[Samba] How do you configure a NIS group?
Rowland Penny
rowlandpenny at googlemail.com
Sun Oct 12 02:10:31 MDT 2014
On 12/10/14 08:52, Marc Muehlfeld wrote:
> Hello John,
>
> Am 12.10.2014 um 00:41 schrieb John Lewis:
>> That doesn't do anything for me because I don't have a Windows machine
>> on my network. I need the name of the attribute so I can ldapmodify it.
> You shouldn't use ldapmodify for doing changes. Use samba-tool!
Hi Marc, sorry but I cannot agree with you, samba-tool is ok as far as
it goes, but it fails woefully when it comes to Unix attributes. If you
create a user with samba-tool it is a basic AD user, yes you can add
basic Unix attributes, but **YOU** have to maintain the range of
uidNumber's & gidNumber's. If you add a user via ADUC, again you first
get a basic AD user, but then you can add the Unix attributes and when
you do, you get these:
uid
msSFU30Name
msSFU30NisDomain
uidNumber
gidNumber
loginShell
unixHomeDirectory
unixUserPassword
And the uidNumber's & gidNumber's are stored in AD using the attributes
microsoft designed.
Rowland
>
> AD uses backlinks for storing group memberships. See
> http://www.frickelsoft.net/blog/?p=130
> for details about AD backlinks.
>
> If you use 'samba-tool', you are sure, that everything is done right in
> your database and nothing gets corrupted by missing something or wrong
> usage.
>
>
>
>
>> I think I need these attributes defined memberUid memberNisNetgroup
>> defined, but I haven't figured out where on the directory tree yet.
> In the group DN, the following two attributes have to be added once, to
> enable it for the usage like mentioned in the Wiki nslcd documentation
> if you don't use ADUC:
> msSFU30NisDomain: samdom
> gidNumber: 12345
> Use 'ldbedit' for adding them.
>
>
> If you follow the documentation in the Wiki, then the group membership
> is taken from the AD groups, so you don't have to maintain the
> membership on two places (AD groups and Unix attributes group members).
>
> In the group DN, the 'member' attribute points to the user account:
> member: CN=demo01,CN=Users,DC=samdom,DC=example,DC=com
>
> In the user DN, the 'memberOf' attribute points to the group:
> memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
>
>
>
> Regards,
> Marc
More information about the samba
mailing list