[Samba] samba member logon.. question.
Rowland Penny
rowlandpenny at googlemail.com
Thu Apr 9 09:36:14 MDT 2015
On 09/04/15 16:22, Andrey Repin wrote:
> Greetings, Rowland Penny!
>
>>>>>> Ok, good.
>>>>>> Now, how can I get RFC2307 attributes populated automatically upon
>>>>>> users or
>>>>>> groups creation?
>>>>> You can't :-(
>>>>> I'm experimenting with
>>>>> https://github.com/laotse/SambaPosix
>>>>> but it's quite buggy (at least regarding the features I'm trying,
>>>>> namely, trying to assign uids the same way as ADUC).
>>>>>
>>>>>
>>>>> Bye
>>>> OH yes you can, well I can :-)
>>> Can you share how?
>>>
>>> Bye
>> You are using python, which to me is a very big snake, so I bash it :-D
>> I just use these two functions in a bash script:
>> # Finds the next useable user uidNumber or group gidNumber
>> # Input : $1
>> # $1 : msSFU30MaxUidNumber or msSFU30MaxGidNumber
>> # Output : the first free uidNumber or gidNumber
>> _findnext () {
>> ATTR="$1"
>> if [ -z "${ATTR}" ]; then
>> error "No Attribute supplied"
>> error "Cannot continue... Exiting."
>> exit 1
>> fi
>> _NEXTID=$(ldbsearch -H ${LDBDB} -b
>> "CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}"
>> -s sub '(objectClass=msSFU30DomainInfo)' ${ATTR} | grep "${ATTR}: " |
>> awk '{print $NF}')
>> if [ -z "$_NEXTID" ] || [ "$_NEXTID" -lt "10000" ]; then
>> _NEXTID="10000"
>> fi
>> }
>> # UPDATE msSFU30MaxUidNumber/msSFU30MaxGidNumber
>> # Input : $1 $2
>> # $1: what to update (msSFU30MaxUidNumber or msSFU30MaxGidNumber)
>> # $2: Next Number
>> #
>> # Output : Nothing
>> _updatemax () {
>> ATTR="$1"
>> IDNUM="$2"
>> if [ -z "${ATTR}" ] || [ -z "${IDNUM}" ]; then
>> error "Incomplete data supplied."
>> error "Cannot continue... Exiting."
>> exit 1
>> fi
>> echo "Updating ${ATTR}"
>> IDLDIF="dn:
>> CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}
>> changetype: modify
>> replace: ${ATTR}
>> ${ATTR}: ${IDNUM}"
>> echo "${IDLDIF}" | ldbmodify -H ${LDBDB}
>> if [ $? != 0 ]; then
>> error "Error updating ${ATTR} in AD."
>> echo "${LDIF}" > /tmp/update.ldif
>> exit 1 # exits here if error
>> fi
>> unset IDLDIF
>> echo "Successfully updated ${ATTR} in AD"
>> }
> That will only work on a domain controller.
Well yes it will only work on a DC because that is where the AD records
are stored, but it can be run from another Linux machine.
> I don't want to touch it at all,
> if I don't need to blow it apart.
Well, seeing as it is only doing what ADUC does, I do not see it blowing
up your AD DC.
> Not to mention, it will not add "objectClass: posixAccount" to the user,
How many times do I have to say this:
DO NOT ADD POSIX OBJECTCLASSES TO AD, THEY ARE NOT REQUIRED. ADUC WILL
NEVER ADD THEM.
> causing all sort of grief in a long run.
WHY ??
Rowland
>
More information about the samba
mailing list