similar to: idamp ad/rid

Thanks Rowland for the quick answer!! :) If you are going to use more > than one Unix domain member as a fileserver, then you will probably be > better off using the winbind ad backend, this way you can ensure your > users and groups have the same ID everywhere. Maybe in the near future I'll set up a new fileserver. That way, I believe that ad as a backend is the best choice. I

Rowland, I found something related that you were doing. "[PATCH] samba-tool: Easily edit a users object in AD" Did you finish the script? On Fri, Dec 1, 2017 at 3:24 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 1 Dec 2017 15:00:39 -0200 > Elias Pereira <empbilly at gmail.com> wrote: > > > Thanks Rowland for the quick answer!! :)

Found it! :) I thought in make a script more or less that way. #!/bin/bash # GROUP=ADM GUID=10000 # Domain Users UID=10000 # get the next ID ? for USER in $(samba-tool group listmembers $GROUP) do samba-tool user edit $USER -H ldap://samdom.example.com \ -U administrato --nis-domain=samdom \ --unix-home=/home/$USER \ --uid-number=${NEXTID} \

Can you share with me? :) On Fri, Dec 1, 2017 at 4:43 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 1 Dec 2017 16:27:11 -0200 > Elias Pereira <empbilly at gmail.com> wrote: > > > Rowland, > > > > I found something related that you were doing. > > > > "[PATCH] samba-tool: Easily edit a users object in AD" >

On Sat, 2 Dec 2017 10:21:07 -0200 Elias Pereira <empbilly at gmail.com> wrote: > Correcting! :) > > #!/bin/bash > # > GROUP=ADM > GUID=10000 # Domain Users > UID=10000 # get the next ID ? > > for USER in $(samba-tool group listmembers $GROUP) > do > samba-tool user edit $USER --nis-domain=samdom \ > --unix-home=/home/$USER \ >

Rowland, AD: 4.5.8 Fileserver: 4.6.3 root at fileserver:~# samba -Version Version 4.6.3-Debian root at fileserver:~# net rpc rights list privileges SeDiskOperatorPrivilege -U "ADDC\administrator" Enter ADDC\administrator's password: SeDiskOperatorPrivilege: ADDC\Domain Admins BUILTIN\Administrators chown root:Domain\ Admins /mnt/dados >>>> ok chmod 0770

On Sat, 2 Dec 2017 12:13:08 -0200 Elias Pereira via samba <samba at lists.samba.org> wrote: > > > > Sorry, but that isn't going to work with 'samba-tool user edit' > > You would need to write an 'editor' script to do what you would > > need to do. > > > Ok. > > Bit busy, just now, give me some time, I have a script somewhere that

> > Simple answer: > Administrator, No > Domain Admins, Yes Ok. It was already that way. root at fileserver:/etc/samba# getent group ... domain admins:x:10004: domain users:x:10000: dap:x:10003: dti:x:10001: For some reason with the administrator user is not working, I put my user as domain admin and include him as a member of unix and now I can access the security tab.

> > Who are logged into the win7 machine as, Administrator or a member of > Domain Admins ? As administrator. I take it /mnt/dados is a mount from somewhere else, how is it mounted > and where from ? For now it is mounted on the folder /mnt/dados in the same HD of the fileserver. Later I'll add another HD with more space. root at fileserver:~# cd /mnt/dados/ root at

root at fileserver:~# getfacl /home/dados/ getfacl: Removing leading '/' from absolute path names # file: home/dados/ # owner: root # group: domain\040admins user::rwx group::rwx other::--- Still with the same problem. No security tab on windows machine. :( The "Administrator" and "Domain Admins" also need to have an unix attribute? On Tue, May 30, 2017 at 4:08 PM,

> > Yes, you have got it wrong ;-) :( If you do not want to add anything to AD, then you use the 'rid' > backend and 'ID' numbers will be calculated for you. You will also have > to place 'template' shell & homedir lines in smb.conf > If you want/need some of your users to have different login shells or > home directories, you will need to use the

Hi Elias, > I thought it worked, but after I uninstalled the software that I deployed > via user scope, it did not reinstall. I selected the "Redeploy application" > option, but it also did not work. The user scope GPO are run with the privileges and access tokens of the logged on user, so the user have local admin rights for install and need access rights to the share you

> > And I would just put 'forwarders { 172.16.1.10; };' in 'options' > I already have this entry, but for reverse lookup it does not work. Eg: dig suporte.domain.intra +short 172.16.1.15 dig -x 172.16.1.15 +short shows nothing On Mon, Mar 19, 2018 at 1:59 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Mon, 19 Mar 2018 13:51:00 -0300 >

Correcting! :) #!/bin/bash # GROUP=ADM GUID=10000 # Domain Users UID=10000 # get the next ID ? for USER in $(samba-tool group listmembers $GROUP) do samba-tool user edit $USER --nis-domain=samdom \ --unix-home=/home/$USER \ --uid-number=${NEXTID} \ --login-shell=/sbin/nologin \ --gid-number=$GUID done Of course that script is very simple, but is a beginning. :)

> > Sorry, but that isn't going to work with 'samba-tool user edit' > You would need to write an 'editor' script to do what you would need to > do. Ok. Bit busy, just now, give me some time, I have a script somewhere that > should do what you want. Of course Rowland. Work on what you're working on. I do not want to disturb you. :) I'll give a

Hey Luke, thanks for the help!!! It's working now!!! God bless you and your family!! :D Remember that GPOs need to run as the context of either the computer or the > user. Computers typically do not have access to many folders on a file > server, even as "Everyone". That is why the NETLOGON folder works. > > If you're deploying as a USER configuration, then it

hi, I created a lab to test adding the eduPerson schema. I took the schema from the link below and followed the wiki to add the schema. hxxps:// github.com/REFEDS/eduperson/blob/master/schema/activedirectory/eduPerson.adschema.ldf I split the ldif into 3 parts. attrs.ldif classes.ldif auxiliaryClass.ldif At first there was no error when adding the ldifs with the commands given in the wiki. To

Which GPO? Computer or User Configuration? Remember that GPOs need to run as the context of either the computer or the user. Computers typically do not have access to many folders on a file server, even as "Everyone". That is why the NETLOGON folder works. If you're deploying as a USER configuration, then it should run as the context of the user, meaning the Everyone permission

> > If you run getent passwd administrator on a DC, you should get > something like this: > root at dc1:~# getent passwd administrator > SAMDOM\administrator:*:0:10000::/home/administrator:/bin/bash On my DC getent passwd administrator show nothing. :( Is it necessary to map the root user to ADDC as well? There is however a gotcha, on any domain > joined windows machine there

Hello list, I tried to set up a folder on our fileserver domain member, so I can deploy software for users' machines, but is not working. If I put the software inside "netlogon" it installs correctly. \\172.16.1.7\storage\programs Auth Users - read & execute, list folder contents, read and write Do I need other permissions? -- Elias Pereira