[Samba] Unix Attributes - Issues, Questions

David Minard david at scem.uws.edu.au
Thu Jul 10 22:51:19 MDT 2014

G'day All,

     I'm new to AD and the following things are causing issues trying to 
integrate our existing unix based infrastructure into AD.  I may well be 
doing something wrong or just missing something, but I'm going to ask 
anyway.  I'm stuck.

     We've been running Apple's OD (LDAP, Kerberos, and some Apple 
magic) with samba3 for years.  With W7+ we need AD to manage our Windows 
lab machines, and S4 is doing a great job of that, with S3 as the file 
and profile servers.  I started off trying to get profile re-direction 
going with this set up and getting nowhere.  I was getting permission 
type errors.  (Operation not permitted).

     Our current S4 was first installed from an Alpha version, and I 
didn't include the rfc2307 stuff, and upgraded through the versions to 
4.0.9.  I've recently set up a 4.1.9 server with  rfc2307 and noticed 
that "samba-tool user add" has the --rfc2307-from-nss option, which is 
great.  However, when you do this, the Unix home directory does not get 
set up in the AD.  I have to go into 
UAC-->domain-->Users-->"username"-->Unix_Attributes, select the 
Nis-domain, and then add the correct unix-home-directory there.  Is this 
something that can be added to "samba-tool user add"?  There is an 
option for "--home-directory" but this is for Windows, not unix.

     Also, when I go into UAC and select a new user I've created through 
samba-tool, then look at their Unix Attributes, I have to select "nis 
doman".  When I do this, the Unix settings for the newly created user 
are not there, but I can see them with "getent passwd user" on a domain 
attached linux server (albeit with the wrong homedirectory showing", and 
wrong group.  Am I missing something. Is there a way to get AD to know 
what the default NIS-domain is, so that when I create accounts and 
groups, etc, they are set up with it?

      Another thing, is it possible to set the GUID of a newly created 
group via samba-tool.  If not, could this be added?

     Getting all these things sorted would make it really easy to script 
the set up of users into S4 with the correct Unix attributes, so that I 
can have the same UID in OD and AD - the aim is to get rid of OD and all 
Macs and Linux/unix boxes will point to AD.

   After having manually fixed up the Unix attributes on an account, 
profile re-direction started to work - once or twice, then I stuffed it 
up again whilst trying to change groups and permissions on the AD user 
so that it better fix our current set up.

     Sorry for rambling.  (all of our stuff is on Centos 6.5 and 
compiled from source).


David Minard.
Ph:    0247 360 155
Fax:    0247 360 770

School of Computing, Engineering, and Mathematics
Building Y - Penrith Campus (Kingswood)
Locked bag 1797
Penrith South DC
NSW 1797

[Sometimes waking up just isn't worth the insult of the day to come.]

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list