[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?

Andrey Repin anrdaemon at yandex.ru
Fri Apr 10 06:50:28 MDT 2015

Greetings, Rowland Penny!

>>>>>>> well tough, the smbldap-tools were written to do a job, map windows
>>>>>>> users to unix users and vice versa.
>>>>>> No. smbldap-tools were doing exactly the same as AD do: kept all users in one
>>>>>> database.
>>>>> Similar, but not the same, with smbldap-tools you had Unix and ldap
>>>>> users,
>>>> If you want to put it that way...
>>>>> with Samba4 AD,
>>>> ...I have Unix and AD users.
>>>>> just like windows AD, you just have AD users.
>>>> No.
>>> Lets put it this way, you cannot have a local Unix user and an AD user
>>> with the same name.
>> That is true for LDAP users as well. When LDAP available, it always overshadow
>> my local account with LDAP one.

> This is one area you need to read up on, whilst with LDAP you can have a 
> user called 'joe' in /etc/passwd and LDAP, you cannot do this with AD, 
> your users must be either in /etc/passwd or AD, but not in both.

$ id
uid=1000(anrdaemon) gid=1000(anrdaemon) groups=1000(anrdaemon),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),114(lpadmin),118(sambashare),120(admin),512(domain admins),513(domain users)

Practice >>> Theory

>>>>> The user tools are there, they are mostly on windows though.
>>>> Can you list some of them?
>>>> RSAT is not an option - the only Win7 Pro system at work is a render farm that
>>>> have its own work to do, than to let me twitch the checkboxes in some
>>>> overloaded GUI.

So, what about tools?
Do you really know any, or just throwing ideas to the wind?

>>> If you only have access to one windows domain machine, why are you
>>> running an AD domain, you would probably be better of running NFS
>> I have six Windows machines that I'm responsible for. Only one of them is Win7.
>> There's other machines (personal notebooks that are not part of the domain),
>> that are using SSH/VPN/CIFS access to the servers.
>>> I am coming to believe that you want everything handing to you on plate,
>>> i.e. you don't really want to help yourself, you want everybody to do
>>> your work for you.
>> I've already "helped myself" in the past three months. That's a big chunk of
>> life taken away by something that should have been a relatively simple
>> process.
>> All I want now is a working system that would not require my everyday
>> attention for the next seven years.
>> Is this too much to ask for?

With best regards,
Andrey Repin
Friday, April 10, 2015 15:23:25

Sorry for my terrible english...

More information about the samba mailing list