[Samba] How can I have new users/groups to include posixAccount/posixGroup schema automatically?

Rowland Penny rowlandpenny at googlemail.com
Fri Apr 10 08:33:24 MDT 2015

On 10/04/15 15:05, Andrey Repin wrote:
> Greetings, Rowland Penny!
>>>>>>>>>> well tough, the smbldap-tools were written to do a job, map windows
>>>>>>>>>> users to unix users and vice versa.
>>>>>>>>> No. smbldap-tools were doing exactly the same as AD do: kept all users in one
>>>>>>>>> database.
>>>>>>>> Similar, but not the same, with smbldap-tools you had Unix and ldap
>>>>>>>> users,
>>>>>>> If you want to put it that way...
>>>>>>>> with Samba4 AD,
>>>>>>> ...I have Unix and AD users.
>>>>>>>> just like windows AD, you just have AD users.
>>>>>>> No.
>>>>>> Lets put it this way, you cannot have a local Unix user and an AD user
>>>>>> with the same name.
>>>>> That is true for LDAP users as well. When LDAP available, it always overshadow
>>>>> my local account with LDAP one.
>>>> This is one area you need to read up on, whilst with LDAP you can have a
>>>> user called 'joe' in /etc/passwd and LDAP, you cannot do this with AD,
>>>> your users must be either in /etc/passwd or AD, but not in both.
>>> $ id
>>> uid=1000(anrdaemon) gid=1000(anrdaemon) groups=1000(anrdaemon),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),114(lpadmin),118(sambashare),120(admin),512(domain admins),513(domain users)
>>> Practice >>> Theory
>> OK, I will accept your so called 'Practise' and raise you an actual
>> attempt to create a Unix user that already exists in AD:
>> root at dtest:~# getent passwd rowland
>> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
>> root at dtest:~# useradd -d /home/rowland -g domain_users -m -p xxxxxxxxxxx
>> rowland
>> useradd: user 'rowland' already exists
> You said "can't have", not "can't create".
> Creation of existing user will predictable fail.
>>>>>>>> The user tools are there, they are mostly on windows though.
>>>>>>> Can you list some of them?
>>>>>>> RSAT is not an option - the only Win7 Pro system at work is a render farm that
>>>>>>> have its own work to do, than to let me twitch the checkboxes in some
>>>>>>> overloaded GUI.
>>> So, what about tools?
>>> Do you really know any, or just throwing ideas to the wind?
>> If you were not such a know it all, I may have shared my tools with you,
>> but from the way you are talking, you can go whistle.
> You resorted to trolling? That's a new low.

Andrey, welcome to my email blacklist and goodbye


