[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?

Andrey Repin anrdaemon at yandex.ru
Thu Apr 9 10:17:05 MDT 2015

Greetings, Rowland Penny!

>> I've added a few domain users/groups for test, but they don't have ?idNumber,
>> even though the relevant schema is loaded?
>> How can I tell it to include relevant schema for all newly created
>> users/groups?

> Well, you could try walking up to the DC and giving it a good talking to 
> :-D

> But seriously, your choices are a bit limited, you can use ADUC on a 
> windows machine, this involves creating a user and then adding the 
> required attributes with the UNIX attributes tab. You could create your 
> users with samba-tool, but you will need the latest samba 4 to get all 
> the required attributes and you will still have to keep a record of the 
> uidNumbers & gidNumbers you have used, samba-tool will not do this. 
> Other than this, you can write your own scripts in your favourite 
> computer language.

That's kind of not what I would expect from Linux system.
smbldap-tools were crude, but an order of magnitude more effective, as they
allowed me to have working installation for years without an issue other, than
inability to correctly join only Win7 machine I had in the network.
I have ~50 users in the domain, of them, 10 are Linux systems and 6 Windows,
25 are users that accessing Linux systems directly in one or another way, so
they do need correct uidNumber at all times, and 8 that only access Linux file
server through Samba share. While not necessary, I would still like to see
their SID's resolved to uid properly, when viewing the share from Linux side.
The last account? That is me. It have uid=1000 and is basically duplicated on
all Linux systems already.

With best regards,
Andrey Repin
Thursday, April 9, 2015 19:10:25

Sorry for my terrible english...

More information about the samba mailing list