[Samba] uidNumber. ( Was: What is --rfc2307-from-nss ??)
rowlandpenny at googlemail.com
Tue Dec 2 01:47:08 MST 2014
On 02/12/14 08:29, Greg Zartman wrote:
> On Mon, Dec 1, 2014 at 2:05 AM, Lars Hanke <debian at lhanke.de> wrote:
>> If you like to manage Unix users from the Unix side and ldbedit seems too
>> awkward, you might try my Python script: https://github.com/laotse/
>> I appreciate comments, experiences, and contributions to make it a useful
> Thanks Lars. I'm working on building a perl API for Samba 4 for use with
> the SME Server (www.koozali.org). Your python is a great check for what
> needs to go into a perl API.
> I think I've finally got this all sorted out. After I setup a user using
> samba-tool user create, I'll pull the RID for this new user and then set
> the UID/GID = RID + 3000. I'll then set xidNumber = UIDNumber(GIDNumber),
> as appropriate.
If you do this, you must ensure that ADUC is never used to add Unix
attributes to a user, ADUC will never work like this.
> The other attributes can be set in a similar fashion as you have done.
> I'm not finding where we need these though for *nix auth:
I do not think that these are really required at the moment, but they
are added by ADUC. My personal feelings are, because we are working with
what is basically a windows server, we need to do things the windows
way. This will stop problems happening if/when users/groups etc are
added by ADUC, i.e. if windows does it, we should do it and vice versa.
The problem, as I see it, is that Unix sysadmins are used to doing
things the Unix way against OpenLDAP etc. This was ok when dealing with
just Unix products, but now they are dealing with a quasi windows
product and are trying to bend it to Unix. This, in my opinion, will
only lead to disaster, you need to work with AD, not try and bend it to
suit your needs.
> Can someone clarify what these are needed for? SSSD doesn't seem to use
More information about the samba