samba-tool

Stéphane PURNELLE stephane.purnelle at corman.be
Fri Oct 4 03:28:24 MDT 2013 

> I know how to script round this using samba-tool, but I feel that 
> when creating a unix user, samba-tool should work in just the same 
> way as ADUC.

samba-tool not create a unix user, it create a samba (windows) user and 
add unix information if admin want-it.

And I don't want to have uidNumber and gidNumber automatically, I want to 
manage uidNumber my-self (by script).

Why activate msSFU30xxxx or nis ?
I don't need this, just need to have getent passwd and getent group work.
Just want to have my posix ACL on my XFS File-system work in same way that 
samba3 does

I don't want to have to configure ADUC, just use this in basic 
configuration.

regards

        Stéphane

-----------------------------------
Stéphane PURNELLE                         Admin. Systèmes et Réseaux 
Service Informatique       Corman S.A.           Tel : 00 32 (0)87/342467

Rowland Penny <repenny241155 at gmail.com> wrote on 04/10/2013 11:11:07:

> De : Rowland Penny <repenny241155 at gmail.com>
> A : Stéphane PURNELLE <stephane.purnelle at corman.be>, 
> Cc : Jelmer Vernooij <jelmer at samba.org>, Lukasz Zalewski 
> <lukas at eecs.qmul.ac.uk>, samba-technical 
<samba-technical at lists.samba.org>
> Date : 04/10/2013 11:12
> Objet : Re: samba-tool
> 
> On 04/10/13 09:47, Stéphane PURNELLE wrote:
> 1) You says : " if you use samba-tool, 
> > you have to supply the uidNumber, ADUC also adds the following 
attributes:
> > uid, msSFU30Name, msSFU30NisDomain, uidNumber, gidNumber, 
> > unixHomeDirectory, loginShell, unixUserPassword" 
> 
> But is not correct, if you use samba-tool, you CAN supply some 
> supplemental information like : 
> uidNumber, gidNumber, unixHomeDirectory, loginShell, ... 
> 
> if you do: 
> $ samba-tool user create rowland 
> Samba will do same thing that ADUC. 
> 
> All  parameter in samba-tool are optional. 
> 
> 2) Let administrator to have possibility to manage uidNumber and 
> gidNumber outside AD part. 
> My story is a upgrade from samba3 
> My samba3 config is samba + ldap. 
> I use samba-ldap-tools for adding user and group. 
> 
> All user and group xidNumber is supplyed by config in ldap tree and 
> actullay start from 1000 -> xxxx 
> samba4 start at 3000000, I don't know why... I cannot change this. 
> 
> My solution : create counter file for uidNumber and gidNumber and I 
> supply xidNumber when I create a user or a group by samba-tool. 
> And I will not use ADUC for creation (just for manage member of group). 
> 
> 3) The only thing that I can suggest to samba team is adding some 
> parameters ("add user script and add group scrit) to smb.conf 
> And if user or group is created by ADUC, samba call theses scripts 
> for adding data on user or group like posixAccount and posixGroup or
> other think. 
> 
> And add some function to samba-tool for permit to set data for user or 
group 
> Example: $ samba-tool user setParameter stephane --uidNumber=8963 
> 
> 
> 
> 
> 
> 
> 
> -----------------------------------
> Stéphane PURNELLE                         Admin. Systèmes et Réseaux 
> Service Informatique       Corman S.A.           Tel : 00 32 
(0)87/342467 
> 
> samba-technical-bounces at lists.samba.org wrote on 03/10/2013 21:59:29:
> 
> > De : Rowland Penny <repenny241155 at gmail.com> 
> > A : Lukasz Zalewski <lukas at eecs.qmul.ac.uk>, 
> > Cc : Jelmer Vernooij <jelmer at samba.org>, samba-technical <samba-
> > technical at lists.samba.org> 
> > Date : 03/10/2013 21:59 
> > Objet : Re: samba-tool 
> > Envoyé par : samba-technical-bounces at lists.samba.org 
> > 
> > On 03/10/13 20:36, Lukasz Zalewski wrote:
> > > On 03/10/2013 18:15, Rowland Penny wrote:
> > >> On 03/10/13 18:05, Jelmer Vernooij wrote:
> > >>> On Thu, Oct 03, 2013 at 04:04:25PM +0100, Rowland Penny wrote:
> > >>>> just a quick question, if samba-tool does something differently 
to
> > >>>> the way that windows works, would this be regarded as a bug?
> > >>> Different in what way, can you give a specific example? There is 
no
> > >>> command-line tool on Windows called 'samba-tool', and
> > >>> we long seem to have given up on trying to make it match
> > >>> the behaviour of the 'net' tool on Windows.
> > >>>
> > >>> Cheers,
> > >>>
> > >>> Jelmer
> > >> Hi Jelmer, If you create a user in ADUC and add the Unix 
attributes,
> > >> this is done totally differently to the way that samba-tool does 
it. For
> > >> instance,  '--uid-number' requires that you give a 'uidNumber' but 
ADUC
> > >> (provided AD is setup correctly) supplies it automatically, 
samba-tool
> > >> also doesn't add all the attributes that ADUC does.
> > >>
> > >> Rowland
> > >
> > > Hi Rowland,
> > > Indeed only portion of the attributes are configurable via 
samba-tool.
> > > Are there particular attributes you are interested in?
> > >
> > > L
> > Hi, what I am trying to get across is, for adding a unix user, 
> > samba-tool does not work in the same way as ADUC does.
> > 
> > If you have the attribute 'msSFU30MaxUidNumber' in 
> > 
> 
'CN=example,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=example,DC=com'
> > then ADUC will get the uidNumber automatically, if you use samba-tool, 

