[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?

Rowland Penny rowlandpenny at googlemail.com
Fri Apr 10 07:55:18 MDT 2015

On 10/04/15 13:50, Andrey Repin wrote:
> Greetings, Rowland Penny!
>>>>>>>> well tough, the smbldap-tools were written to do a job, map windows
>>>>>>>> users to unix users and vice versa.
>>>>>>> No. smbldap-tools were doing exactly the same as AD do: kept all users in one
>>>>>>> database.
>>>>>> Similar, but not the same, with smbldap-tools you had Unix and ldap
>>>>>> users,
>>>>> If you want to put it that way...
>>>>>> with Samba4 AD,
>>>>> ...I have Unix and AD users.
>>>>>> just like windows AD, you just have AD users.
>>>>> No.
>>>> Lets put it this way, you cannot have a local Unix user and an AD user
>>>> with the same name.
>>> That is true for LDAP users as well. When LDAP available, it always overshadow
>>> my local account with LDAP one.
>> This is one area you need to read up on, whilst with LDAP you can have a
>> user called 'joe' in /etc/passwd and LDAP, you cannot do this with AD,
>> your users must be either in /etc/passwd or AD, but not in both.
> $ id
> uid=1000(anrdaemon) gid=1000(anrdaemon) groups=1000(anrdaemon),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),114(lpadmin),118(sambashare),120(admin),512(domain admins),513(domain users)
> Practice >>> Theory

OK, I will accept your so called 'Practise' and raise you an actual 
attempt to create a Unix user that already exists in AD:

root at dtest:~# getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
root at dtest:~# useradd -d /home/rowland -g domain_users -m -p xxxxxxxxxxx 
useradd: user 'rowland' already exists

>>>>>> The user tools are there, they are mostly on windows though.
>>>>> Can you list some of them?
>>>>> RSAT is not an option - the only Win7 Pro system at work is a render farm that
>>>>> have its own work to do, than to let me twitch the checkboxes in some
>>>>> overloaded GUI.
> So, what about tools?
> Do you really know any, or just throwing ideas to the wind?

If you were not such a know it all, I may have shared my tools with you, 
but from the way you are talking, you can go whistle.


More information about the samba mailing list