samba-tool
Stéphane PURNELLE
stephane.purnelle at corman.be
Fri Oct 4 03:28:24 MDT 2013
> I know how to script round this using samba-tool, but I feel that
> when creating a unix user, samba-tool should work in just the same
> way as ADUC.
samba-tool not create a unix user, it create a samba (windows) user and
add unix information if admin want-it.
And I don't want to have uidNumber and gidNumber automatically, I want to
manage uidNumber my-self (by script).
Why activate msSFU30xxxx or nis ?
I don't need this, just need to have getent passwd and getent group work.
Just want to have my posix ACL on my XFS File-system work in same way that
samba3 does
I don't want to have to configure ADUC, just use this in basic
configuration.
regards
Stéphane
-----------------------------------
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
Rowland Penny <repenny241155 at gmail.com> wrote on 04/10/2013 11:11:07:
> De : Rowland Penny <repenny241155 at gmail.com>
> A : Stéphane PURNELLE <stephane.purnelle at corman.be>,
> Cc : Jelmer Vernooij <jelmer at samba.org>, Lukasz Zalewski
> <lukas at eecs.qmul.ac.uk>, samba-technical
<samba-technical at lists.samba.org>
> Date : 04/10/2013 11:12
> Objet : Re: samba-tool
>
> On 04/10/13 09:47, Stéphane PURNELLE wrote:
> 1) You says : " if you use samba-tool,
> > you have to supply the uidNumber, ADUC also adds the following
attributes:
> > uid, msSFU30Name, msSFU30NisDomain, uidNumber, gidNumber,
> > unixHomeDirectory, loginShell, unixUserPassword"
>
> But is not correct, if you use samba-tool, you CAN supply some
> supplemental information like :
> uidNumber, gidNumber, unixHomeDirectory, loginShell, ...
>
> if you do:
> $ samba-tool user create rowland
> Samba will do same thing that ADUC.
>
> All parameter in samba-tool are optional.
>
> 2) Let administrator to have possibility to manage uidNumber and
> gidNumber outside AD part.
> My story is a upgrade from samba3
> My samba3 config is samba + ldap.
> I use samba-ldap-tools for adding user and group.
>
> All user and group xidNumber is supplyed by config in ldap tree and
> actullay start from 1000 -> xxxx
> samba4 start at 3000000, I don't know why... I cannot change this.
>
> My solution : create counter file for uidNumber and gidNumber and I
> supply xidNumber when I create a user or a group by samba-tool.
> And I will not use ADUC for creation (just for manage member of group).
>
> 3) The only thing that I can suggest to samba team is adding some
> parameters ("add user script and add group scrit) to smb.conf
> And if user or group is created by ADUC, samba call theses scripts
> for adding data on user or group like posixAccount and posixGroup or
> other think.
>
> And add some function to samba-tool for permit to set data for user or
group
> Example: $ samba-tool user setParameter stephane --uidNumber=8963
>
>
>
>
>
>
>
> -----------------------------------
> Stéphane PURNELLE Admin. Systèmes et Réseaux
> Service Informatique Corman S.A. Tel : 00 32
(0)87/342467
>
> samba-technical-bounces at lists.samba.org wrote on 03/10/2013 21:59:29:
>
> > De : Rowland Penny <repenny241155 at gmail.com>
> > A : Lukasz Zalewski <lukas at eecs.qmul.ac.uk>,
> > Cc : Jelmer Vernooij <jelmer at samba.org>, samba-technical <samba-
> > technical at lists.samba.org>
> > Date : 03/10/2013 21:59
> > Objet : Re: samba-tool
> > Envoyé par : samba-technical-bounces at lists.samba.org
> >
> > On 03/10/13 20:36, Lukasz Zalewski wrote:
> > > On 03/10/2013 18:15, Rowland Penny wrote:
> > >> On 03/10/13 18:05, Jelmer Vernooij wrote:
> > >>> On Thu, Oct 03, 2013 at 04:04:25PM +0100, Rowland Penny wrote:
> > >>>> just a quick question, if samba-tool does something differently
to
> > >>>> the way that windows works, would this be regarded as a bug?
> > >>> Different in what way, can you give a specific example? There is
no
> > >>> command-line tool on Windows called 'samba-tool', and
> > >>> we long seem to have given up on trying to make it match
> > >>> the behaviour of the 'net' tool on Windows.
> > >>>
> > >>> Cheers,
> > >>>
> > >>> Jelmer
> > >> Hi Jelmer, If you create a user in ADUC and add the Unix
attributes,
> > >> this is done totally differently to the way that samba-tool does
it. For
> > >> instance, '--uid-number' requires that you give a 'uidNumber' but
ADUC
> > >> (provided AD is setup correctly) supplies it automatically,
samba-tool
> > >> also doesn't add all the attributes that ADUC does.
> > >>
> > >> Rowland
> > >
> > > Hi Rowland,
> > > Indeed only portion of the attributes are configurable via
samba-tool.
> > > Are there particular attributes you are interested in?
> > >
> > > L
> > Hi, what I am trying to get across is, for adding a unix user,
> > samba-tool does not work in the same way as ADUC does.
> >
> > If you have the attribute 'msSFU30MaxUidNumber' in
> >
>
'CN=example,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=example,DC=com'
> > then ADUC will get the uidNumber automatically, if you use samba-tool,
> > you have to supply the uidNumber, ADUC also adds the following
attributes:
> > uid, msSFU30Name, msSFU30NisDomain, uidNumber, gidNumber,
> > unixHomeDirectory, loginShell, unixUserPassword
> >
> > I know that I can do what ADUC does with a bash script and ldif's, but
I
> > do not know anything about python to alter samba-tool, but I do
believe
> > that samba-tool should, when it comes to creating a unix user, work
the
> > same as ADUC
> >
> > Rowland
> Hi Stephane, have you tried creating a user in ADUC and adding unix
> attributes? if, as I said, you add 'msSFU30MaxUidNumber' windows
> will get the uidNumber automatically.
>
> I know how to script round this using samba-tool, but I feel that
> when creating a unix user, samba-tool should work in just the same
> way as ADUC.
>
> This is a user created by ADUC:
>
> dn: CN=Test User,CN=Users,DC=example,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Test User
> sn: User
> givenName: Test
> instanceType: 4
> whenCreated: 20131003143825.0Z
> displayName: Test User
> uSNCreated: 3899
> name: Test User
> objectGUID:: hWsXjePINUupa6KtGBtMsQ==
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAA5aGURJHhLId0AF+HVwQAAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: testuser1
> sAMAccountType: 805306368
> userPrincipalName: testuser1 at example.com
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
> pwdLastSet: 130252847060000000
> userAccountControl: 512
> msSFU30NisDomain: example
> uidNumber: 10002
> loginShell: /bin/sh
> unixexampleDirectory: /example/testuser1
> gidNumber: 20513
> msSFU30Name: testuser1
> unixUserPassword: ABCD!efgh12345$67890
> uid: testuser1
> whenChanged: 20131003143924.0Z
> uSNChanged: 3904
> distinguishedName: CN=Test User,CN=Users,DC=example,DC=com
>
> All I had to enter was the user name and password etc and then when
> I moved to the Unix tab, I selected the nisdomain and everything but
> the gid was entered automatically.
>
> samba-tool creates the users SID automatically but not the uidNumber.
>
> Rowland
More information about the samba-technical
mailing list