr mgr:*:10000:10000:Lars LH. Hanke:/home/AD/mgr:/bin/bash root at samba4:/# ldapsearch -LLL -D "CN=Administrator,CN=Users,DC=ad,DC=microsult,DC=de" -x -W '(uid=mgr)' uid uidNumber gidNumber sAMAccountName name gecos Enter LDAP Password: dn: CN=Lars LH.

It is actually rather easy to set the attributes via powershell, and that is probably the best way to add them in a Server 2012 R2 environment. I wrote a powershell script to do this automatically for users and groups in an entire domain that should be pretty generic to be reused. It also mirrors the logic used in automatic winbind UID/GID generation to be able to coexist in an environment where

I set-up a basic AD DC using samba 4.1.9 successfully. I joined my NAS to the domain, i.e. I saw no errors and see the users and groups of my AD listed in the GUI of the NAS. When I try to connect to a share of the NAS the following happens: mgr at ws1:~$ smbclient -U 'AD\mgr' //nas/Test Enter AD\mgr's password: Domain=[AD] OS=[Unix] Server=[Samba 3.6.9] tree connect failed:

This topic has been on the list two years ago, already, but apparently to no conclusion. I'm trying to join a Debian Wheezy machine (Samba 3.6.6) to my freshly made backports AD (Samba 4.1.7). This is what I see: root at samba4:/# net ads join -U Administrator at AD.MICROSULT.DE Enter Administrator at AD.MICROSULT.DE's password: Using short domain name -- AD Joined 'SAMBA4' to

Ok, it's here: http://pastebin.com/JEnr5wUq The id_offset is that value because i initially didn't use rfc2307 attributes, but instead On 29 January 2015 at 23:27, Tim <lists at kiuni.de> wrote: > @Hans-Kristian: > I'd like to see it. How did you automate this? > > @Andrew: > In another thread I suggested to set the rfc2307 info automatically when a > domain

Greetings, Rowland Penny! > On 10/04/15 08:54, Luca Olivetti wrote: >> El 09/04/15 a les 18:31, Rowland Penny ha escrit: >> >>> If your tools rely on the posix objectclasses being there, then they are >>> broken. The posix objectclasses are auxiliaries of other AD >>> objectclasses and as such, no windows tools will add them. >> but, e.g.,

Hi Marc, >> The cause is that the password change didn' reach both AD DCs, but only >> one. The other one still had the old value as could be seen by >> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of >> seconds brings them back to sync and Windows logons work as they used to. >> Any idea, what I should do next time to obtain valuable output