> > you have to supply the uidNumber, ADUC also adds the following 
attributes:
> > uid, msSFU30Name, msSFU30NisDomain, uidNumber, gidNumber, 
> > unixHomeDirectory, loginShell, unixUserPassword
> > 
> > I know that I can do what ADUC does with a bash script and ldif's, but 
I 
> > do not know anything about python to alter samba-tool, but I do 
believe 
> > that samba-tool should, when it comes to creating a unix user, work 
the 
> > same as ADUC
> > 
> > Rowland
> Hi Stephane, have you tried creating a user in ADUC and adding unix 
> attributes? if, as I said, you add 'msSFU30MaxUidNumber' windows 
> will get the uidNumber automatically.
> 
> I know how to script round this using samba-tool, but I feel that 
> when creating a unix user, samba-tool should work in just the same 
> way as ADUC.
> 
> This is a user created by ADUC:
> 
> dn: CN=Test User,CN=Users,DC=example,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Test User
> sn: User
> givenName: Test
> instanceType: 4
> whenCreated: 20131003143825.0Z
> displayName: Test User
> uSNCreated: 3899
> name: Test User
> objectGUID:: hWsXjePINUupa6KtGBtMsQ==
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAA5aGURJHhLId0AF+HVwQAAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: testuser1
> sAMAccountType: 805306368
> userPrincipalName: testuser1 at example.com
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
> pwdLastSet: 130252847060000000
> userAccountControl: 512
> msSFU30NisDomain: example
> uidNumber: 10002
> loginShell: /bin/sh
> unixexampleDirectory: /example/testuser1
> gidNumber: 20513
> msSFU30Name: testuser1
> unixUserPassword: ABCD!efgh12345$67890
> uid: testuser1
> whenChanged: 20131003143924.0Z
> uSNChanged: 3904
> distinguishedName: CN=Test User,CN=Users,DC=example,DC=com
> 
> All I had to enter was the user name and password etc and then when 
> I moved to the Unix tab, I selected the nisdomain and everything but
> the gid was entered automatically.
> 
> samba-tool creates the users SID automatically but not the uidNumber.
> 
> Rowland

More information about the samba-technical mailing list