[Samba] How to set unix properties from command line

Rowland penny rpenny at samba.org
Mon Dec 7 10:24:14 UTC 2015

On 07/12/15 10:15, Nico De Ranter wrote:
> On Fri, Dec 4, 2015 at 1:48 PM, Rowland penny <rpenny at samba.org 
> <mailto:rpenny at samba.org>> wrote:
>     On 04/12/15 11:52, Nico De Ranter wrote:
>         Samba version: 4.1.17
>         I want to use a Samba AD controller to manage access to both
>         my Windows and
>         Linux boxes.  I managed to import my old Samba users using
>         pdbedit however
>         as I want to use the new Samba AD controller to manage access
>         to the Linux
>         workstations too I want to configure Unix properties on all my
>         accounts.
>         Unfortunately I cannot find any command-line tool on Linux
>         that will allow
>         me to easily fill in these properties. I looked at samba-tool
>         and pdbedit
>         but they seem to be able to change only basic settings.  I
>         know I can do it
>         through RSAT but I don't want to have to start a Windows vm
>         just to manage
>         my users.
>         How can I manage Unix properties for my Samba AD users from the
>         command-line in Linux?
>         Thanks in advance,
>         Nico
>     well, if my patches ever get accepted, you will be able to do with
>     samba-tool what the Unix attributes tab on ADUC does. Until then,
>     you will have to resort to using a script to do this.
>     If your old setup was an NT4-style domain, you could have used the
>     classic-upgrade, this would have imported all of your old users &
>     groups along with all their RFC2307 attributes.
> I tried doing a classic-upgrade the upgrade process always crashes 
> without clearly specifying why. Therefor I reverted to using pdbedit 
> which appeared to be working fine, but now I noticed the export step 
> skipped a number of users ("build_sam_pass: Failing attempt to store 
> user with non-uid based user RID")

Have you checked the failed users, do they have uidNumber attributes and 
if so, do they contain numbers?

> unfortunately pdbedit doesn't seem to keep the user id's (or at least 
> it is not filling in the id's in the unix attributes)

pdbedit doesn't work on the info stored in ldap, it works on a Samba tdb 
file and as such it may not have the info available.

Depending on how many users, groups and computers you have, it may be 
easier to just start again and create a new AD domain and import your 
users etc from a csv file or similar.



More information about the samba mailing list