s4 managing posixAccount and posixGroup with samba-tool?

David Mansfield samba at dm.cobite.com
Mon Nov 26 15:08:10 MST 2012

On 11/26/2012 04:59 PM, Rowland Penny wrote:
> On 26/11/12 21:01, Bernd Markgraf wrote:
>>> How about exporting all the users somehow, then writing a script to
>>> create them as new users in a S4 domain?
>>> OK, they all get new UID's through RID but this shouldn't be a problem
>>> really and once completed all your user details will be in one place,
>>> your S4 AD.
>> That ignores the fact that there may be one or more other services
>> involved that rely on already existing UID numbers. NFS being a nice
>> example.
>> Recreating the users may seem like a nice idea in order to have all user
>> info in one place. Chown'ing millions of files (I would currently have
>> about 40 million files on 3 nfs servers with about 1000 different uids,
>> ~250 currently being active) to get the mapping to new UIDS right is
>> just not that much fun. I think it was/is a better idea to manually
>> assign posix UID/GID numbers to new users in such cases.
>> just my .02¢
>>     Bernd
> Ok, for your installation it wouldn't be feasible, but the OP states
> that he only has approx 100 unix users, with only  about 25 of them
> connected to a samba DC. It may be possible to add the other 75 users to
> the DC and then perform a classicupgrade to S4, but then it may be
> quicker to start anew. I think that the OP needs to tell us just what he
> needs the finished setup to be and if Windows is involved in any way.
I want to authenticate all users, unix and windows to a replicated s4 
environment.  Unix users should keep existing UID/GID.  Windows users 
should keep existing SID.  User-private groups are also in play here, 
which will be my next headache assuming this migraine can be tamed.

Currently unix users are authenticating largely using local passwords 
which get set on as needed basis (most machines use ssh-key 
authentication so no password is necessary), however the haystack of 
passwords is growing and s4 looks like a slick way to eliminate that.


More information about the samba-technical mailing list