[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 9 13:21:56 MDT 2015

On 09/04/15 19:41, Andrey Repin wrote:
> Greetings, Rowland Penny!
>> well tough, the smbldap-tools were written to do a job, map windows
>> users to unix users and vice versa.
> No. smbldap-tools were doing exactly the same as AD do: kept all users in one
> database.

Similar, but not the same, with smbldap-tools you had Unix and ldap 
users, with Samba4 AD, just like windows AD, you just have AD users.

>> So what you need now is something to do the same, except you don't have
>> separate Unix users any more,
> I never had separate unix users ever (aside from one user - myself, but that
> was more of a requirement of OS installation process).
>> just users in AD who can also be Unix users.
>> If you want your Unix users to have the same IDs everywhere, you need to
>> use the RFC2307 attributes,
> Already.
>> at the moment, how the attributes get into AD is up to you, use ADUC,
> Time-consuming, requires available Win7 machine. In short - not an option.
>> samba-tool
> Doesn't work, as evidently demonstrated recently in the list.
>> or write your own scripts.
> The problem with any homemade script is that it isn't portable, and only go as
> far, as the script writer's understanding of the things at hand.
> My personal understanding of the AD schema is very limited. I could throw
> something together, but in reality, I'd rather not do anything like that
> myself.
> All that being said, I see the situation as very disturbing. The lack of the
> very basic, essential tools to manage user/group creation... I'm speechless.

The user tools are there, they are mostly on windows though.


More information about the samba mailing list