s4 managing posixAccount and posixGroup with samba-tool?
samba at dm.cobite.com
Mon Nov 26 15:04:57 MST 2012
On 11/26/2012 04:01 PM, Bernd Markgraf wrote:
>> How about exporting all the users somehow, then writing a script to
>> create them as new users in a S4 domain?
>> OK, they all get new UID's through RID but this shouldn't be a problem
>> really and once completed all your user details will be in one place,
>> your S4 AD.
> That ignores the fact that there may be one or more other services
> involved that rely on already existing UID numbers. NFS being a nice
> Recreating the users may seem like a nice idea in order to have all user
> info in one place. Chown'ing millions of files (I would currently have
> about 40 million files on 3 nfs servers with about 1000 different uids,
> ~250 currently being active) to get the mapping to new UIDS right is
> just not that much fun. I think it was/is a better idea to manually
> assign posix UID/GID numbers to new users in such cases.
I agree with you 100% and that describes my situation perfectly (not to
mention years of backups of files with specific UID/GID in them).
Problem is, I don't know how to "manually assign posix UID/GID" numbers
using s4. Using samba-tool there is no way (that I can find), using the
windows "Active Directory Users & Computers" console, there is no way
because apparently s4 doesn't implement "Identity Management for Unix"
and so the tabs for managing the UNIX properties don't show up there.
I'm left with some script (called s4user) tucked away in some bug report
around comment#50 by "steve" which uses ldbmodify with some horrible
looking shell scripting to get it working (no offense to "steve"
intended BTW, in fact thanks!). And my question is: is this the
recommended approach or am I missing some useful tool that will let me
get a specific UID/GID mapping applied that will be shared to all
clients using winbind?
samba-tool posixaccount david --gecos "David Mansfield" --loginShell
"/bin/bash" --uidNumber 123 --gidNumber 123 --homeDirectory
Finally, if I were to write such an extension to samba-tool would this
be considered for inclusion BTW, or is the API of samba-tool restricted
to only some set of functions based on compatibility with some foreign
Looks fairly simple (some code is already there in upgrade.py to a
More information about the samba-technical