[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?
Rowland Penny
rowlandpenny at googlemail.com
Thu Apr 9 14:34:28 MDT 2015
On 09/04/15 21:17, Andrey Repin wrote:
> Greetings, Rowland Penny!
>
>>>> well tough, the smbldap-tools were written to do a job, map windows
>>>> users to unix users and vice versa.
>>> No. smbldap-tools were doing exactly the same as AD do: kept all users in one
>>> database.
>>>
>> Similar, but not the same, with smbldap-tools you had Unix and ldap
>> users,
> If you want to put it that way...
>
>> with Samba4 AD,
> ...I have Unix and AD users.
>
>> just like windows AD, you just have AD users.
> No.
Lets put it this way, you cannot have a local Unix user and an AD user
with the same name.
>>>> So what you need now is something to do the same, except you don't have
>>>> separate Unix users any more,
>>> I never had separate unix users ever (aside from one user - myself, but that
>>> was more of a requirement of OS installation process).
>>>
>>>> just users in AD who can also be Unix users.
>>>> If you want your Unix users to have the same IDs everywhere, you need to
>>>> use the RFC2307 attributes,
>>> Already.
>>>
>>>> at the moment, how the attributes get into AD is up to you, use ADUC,
>>> Time-consuming, requires available Win7 machine. In short - not an option.
>>>
>>>> samba-tool
>>> Doesn't work, as evidently demonstrated recently in the list.
>>>
>>>> or write your own scripts.
>>> The problem with any homemade script is that it isn't portable, and only go as
>>> far, as the script writer's understanding of the things at hand.
>>> My personal understanding of the AD schema is very limited. I could throw
>>> something together, but in reality, I'd rather not do anything like that
>>> myself.
>>>
>>> All that being said, I see the situation as very disturbing. The lack of the
>>> very basic, essential tools to manage user/group creation... I'm speechless.
>>>
>>>
>> The user tools are there, they are mostly on windows though.
> Can you list some of them?
> RSAT is not an option - the only Win7 Pro system at work is a render farm that
> have its own work to do, than to let me twitch the checkboxes in some
> overloaded GUI.
>
>
If you only have access to one windows domain machine, why are you
running an AD domain, you would probably be better of running NFS
I am coming to believe that you want everything handing to you on plate,
i.e. you don't really want to help yourself, you want everybody to do
your work for you.
Rowland
More information about the samba
mailing list