[Samba] samba member logon.. question.
Rowland Penny
rowlandpenny at googlemail.com
Thu Apr 9 13:18:07 MDT 2015
On 09/04/15 19:44, Andrey Repin wrote:
> Greetings, Rowland Penny!
>
>>>>> That will only work on a domain controller.
>>>> Well yes it will only work on a DC because that is where the AD records
>>>> are stored, but it can be run from another Linux machine.
>>>>> I don't want to touch it at all,
>>>>> if I don't need to blow it apart.
>>>> Well, seeing as it is only doing what ADUC does, I do not see it blowing
>>>> up your AD DC.
>>>>> Not to mention, it will not add "objectClass: posixAccount" to the user,
>>>> How many times do I have to say this:
>>>> DO NOT ADD POSIX OBJECTCLASSES TO AD, THEY ARE NOT REQUIRED. ADUC WILL
>>>> NEVER ADD THEM.
>>> They are not required for AD, but they are required for other tools, that work
>>> off AD LDAP.
>>> Don't scream like that, you may startle someone.
>> If your tools rely on the posix objectclasses being there, then they are
>> broken. The posix objectclasses are auxiliaries of other AD
>> objectclasses and as such, no windows tools will add them.
> Elaborate, please.
> A link would suffice.
OK, have a look at
'/usr/share/samba/setup/ad-schema/MS-AD_Schema_2K8_Classes.txt'
Find 'cn: Group' , where you will also find:
auxiliaryClass: posixGroup
Have a look here:
https://msdn.microsoft.com/en-us/library/ms677964%28v=vs.85%29.aspx
and here:
http://www.windows-active-directory.com/active-directory-object-classes.html
>>>>> causing all sort of grief in a long run.
>>>> WHY ??
>>> Because my auth tools, for instance, expect posixAccount class and check for
>>> it before processing further with authentication.
>>>
>> Your auth tools are broken or set up incorrectly.
> You're just making things up out of ignorance.
> They're set up correctly and work well for seven years already.
No, I am not making things up, and yes your tools may be set up
correctly, correctly that is for Openldap, they need to be set up
differently for Active Directory.
I repeat, even if you do not want to believe me, there are no windows
tools that will add the posix objectclasses to active directory, so no
Unix tools should either.
Rowland
More information about the samba
mailing list