[Samba] Some Clarification?

steve steve at steve-ss.com
Sat Apr 13 10:28:56 MDT 2013

On 13/04/13 18:06, Stuart Sheldon wrote:
> Hash: SHA256
> Thanks for the response Andrew,
> Using ad for my idmap sounds like what I'm looking for. I'm having
> problems finding how I add the map ids to the AD manually for new users.
> Could you direct me to some information regarding cli tools to do that?
> Thanks Again,
> Stu
If you want to do it manually e.g. to add a domain user called steve2:

samba-tool user add steve2
(enter the passwords)

then edit the record:
ldbedit  --url=/usr/local/samba/private/sam.ldb cn=steve2

You can use any editor:

ldbedit -e gedit --url=/usr/local/samba/private/sam.ldb cn=steve2

Here is a fully loaded domain user with the rfc2307 objects and 
attributes added you need to forget about idmap altogether:)  With this 
lot, he's good for both Linux and windows clients.

# editing 1 records
# record 1
dn: CN=steve2,CN=Users,DC=hh3,DC=site
cn: steve2
instanceType: 4
whenCreated: 20130412075527.0Z
uSNCreated: 3737
name: steve2
objectGUID: 1fb4f5fe-11db-47da-a3d7-962717a81881
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-1555648365-2472922434-3126067274-1106
logonCount: 0
sAMAccountName: steve2
sAMAccountType: 805306368
userPrincipalName: steve2 at hh3.siteHere is a fully loaded domain user 
with thfor both Linux and windows clients. You can any editor:e rfc2307 
objects and idmap attributes added. With this lot, he's good for both 
Linux and windows clients.
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=hh3,DC=site
pwdLastSet: 130102269270000000
userAccountControl: 66048
accountExpires: 0
uidNumber: 3000034
gidNumber: 20513
unixHomeDirectory: /home/users/steve2
loginShell: /bin/bash
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
profilePath: \\hh16\profiles\steve2
homeDrive: Z:
homeDirectory: \\hh16\users\steve2
whenChanged: 20130412075530.0Z
uSNChanged: 3743
distinguishedName: CN=steve2,CN=Users,DC=hh3,DC=site

Note: you'll soon get bored adding all the extra stuff but it's easy to 
write a script to automate it.

You need to tell Samba to use AD in the [global] section of smb.conf:
idmap_ldb:use rfc2307 = Yes

As a matter of interest, how do you plan on pulling the id info from the 

More information about the samba mailing list