samba-tool

[Stéphane PURNELLE]

1) You says : " if you use samba-tool, 
> you have to supply the uidNumber, ADUC also adds the following 
attributes:
> uid, msSFU30Name, msSFU30NisDomain, uidNumber, gidNumber, 
> unixHomeDirectory, loginShell, unixUserPassword"

But is not correct, if you use samba-tool, you CAN supply some 
supplemental information like : 
uidNumber, gidNumber, unixHomeDirectory, loginShell, ...

if you do:
$ samba-tool user create rowland
Samba will do same thing that ADUC.

All  parameter in samba-tool are optional.

2) Let administrator to have possibility to manage uidNumber and gidNumber 
outside AD part.
My story is a upgrade from samba3
My samba3 config is samba + ldap.
I use samba-ldap-tools for adding user and group.

All user and group xidNumber is supplyed by config in ldap tree and 
actullay start from 1000 -> xxxx
samba4 start at 3000000, I don't know why... I cannot change this.

My solution : create counter file for uidNumber and gidNumber and I supply 
xidNumber when I create a user or a group by samba-tool.
And I will not use ADUC for creation (just for manage member of group).

3) The only thing that I can suggest to samba team is adding some 
parameters ("add user script and add group scrit) to smb.conf
And if user or group is created by ADUC, samba call theses scripts for 
adding data on user or group like posixAccount and posixGroup or other 
think.

And add some function to samba-tool for permit to set data for user or 
group
Example: $ samba-tool user setParameter stephane --uidNumber=8963







-----------------------------------
Stéphane PURNELLE                         Admin. Systèmes et Réseaux 
Service Informatique       Corman S.A.           Tel : 00 32 (0)87/342467

samba-technical-bounces at lists.samba.org wrote on 03/10/2013 21:59:29:

> De : Rowland Penny <repenny241155 at gmail.com>
> A : Lukasz Zalewski <lukas at eecs.qmul.ac.uk>, 
> Cc : Jelmer Vernooij <jelmer at samba.org>, samba-technical <samba-
> technical at lists.samba.org>
> Date : 03/10/2013 21:59
> Objet : Re: samba-tool
> Envoyé par : samba-technical-bounces at lists.samba.org
> 
> On 03/10/13 20:36, Lukasz Zalewski wrote:
> > On 03/10/2013 18:15, Rowland Penny wrote:
> >> On 03/10/13 18:05, Jelmer Vernooij wrote:
> >>> On Thu, Oct 03, 2013 at 04:04:25PM +0100, Rowland Penny wrote:
> >>>> just a quick question, if samba-tool does something differently to
> >>>> the way that windows works, would this be regarded as a bug?
> >>> Different in what way, can you give a specific example? There is no
> >>> command-line tool on Windows called 'samba-tool', and
> >>> we long seem to have given up on trying to make it match
> >>> the behaviour of the 'net' tool on Windows.
> >>>
> >>> Cheers,
> >>>
> >>> Jelmer
> >> Hi Jelmer, If you create a user in ADUC and add the Unix attributes,
> >> this is done totally differently to the way that samba-tool does it. 
For
> >> instance,  '--uid-number' requires that you give a 'uidNumber' but 
ADUC
> >> (provided AD is setup correctly) supplies it automatically, 
samba-tool
> >> also doesn't add all the attributes that ADUC does.
> >>
> >> Rowland
> >
> > Hi Rowland,
> > Indeed only portion of the attributes are configurable via samba-tool.
> > Are there particular attributes you are interested in?
> >
> > L
> Hi, what I am trying to get across is, for adding a unix user, 
> samba-tool does not work in the same way as ADUC does.
> 
> If you have the attribute 'msSFU30MaxUidNumber' in 
> 
'CN=example,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=example,DC=com'
> then ADUC will get the uidNumber automatically, if you use samba-tool, 
> you have to supply the uidNumber, ADUC also adds the following 
attributes:
> uid, msSFU30Name, msSFU30NisDomain, uidNumber, gidNumber, 
> unixHomeDirectory, loginShell, unixUserPassword
> 
> I know that I can do what ADUC does with a bash script and ldif's, but I 

> do not know anything about python to alter samba-tool, but I do believe 
> that samba-tool should, when it comes to creating a unix user, work the 
> same as ADUC
> 
> Rowland