[Samba] Samba4 member of an another « Samba4 » domain
Rowland Penny
rpenny at f2s.com
Sat Apr 13 12:38:40 MDT 2013
On 13/04/13 19:24, steve wrote:
> On 13/04/13 18:49, François Lafont wrote:
>> Hi,
>>
>> Le 11/04/2013 22:39, Gémes Géza a écrit :
>>
>>> The easiest way to test out rfc2307 would be to provision a new domain
>>> with samba-tool domain provision --use-rfc2307
>>> --the-other-options-of-your-choice, and test a rfc2307 client against
>>> it. The difference is, that in this case the provisioning script
>>> loads a
>>> schema file (ypServ30.ldif) which makes it easier to administer the
>>> rfc2307 attributes using ADUC. [...]
>> Ok. I try this in a wheezy server:
>>
>> ---------------------------------------------------
>> samba-tool domain provision --realm=CHEZMOI.PRIV \
>> --domain=CHEZMOI --server-role=dc --dns-backend=SAMBA_INTERNAL \
>> --adminpass='+toto123' --use-rfc2307
>> echo "nameserver 192.168.0.21" > /etc/resolv.conf
>> samba
>> samba-tool user add test1 "+test123"
>> ---------------------------------------------------
>>
>> Here is my smb.conf file after this commands:
>>
>> ---------------------------------------------------
>> # Global parameters
>> [global]
>> workgroup = CHEZMOI
>> realm = CHEZMOI.PRIV
>> netbios name = WHEEZY-1
>> server role = active directory domain controller
>> dns forwarder = 212.27.40.241
>> idmap_ldb:use rfc2307 = yes
>>
>> [netlogon]
>> path = /usr/local/samba/var/locks/sysvol/chezmoi.priv/scripts
>> read only = No
>>
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>> ---------------------------------------------------
>>
>> But when I run:
>> ldbedit --url=/usr/local/samba/private/sam.ldb cn=test1
>>
>> ---------------------------------------------------
>> # editing 1 records
>> # record 1
>> dn: CN=test1,CN=Users,DC=chezmoi,DC=priv
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: test1
>> instanceType: 4
>> whenCreated: 20130413162647.0Z
>> whenChanged: 20130413162647.0Z
>> uSNCreated: 3769
>> name: test1
>> objectGUID: 0d95a85f-92d9-425c-8ddf-bcdb401a1c99
>> badPwdCount: 0
>> codePage: 0
>> countryCode: 0
>> badPasswordTime: 0
>> lastLogoff: 0
>> lastLogon: 0
>> primaryGroupID: 513
>> objectSid: S-1-5-21-3595212667-731548510-1075401445-1103
>> accountExpires: 9223372036854775807
>> logonCount: 0
>> sAMAccountName: test1
>> sAMAccountType: 805306368
>> userPrincipalName: test1 at chezmoi.priv
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=chezmoi,DC=priv
>> pwdLastSet: 130103440070000000
>> userAccountControl: 512
>> uSNChanged: 3771
>> distinguishedName: CN=test1,CN=Users,DC=chezmoi,DC=priv
>> ---------------------------------------------------
>>
>> I have no "objectClass: posixAccount" entry and then no "uidNumber",
>> "gidNumber" attribute. Is it normal?
>>
>> I thought that "use-rfc2307" option allowed to create "posixaccount"
>> users. Isn't It the case?
>>
>>
> Hi
> You still have to add the objects. Yourself! I think provsioning with
> the rfc2307 option allows you to use the windows tools instead of
> using ldbedit or ldif's. If you just want uid:gid you can use ldbedit
> like you have above and
>
> add e.g.
> objectClass: posixGroup
> gidNumber: 20513
>
> to Domain Users
>
> then, e.g.
> objectClass posixAccount
> uidNumber: 3000100
> gidNumber: 20513
>
> to each of your users. With a different uid for each user of course.
> You then decide how to get the uid:gid out of AD. There's another
> thread here at the moment about how or how not to do that.
> hth
> Steve
>
Hi, You do not need the posix objectclasses, you can add the uidNumbers
etc without them.
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list