s4 managing posixAccount and posixGroup with samba-tool?
Rowland Penny
repenny at f2s.com
Mon Nov 26 08:04:50 MST 2012
On 26/11/12 14:39, David Mansfield wrote:
> Hi all:
>
> Is it possible to add a user using samba-tool with an existing
> uidNumber and other posixAccount attributes and to add a group with a
> gidNumber? Or after adding with samba-tool, is there a utility other
> than ldbmodify to manage the attributes?
>
> I see a long discussion in bug#8635
> (https://bugzilla.samba.org/show_bug.cgi?id=8635) where "steve" has
> posted some homegrown scripts s4user and s4group which are the only
> way I can find where these attributes are being set.
>
> May there's an option other than the ones that are given in --help for
> samba-tool?
>
> In any case, is there a "best practice" for managing unix users using
> s4? I need the UID/GID to be stable across my enterprise, so I'm
> planning on using idmap_ad on the winbind clients, I assume this will
> work once I get the uidNumber and gidNumber properly set in s4...
>
There is another way, forget Unix UID & GID's, use 'idmap config
HOME:backend = rid' in smb.conf and get reliable unique UIDs and GIDs
based on the RID part of Windows SID's. You also get getent to see all
domain users and groups, i.e. you do not need special unix groups & users.
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba-technical
mailing list