[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?
anrdaemon at yandex.ru
Thu Apr 9 15:33:55 MDT 2015
Greetings, Rowland Penny!
>>>>> well tough, the smbldap-tools were written to do a job, map windows
>>>>> users to unix users and vice versa.
>>>> No. smbldap-tools were doing exactly the same as AD do: kept all users in one
>>> Similar, but not the same, with smbldap-tools you had Unix and ldap
>> If you want to put it that way...
>>> with Samba4 AD,
>> ...I have Unix and AD users.
>>> just like windows AD, you just have AD users.
> Lets put it this way, you cannot have a local Unix user and an AD user
> with the same name.
That is true for LDAP users as well. When LDAP available, it always overshadow
my local account with LDAP one.
>>>>> So what you need now is something to do the same, except you don't have
>>>>> separate Unix users any more,
>>>> I never had separate unix users ever (aside from one user - myself, but that
>>>> was more of a requirement of OS installation process).
>>>>> just users in AD who can also be Unix users.
>>>>> If you want your Unix users to have the same IDs everywhere, you need to
>>>>> use the RFC2307 attributes,
>>>>> at the moment, how the attributes get into AD is up to you, use ADUC,
>>>> Time-consuming, requires available Win7 machine. In short - not an option.
>>>> Doesn't work, as evidently demonstrated recently in the list.
>>>>> or write your own scripts.
>>>> The problem with any homemade script is that it isn't portable, and only go as
>>>> far, as the script writer's understanding of the things at hand.
>>>> My personal understanding of the AD schema is very limited. I could throw
>>>> something together, but in reality, I'd rather not do anything like that
>>>> All that being said, I see the situation as very disturbing. The lack of the
>>>> very basic, essential tools to manage user/group creation... I'm speechless.
>>> The user tools are there, they are mostly on windows though.
>> Can you list some of them?
>> RSAT is not an option - the only Win7 Pro system at work is a render farm that
>> have its own work to do, than to let me twitch the checkboxes in some
>> overloaded GUI.
> If you only have access to one windows domain machine, why are you
> running an AD domain, you would probably be better of running NFS
I have six Windows machines that I'm responsible for. Only one of them is Win7.
There's other machines (personal notebooks that are not part of the domain),
that are using SSH/VPN/CIFS access to the servers.
> I am coming to believe that you want everything handing to you on plate,
> i.e. you don't really want to help yourself, you want everybody to do
> your work for you.
I've already "helped myself" in the past three months. That's a big chunk of
life taken away by something that should have been a relatively simple
All I want now is a working system that would not require my everyday
attention for the next seven years.
Is this too much to ask for?
With best regards,
Friday, April 10, 2015 00:24:50
Sorry for my terrible english...
More information about the samba