[Samba] samba member logon.. question.

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 9 09:36:14 MDT 2015


On 09/04/15 16:22, Andrey Repin wrote:
> Greetings, Rowland Penny!
>
>>>>>> Ok, good.
>>>>>> Now, how can I get RFC2307 attributes populated automatically upon
>>>>>> users or
>>>>>> groups creation?
>>>>> You can't :-(
>>>>> I'm experimenting with
>>>>> https://github.com/laotse/SambaPosix
>>>>> but it's quite buggy (at least regarding the features I'm trying,
>>>>> namely, trying to assign uids the same way as ADUC).
>>>>>
>>>>>
>>>>> Bye
>>>> OH yes you can, well I can :-)
>>> Can you share how?
>>>
>>> Bye
>> You are using python, which to me is a very big snake, so I bash it :-D
>> I just use these two functions in a bash script:
>> # Finds the next useable user uidNumber or group gidNumber
>> # Input : $1
>> # $1 : msSFU30MaxUidNumber or msSFU30MaxGidNumber
>> # Output : the first free uidNumber or gidNumber
>> _findnext () {
>>     ATTR="$1"
>>     if [ -z "${ATTR}" ]; then
>>         error "No Attribute supplied"
>>         error "Cannot continue... Exiting."
>>         exit 1
>>     fi
>>     _NEXTID=$(ldbsearch -H ${LDBDB} -b
>> "CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}"
>> -s sub '(objectClass=msSFU30DomainInfo)' ${ATTR} | grep "${ATTR}: " |
>> awk '{print $NF}')
>>     if [ -z "$_NEXTID" ] || [ "$_NEXTID" -lt "10000" ]; then
>>         _NEXTID="10000"
>>     fi
>> }
>> # UPDATE msSFU30MaxUidNumber/msSFU30MaxGidNumber
>> # Input : $1 $2
>> # $1: what to update (msSFU30MaxUidNumber or msSFU30MaxGidNumber)
>> # $2: Next Number
>> #
>> # Output : Nothing
>> _updatemax () {
>>     ATTR="$1"
>>     IDNUM="$2"
>>     if [ -z "${ATTR}" ] || [ -z "${IDNUM}" ]; then
>>         error "Incomplete data supplied."
>>         error "Cannot continue... Exiting."
>>         exit 1
>>     fi
>>     echo "Updating ${ATTR}"
>>     IDLDIF="dn:
>> CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}
>> changetype: modify
>> replace: ${ATTR}
>> ${ATTR}: ${IDNUM}"
>>     echo "${IDLDIF}" | ldbmodify -H ${LDBDB}
>>     if [ $? != 0 ]; then
>>         error "Error updating ${ATTR} in AD."
>>         echo "${LDIF}" > /tmp/update.ldif
>>         exit 1 # exits here if error
>>     fi
>>     unset IDLDIF
>>     echo "Successfully updated ${ATTR} in AD"
>> }
> That will only work on a domain controller.

Well yes it will only work on a DC because that is where the AD records 
are stored, but it can be run from another Linux machine.

> I don't want to touch it at all,
> if I don't need to blow it apart.

Well, seeing as it is only doing what ADUC does, I do not see it blowing 
up your AD DC.

> Not to mention, it will not add "objectClass: posixAccount" to the user,

How many times do I have to say this:

DO NOT ADD POSIX OBJECTCLASSES TO AD, THEY ARE NOT REQUIRED. ADUC WILL 
NEVER ADD THEM.

> causing all sort of grief in a long run.
WHY ??

Rowland
>



More information about the samba mailing list