[Samba] Creating samba4/AD users from ADUC
Michael Brown
michael at netdirect.ca
Tue Feb 4 09:40:43 MST 2014
We have a couple Samba4 AD domains we've implemented and I've noticed a
difference between how users look when created via ADUC versus samba-tool.
Created via ADUC, the following extra attributes are added:
msSFU30Name: bilbo
msSFU30NisDomain: netdirect
unixHomeDirectory: /home/bilbo
unixUserPassword: ABCD!efgh12345$67890
Created via samba-tool, the following extra attributes are added:
objectClass: posixAccount
uid: bilbo
(hey, why can't I tell samba-tool to give the user a unixHomeDirectory :( )
In my ldap.conf, I'm using:
nss_map_attribute uid sAMAccountName
nss_map_attribute uniqueMember member
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute gecos displayName
pam_login_attribute sAMAccountName
pam_filter objectclass=posixAccount
pam_password ad
What are people doing for maintaining their Unix accounts in AD? Should
all the unix accounts also have oc posixAccount?
Also, looks like samba-tool isn't adding the msSFU30NisDomain - this
makes the Unix attributes not enabled in ADUC. It should probably add
that, yes?
M.
--
Michael Brown | `One of the main causes of the fall of
Systems Consultant | the Roman Empire was that, lacking zero,
Net Direct Inc. | they had no way to indicate successful
☎: +1 519 883 1172 x5106 | termination of their C programs.' - Firth
More information about the samba
mailing list