[Samba] How to provision many users with unix Attributes without RSAT
Rowland Penny
rowlandpenny at googlemail.com
Fri Jan 23 02:37:40 MST 2015
On 23/01/15 08:36, Luis Sanchez wrote:
> Hi,
>
> I would like to provision a huge number of users to a Samba AD/DC and I
> would like to have the unix attributes set too. I don't want to use the
> RSAT GUI and manually set each.
>
> Is there any tool or script I can use to get that?
>
> I have identified some attributes in the AD that are added when I set unix
> attributes with RSAT GUI. However there must be more changes...
>
>
> These are the attributes:
>
> msSFU30Name:
> msSFU30NisDomain:
> loginShell:
> gidNumber:
> uid:
> uidNumber:
> unixHomeDirectory:
> unixUserPassword::
>
> I don't know how the unixUserPassword is obtained.
>
> The uid and uidNumber must be unique afaik, but there must be a last used
> uid or something... If I add the unix attributes manually without the RSAT
> GUI (the uid is the next free one) when I run the RSAT GUI on another user
> it chooses a uid already used.
>
>
>
> Thank you!
>
> Best regards.
You can do this with ldbmodify by writing your own script.
I also think that you are getting a bit mixed up over 'uid' &
'uidNumber'. The 'uid' attribute should contain what is in
'sAMAccountName' and uidNumber is a unique number to identify the user
on Unix.
'unixUserPassword' will for the present contain 'ABCD!efgh12345$67890',
this is the default if unix password sync is not enabled and at present
you cannot enable it on a Samba AD DC.
You also need to know about a couple more attributes
'msSFU30MaxUidNumber' & 'msSFU30MaxGidNumber', these attributes hold the
next available 'uidNumber' & 'gidNumber' and both start from '10000' if
you use ADUC. These attributes do not exist as standard and will need to
be created, they need to be added to
'CN=<workgroup>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=example,DC=com'
Rowland
More information about the samba
mailing list