[Samba] RFC2307, AD, and Samba 3.6

[steve]

On 08/12/2012 08:49 PM, Nick Triantos wrote:
> Thanks very much.
>
> For some reason, this time, when I uncommented those idmap range lines, it all worked.
>
> Steve, to use rfc2307 out of the box, how do I specify uids for my users? I installed sfu to get the tab in the Users & Computers where I could set stuff like shell, uid, etc.
>
> thanks,
> -Nick
Hi Nick

Just knock up a quick script. Here's one we made using an idea from 
Geza. It's specific to our domain but you can easily change it:

#!/bin/bash
# get next uid
getent passwd | cut -d ":" -f3 >/tmp/uid
sort -n /tmp/uid -o /tmp/uid
highuid=$(tail -1 /tmp/uid)
uid=$(($highuid+1))
echo $uid $highuid
# tidy up
rm /tmp/uid
samba-tool user add $1
echo Updating directory with uid $uid
sleep 1
echo "dn: cn=$1,cn=Users,dc=hh3,dc=site
changetype: modify
add: objectClass
objectClass: posixAccount
-
add: uidNumber
uidNumber: $uid
-
add: gidNumber
gidNumber: 20513
-
add: unixHomeDirectory
unixHomeDirectory: /home2/$2/$1
-
add: loginShell
loginShell: /bin/bash
-
add: profilePath
profilePath: \\\\hh30\\profiles\\$1
-
add: homeDirectory
homeDirectory: \\\\hh30\\$2\\$1
-
add: homeDrive
homeDrive: Z:" > /tmp/$1
ldbmodify --url=/usr/local/samba/private/sam.ldb /tmp/$1
sleep 1
mkdir /home2/$2/$1
chown $uid:20513 /home2/$2/$1
#So we can login on the DC too if/when we use winbind
ln -s /home2/$2/$1 /home/ALTEA
samba-tool user setexpiry $1 --noexpiry
echo $1 created
sleep 1
getent passwd $1

There is a full blown (non domain specific) set of utilities for 
handling all AD objects from the DC without ever touching a m$ box here:
http://linuxcostablanca.blogspot.com.es/p/s4bind.html

HTH
Steve

http://linuxcostablanca.blogspot.com.es/p/s4bind.html