[Samba] Howto for manage unix data with ADUC

Rowland Penny rowlandpenny at googlemail.com
Tue Dec 10 12:31:07 MST 2013 

On 10/12/13 16:40, Stéphane PURNELLE wrote:
> Hi,
>
> My tests on DC server and File/print server have some problem with account
> management...
>
> user access right on home share is very strange.
>   if we use ADUC and home share (not homes) for new user, it work.
>
> All howto in samba's wiki ask administrator to use windows tools for
> manage users and groups and share like home share
>
> so... I know that is possible to add unix tab on aduc (already done).
> adding and view unix data is OK, but my question is what must file I must
> add to samba for NIS server (for example) and where can I configure xID
> range ?

As you do not seem to be interested in my offer, I will try and see if I 
can help and and I think what you mean is: what needs adding to the 
Samba 4 database to give you the uidNumber automatically in the UNIX 
Attributes tab on ADUC.

You need to add a couple of attributes, msSFU30MaxUidNumber & 
msSFU30MaxGidNumber

create an ldif:

dn: 
CN=<YOURDOMAIN>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,<YOUR 
BASE DN>
changetype: modify
add: msSFU30MaxUidNumber
msSFU30MaxUidNumber: 10000
-
add: msSFU30MaxGidNumber
msSFU30MaxGidNumber: 10000

alter 10000 to fit in with your server (but 10000 is the std windows number)

Add the ldif with:

ldbmodify --url=ldap://<hostname of your samba4 server> --kerberos=yes 
--krb5-ccache=/tmp/krb5cc_0 /path/to/the/ldif

These would already have been there, except for an Australian telling 
someone else not add them when ypServe30.ldif was originally added. I 
will leave you to put a name to the Australian, but I will also tell you 
that he also said this:

"Please file a bug, so it isn't lost over the Christmas season, but
clearly I need to change the code not to rely on posixAccount and
posixGroup.  The steps you performed are reasonable, and while we can
improve our tool to add that objectClass, if AD isn't adding it using
the standard GUI tools, we shouldn't require it either."


xID number is in idmap.ldb

Rowland


>
> I know that there are some peoples here who have this view with ADUC (if
> aduc do like that... samba-tool must do in same way)  :-))
>
> So anyone have a good howto ?
> If samba team want to have the same view for management, a howto about
> aduc, rsat, unix tab ans nis server become a good think for me...
>
> anyone for write a howto ?
> thx
>
>          Stéphane Purnelle
>
> -----------------------------------
> Stéphane PURNELLE                         Admin. Systèmes et Réseaux
> Service Informatique       Corman S.A.           Tel : 00 32 (0)87/342467

More information about the samba mailing list