[Samba] uidNumber. ( Was: What is --rfc2307-from-nss ??)

[Greg Zartman]

On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:

>
>> I do what windows does, it ignores the RID (what you call 'the last set
> of digits from SID') and uses a builtin mechanism to store the next uid &
> gidNumber.


The builtin users/groups use the RID for the GID/UID.


If you create a user and then goto to the UNIX_Attributes tab in ADUC,
> firstly you will find a 'uidNumber' is assigned to your user (if it is the
> first user, this will be 10000) and when you add the attributes, you will
> then find in the users object in AD that the following attributes will have
> been added:
>

> uid
> msSFU30Name
> msSFU30NisDomain
> uidNumber
> gidNumber
> loginShell
> unixHomeDirectory
>

Do you have to go back and add these values to the buildin groups/users
like "Domain Admins"?


> unixUserPassword: ABCD!efgh12345$67890  <-- the password is always this,
> unless password sync is installed and it doesn't (yet) exist on S4
>

You are saying this exact string is the same no matter what?   What's it
used for then?



> Unfortunately, these attributes do not exist as standard, so you would
> either have to add a user with ADUC or manually add them yourselves with
> ldbedit. As standard on windows, they both start at '10000', though you can
> set them to whatever you require, just make sure that they do not interfere
> with any local Unix users.


Quite alot of this stuff isn't standard, nor documented.  It is incredibly
frustrating to deploy Samba 4 in a mixed windows/*nix envir.

Greg