s4 managing posixAccount and posixGroup with samba-tool?

Rowland Penny repenny at f2s.com
Tue Nov 27 03:32:54 MST 2012

On 26/11/12 22:08, David Mansfield wrote:
> On 11/26/2012 04:59 PM, Rowland Penny wrote:
>> On 26/11/12 21:01, Bernd Markgraf wrote:
>>>> How about exporting all the users somehow, then writing a script to
>>>> create them as new users in a S4 domain?
>>>> OK, they all get new UID's through RID but this shouldn't be a problem
>>>> really and once completed all your user details will be in one place,
>>>> your S4 AD.
>>> That ignores the fact that there may be one or more other services
>>> involved that rely on already existing UID numbers. NFS being a nice
>>> example.
>>> Recreating the users may seem like a nice idea in order to have all 
>>> user
>>> info in one place. Chown'ing millions of files (I would currently have
>>> about 40 million files on 3 nfs servers with about 1000 different uids,
>>> ~250 currently being active) to get the mapping to new UIDS right is
>>> just not that much fun. I think it was/is a better idea to manually
>>> assign posix UID/GID numbers to new users in such cases.
>>> just my .02¢
>>>     Bernd
>> Ok, for your installation it wouldn't be feasible, but the OP states
>> that he only has approx 100 unix users, with only  about 25 of them
>> connected to a samba DC. It may be possible to add the other 75 users to
>> the DC and then perform a classicupgrade to S4, but then it may be
>> quicker to start anew. I think that the OP needs to tell us just what he
>> needs the finished setup to be and if Windows is involved in any way.
> I want to authenticate all users, unix and windows to a replicated s4 
> environment.  Unix users should keep existing UID/GID.  Windows users 
> should keep existing SID.  User-private groups are also in play here, 
> which will be my next headache assuming this migraine can be tamed.
> Currently unix users are authenticating largely using local passwords 
> which get set on as needed basis (most machines use ssh-key 
> authentication so no password is necessary), however the haystack of 
> passwords is growing and s4 looks like a slick way to eliminate that.
> Thanks,
> David
Hi, as I see it you have a Samba3 DC with approx 25 unix users and 
another 75 approx unix users, you also have an unquantified  number of 
windows users. Is the S3 DC running as a PDC i.e. are any of the other 
machines joined to it in a domain, or is it a workgroup and the DC is 
just a fileserver?

As for the SID, I do not think that you will be able to keep it (someone 
will jump in here and explain if I am wrong, if so TIA) because the SID 
is different for every workgroup & domain.

Is there a Windows Server on the network?


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba-technical mailing list