[Samba] Missing option in samba-tool user add

Tue Jan 21 11:52:18 MST 2014

Hi Rowland,

That really depend on how system get the user information.

Adding posixAccount objectclass denote that the use have access to
linux/unix

if using nslcd (nss-pam-ldapd) for example if we apply filter
filter passwd
(&(objectClass=posixAccount)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))

This will make it so that only users with posixAccount objectclass are only
consider a linux users on the system.

You can also do this by creating an extra OU and put it in filter.
But still it would be meaningless if the users in this OU is without
uidNumber or unixHomeDirectory.

so Objectclass posixAccount force it to MUST have the following attribute.
"cn", "uid", "uidNumber", "gidNumber", "homeDirectory"

which make it an linux user :)

Still if you are using winbind and let all users to have access to linux,
that also can be done without posixAccount.

But the main question is if windows RAT user tools will add it.
If it is added by the users and computer management tools than there is no
harm to add it in since it is already there.

As long as all platform supported by winbind/nslcd which don't required
this objectclass...
Else we will need to add it as a backwards compatibility things.

Thank You

On Tue, Jan 21, 2014 at 4:57 PM, Rene van Schijndel <rvs at prisma-spo.nl>wrote:

> Thank again Roland.
> You modifactions work fine.
>
> > Op 20 januari 2014 om 14:21 schreef Rowland Penny
> > <rowlandpenny at googlemail.com>:
> >
> >
> > On 15/01/14 11:45, Rene van Schijndel wrote:
> > > Hi Steve,
> > >
> > > Thanks for you reply.
> > > Where can i find the updates i don't see them.
> > > I am new to this list so maybe i do something wrong.
> > >
> > > Rene.
> > >
> > >> Op 15 januari 2014 om 12:27 schreef steve <steve at steve-ss.com>:
> > >>
> > >>
> > >> On Wed, 2014-01-15 at 11:16 +0100, Rene van Schijndel wrote:
> > >>> Hello,
> > >>>
> > >>> I am trying to create a user with the samba-tool.
> > >>> With this user i a want to login in a windows system and linux shell.
> > >>> I can set everthing i need with samba-tool user add except
> > >>> unixHomeDirectory
> > >>> path.
> > >>> Is there an easy why to do this?
> > >>>
> > >>> Rene.
> > >> Hi
> > >> Here are the updates to get unixHomeDirectory (**) working as
> expected.
> > >> HTH
> > >> Steve
> > >>
> > >> No thanks to me btw. Rowland tipped me off;)
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL and read the
> > >> instructions: https://lists.samba.org/mailman/options/samba
> > OK, I altered the two files that I sent you myself, but did not know how
> > to submit them to samba for inclusion. A few months later another user,
> > Stéphane Purnelle, then came up with something similar, but he also
> > altered group.py to give the option to add the gidNumber.
> > I, at that time, objected to his updates because the update added the
> > posixAccount & posixGroup objectClasses, these, in my opinion, should
> > not be added because no windows tools will add them. The reason that
> > windows never adds the posix objectclasses is because they are
> > auxillaries of other objectclasses that windows does add, in case you do
> > not fully understand this, it means that all the posix attributes get
> > added to the windows objectclasses and are available for use without
> > actually adding the posix objectClasses.
> >
> > This all started about 3 months ago and I do not know why nothing has
> > yet made its way into samba 4.
> >
> > I have attached 3 new files, two are updates to the files that I have
> > already sent, they have all been updated to also include Stephane's
> > updates but without adding posix objectClasses, test them at your own
> risk.
> >
> > Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>