[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?

Andrey Repin anrdaemon at yandex.ru
Fri Apr 10 08:05:31 MDT 2015 

Greetings, Rowland Penny!

>>>>>>>>> well tough, the smbldap-tools were written to do a job, map windows
>>>>>>>>> users to unix users and vice versa.
>>>>>>>> No. smbldap-tools were doing exactly the same as AD do: kept all users in one
>>>>>>>> database.
>>>>>>>>
>>>>>>> Similar, but not the same, with smbldap-tools you had Unix and ldap
>>>>>>> users,
>>>>>> If you want to put it that way...
>>>>>>
>>>>>>> with Samba4 AD,
>>>>>> ...I have Unix and AD users.
>>>>>>
>>>>>>> just like windows AD, you just have AD users.
>>>>>> No.
>>>>> Lets put it this way, you cannot have a local Unix user and an AD user
>>>>> with the same name.
>>>> That is true for LDAP users as well. When LDAP available, it always overshadow
>>>> my local account with LDAP one.
>>> This is one area you need to read up on, whilst with LDAP you can have a
>>> user called 'joe' in /etc/passwd and LDAP, you cannot do this with AD,
>>> your users must be either in /etc/passwd or AD, but not in both.
>> $ id
>> uid=1000(anrdaemon) gid=1000(anrdaemon) groups=1000(anrdaemon),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),114(lpadmin),118(sambashare),120(admin),512(domain admins),513(domain users)
>>
>> Practice >>> Theory

> OK, I will accept your so called 'Practise' and raise you an actual 
> attempt to create a Unix user that already exists in AD:

> root at dtest:~# getent passwd rowland
> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
> root at dtest:~# useradd -d /home/rowland -g domain_users -m -p xxxxxxxxxxx 
> rowland
> useradd: user 'rowland' already exists

You said "can't have", not "can't create".
Creation of existing user will predictable fail.

>>>>>>> The user tools are there, they are mostly on windows though.
>>>>>> Can you list some of them?
>>>>>> RSAT is not an option - the only Win7 Pro system at work is a render farm that
>>>>>> have its own work to do, than to let me twitch the checkboxes in some
>>>>>> overloaded GUI.
>> So, what about tools?
>> Do you really know any, or just throwing ideas to the wind?
>>

> If you were not such a know it all, I may have shared my tools with you, 
> but from the way you are talking, you can go whistle.

You resorted to trolling? That's a new low.


-- 
With best regards,
Andrey Repin
Friday, April 10, 2015 17:03:47

Sorry for my terrible english...

More information about the samba mailing list