[Samba] samba member logon.. question.

Rowland Penny rowlandpenny at googlemail.com
Fri Apr 10 02:54:46 MDT 2015


On 10/04/15 08:54, Luca Olivetti wrote:
> El 09/04/15 a les 18:31, Rowland Penny ha escrit:
>
>> If your tools rely on the posix objectclasses being there, then they are
>> broken. The posix objectclasses are auxiliaries of other AD
>> objectclasses and as such, no windows tools will add them.
> but, e.g., samba-tool with --uid will:

Yes, I know, but it shouldn't!

I believe it is this line in samdb.py that adds it:

ldbmessage2["objectClass"] = ldb.MessageElement('posixAccount', 
ldb.FLAG_MOD_ADD, 'objectClass')

If I knew how to format a patch, I would propose its removal, because
A) I think it shouldn't be there
B) I know it works without it

Also, the classicupgrade shouldn't add the posix objectclasses either.

Why shouldn't you add the posix objectclasses ? Well consider this, you 
have a domain with two admins, one who adds users from Unix using tools 
that add the posix objectclasses and one that uses ADUC and the UNIX 
Attributes tab. The Unix based admin uses tools that rely on the posix 
objectclasses and can see all the users they added, but they will not 
see any users that the ADUC based admin added.

Or to put it another way, Samba 4 working in AD mode is trying to be 
compatible with windows AD, so Samba shouldn't add anything that windows 
doesn't.

Rowland

>
> luca at ubutest:~$ sudo samba-tool user add tararo tarari
> --use-username-as-cn --given-name=Tararo --surname=QueTeVi
> --mail-address=tararo at wetron.es --uid=tararo --gid-number=513
> User 'tararo' created successfully
> luca at ubutest:~$ ldapsearch -H ldap://localhost -x -D
> 'CN=luca,CN=Users,DC=samba,DC=wetron,DC=es' -W -b
> 'dc=samba,dc=wetron,dc=es' '(cn=tararo)'
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=samba,dc=wetron,dc=es> with scope subtree
> # filter: (cn=tararo)
> # requesting: ALL
> #
>
> # tararo, Users, samba.wetron.es
> dn: CN=tararo,CN=Users,DC=samba,DC=wetron,DC=es
> cn: tararo
> sn: QueTeVi
> givenName: Tararo
> instanceType: 4
> whenCreated: 20150410075219.0Z
> whenChanged: 20150410075219.0Z
> displayName: Tararo QueTeVi
> uSNCreated: 9330
> name: tararo
> objectGUID:: Fbd97R84oEqCI6vpoOXk2g==
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAAHRf8UdaAOYEc27XqKxAAAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: tararo
> sAMAccountType: 805306368
> userPrincipalName: tararo at samba.wetron.es
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=wetron,DC=es
> mail: tararo at wetron.es
> uid: tararo
> gidNumber: 513
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> pwdLastSet: 130731259390000000
> userAccountControl: 512
> uSNChanged: 9334
> distinguishedName: CN=tararo,CN=Users,DC=samba,DC=wetron,DC=es
>
> # search reference
> ref: ldap://samba.wetron.es/CN=Configuration,DC=samba,DC=wetron,DC=es
>
> # search reference
> ref: ldap://samba.wetron.es/DC=DomainDnsZones,DC=samba,DC=wetron,DC=es
>
> # search reference
> ref: ldap://samba.wetron.es/DC=ForestDnsZones,DC=samba,DC=wetron,DC=es
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 5
> # numEntries: 1
> # numReferences: 3
>
>
> Bye



More information about the samba mailing list