[Samba] Changing default UID/GID beginning for AD
mathias dufresne
infractory at gmail.com
Tue Jun 14 09:38:40 UTC 2016
2016-06-14 11:18 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 14/06/16 09:50, mathias dufresne wrote:
>
>>
>>
>> 2016-06-13 18:27 GMT+02:00 Rowland penny <rpenny at samba.org <mailto:
>> rpenny at samba.org>>:
>>
>> On 13/06/16 13:13, mathias dufresne wrote:
>>
>> I loved to find out how to achieve that.
>>
>> I did looked for information, all I found was that:
>>
>> https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS
>>
>> Unfortunately it seems to list all users (I don't know these
>> MS commands
>> but "Get-AdUser -Filter"...) then sending that list to
>> something to modify
>> received users list ("Set-AdObject -Replace
>> @{unixhomedirectory='/bin/sh','bin/bash'}" and
>> https://technet.microsoft.com/en-us/library/ee617215.aspx).
>>
>>
>> You could always use ldbmodify on the Samba4 DC and the attribute
>> you need to change for the users login shell is 'loginShell' :-)
>>
>>
>> Yep, MS doc, the dude who wrote that made a mistake, he tried to help at
>> least.
>>
>
> And you passed the mistake on Mathias ! I was trying to help by pointing
> this out and giving a known working way of changing the contents of the
> 'loginShell' attribute.
>
And I knew what I was doing. If strings some reader is not able to notice
that "unixhomedirectory" is more certainly related to UNIX Home Directory
than to login shell, I can't do anything for him.
>
>
>
>>
>> I would have looked into AD schema and configuration DIT (or
>> naming
>> context?) but first I did a grep on Samba's source tree
>> looking for
>> "/bin/sh" string but that strnig seems to be used for running
>> commands and
>> shebangs only, I could easily have missed something anyway.
>>
>>
>> Try reading
>>
>> /usr/local/samba/share/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
>> Note: the path to your copy may vary.
>>
>>
>> I thought schemas were descriptions of attributes and classes, not places
>> to set values. As I could be wrong, I used grep to read that file:
>> cat `locate MS-AD_Schema_2K8_R2_Attributes.txt` | grep sh -w -> no
>> answer, "sh" (as word) is not present in that file.
>> There is still a chance it is written in configuration DIT but as the
>> same grep was done during the week-end on the whole Samba 4.4.4 source tree
>> without findind more relevant traces of "sh" word, I'm now suspecting the
>> client is the one managing that.
>>
>
> So you think you will find the content of something that is set on windows
> in the Samba source code ?
No. I tried to find out if it was set from client side or from server side.
> Windows ADUC default content for the 'loginShell' attribute is '/bin/sh'.
How do you know that for sure? Have you a lilnk to pass to us? Anything to
share your knowledge?
> The Samba default content for the 'loginShell' attribute is ' ' ,
Reading that I would understand there is some code to have some default.
> yes that's right, there isn't one!
>
And that the default value is an empty string.
Did you really meant that? In any case, what make you affirm that? Again,
some link to help us ? To share your knowledge with us?
> You are also correct, 'sh' isn't in the the list of Attributes, because it
> is the content of an attribute, not an attribute.
Useless and obvious, as usual.
> The file I pointed you to, is a list of all the attributes you can use on
> a Samba 4 AD DC, there is a similar file that contains all the
> objectclasses.
>
Useless and obvious, as usual.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list