[Samba] samba4 DC, internal winbind_server: external idmap problem

steve steve at steve-ss.com
Sun Dec 8 01:58:59 MST 2013

On Sun, 2013-12-08 at 01:08 +0400, Andy Igoshin wrote:
> On Sat, 07 Dec 2013 19:05:51 +0100
> steve <steve at steve-ss.com> wrote:
> some explanations:
> we use sssd which takes data from our ldap-based system.

Well done. Absolutely perfect. 
> # getent passwd test2 at dom.domain.ru
> test2 at dom.domain.ru:*:1113535:1113535:test2:/home/dom.domain.ru/test2:/bin/bash

So now we chop off test2 using cut or sed or something
then proceed as follows
samba-tool user create test2

Now chop off and assemble the following into a file, say, test2.ldif
Note the handy ':' delimiters;)

dn: cn=test2,cn=Users,dc=dom,dc=domain,d=ru
changetype: modify
add: uidNumber
uidNumber: 1113535
add: gidNumber
gidNumber: 1113535
unixHomeDirectory: /home/dom.domain.ru/test2
add: loginShell
loginShell: /bin/bash

Now stick it into AD:

ldbmodify --url=/path/to/your/private/sam.ldb test2.ldif

repeat for each user you wish to add: getent passwd and chop and
assemble a line at a time perhaps?

You now have your existing ldap sitting comfortably in AD. sssd is the
perfect tool for pulling this info too but of course now, you're on the
DC or your Linux clients.


More information about the samba mailing list