[Samba] Samba4 member of an another « Samba4 » domain
steve
steve at steve-ss.com
Sat Apr 13 12:24:38 MDT 2013
On 13/04/13 18:49, François Lafont wrote:
> Hi,
>
> Le 11/04/2013 22:39, Gémes Géza a écrit :
>
>> The easiest way to test out rfc2307 would be to provision a new domain
>> with samba-tool domain provision --use-rfc2307
>> --the-other-options-of-your-choice, and test a rfc2307 client against
>> it. The difference is, that in this case the provisioning script loads a
>> schema file (ypServ30.ldif) which makes it easier to administer the
>> rfc2307 attributes using ADUC. [...]
> Ok. I try this in a wheezy server:
>
> ---------------------------------------------------
> samba-tool domain provision --realm=CHEZMOI.PRIV \
> --domain=CHEZMOI --server-role=dc --dns-backend=SAMBA_INTERNAL \
> --adminpass='+toto123' --use-rfc2307
> echo "nameserver 192.168.0.21" > /etc/resolv.conf
> samba
> samba-tool user add test1 "+test123"
> ---------------------------------------------------
>
> Here is my smb.conf file after this commands:
>
> ---------------------------------------------------
> # Global parameters
> [global]
> workgroup = CHEZMOI
> realm = CHEZMOI.PRIV
> netbios name = WHEEZY-1
> server role = active directory domain controller
> dns forwarder = 212.27.40.241
> idmap_ldb:use rfc2307 = yes
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/chezmoi.priv/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
> ---------------------------------------------------
>
> But when I run:
> ldbedit --url=/usr/local/samba/private/sam.ldb cn=test1
>
> ---------------------------------------------------
> # editing 1 records
> # record 1
> dn: CN=test1,CN=Users,DC=chezmoi,DC=priv
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: test1
> instanceType: 4
> whenCreated: 20130413162647.0Z
> whenChanged: 20130413162647.0Z
> uSNCreated: 3769
> name: test1
> objectGUID: 0d95a85f-92d9-425c-8ddf-bcdb401a1c99
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-3595212667-731548510-1075401445-1103
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: test1
> sAMAccountType: 805306368
> userPrincipalName: test1 at chezmoi.priv
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=chezmoi,DC=priv
> pwdLastSet: 130103440070000000
> userAccountControl: 512
> uSNChanged: 3771
> distinguishedName: CN=test1,CN=Users,DC=chezmoi,DC=priv
> ---------------------------------------------------
>
> I have no "objectClass: posixAccount" entry and then no "uidNumber", "gidNumber" attribute. Is it normal?
>
> I thought that "use-rfc2307" option allowed to create "posixaccount" users. Isn't It the case?
>
>
Hi
You still have to add the objects. Yourself! I think provsioning with
the rfc2307 option allows you to use the windows tools instead of using
ldbedit or ldif's. If you just want uid:gid you can use ldbedit like you
have above and
add e.g.
objectClass: posixGroup
gidNumber: 20513
to Domain Users
then, e.g.
objectClass posixAccount
uidNumber: 3000100
gidNumber: 20513
to each of your users. With a different uid for each user of course. You
then decide how to get the uid:gid out of AD. There's another thread
here at the moment about how or how not to do that.
hth
Steve
More information about the samba
mailing list