Modifying POSIX Attributes for samba4 users and groups

Peter Olivia polivia2008 at gmail.com
Fri May 30 10:36:18 MDT 2014 

I followed the "Samba AD DC HOWTO" installation instructions using the
Sernet repo packages for my AD DC systems.  I also followed the "Local user
management and authentication/sssd" instructions to setup my Linux clients.
 This setup depends on the directory to look up UNIX/POSIX attributes for
Linux clients to allow logons.  The issue is that for legacy systems that
don't have AD capable sssd modules, none of the Samba objects are assigned
UNIX attributes by default. So none of the accounts are visible to a legacy
Linux client.  To overcome this problem, you can add UID and GID to an
account at creation time with samba-tool, but there is no modify option
once an object already exists. It is also not reasonable to expect folks to
delete and re-add an account any time they want to make changes.  These
functions would most likely make sense in the samba-tool executable, but
they do not exist in it today.

The Linux Costa Blanca blog (
http://linuxcostablanca.blogspot.com/p/samba-4.html) attempted to address
this situation by creating some scripting tools to allow admins to manage
these needed attributes.  While this solution would allow you to address
the situation, it seemed like there were a lot of scripts and that it was
custom fitted to how they were doing things.

I wanted a more robust and independent tool. I looked into what the Linux
Costa Blanca blog was doing and created an all encompassing script to
perform all the functions that I could find that were necessary to manage
UNIX/POSIX attributes for user and group objects in the directory.

I was wondering how I could best go about sharing the script, getting it
vetted, having folks modify it as needed and getting it added as part of
the standard distribution or samba-tool for others to leverage.

I have attached the s4posixmod.sh script that I put together and a copy of
a /etc/sysconfig/s4posixmod for overriding script variables.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: s4posixmod
Type: application/octet-stream
Size: 276 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140530/b68be1e4/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: s4posixmod.sh
Type: application/x-sh
Size: 22534 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140530/b68be1e4/attachment-0001.sh>

More information about the samba-technical mailing list