[Samba] W7 client cannot adjust file permissions via ADUC

Rowland Penny rowlandpenny at googlemail.com
Fri Jan 30 14:52:13 MST 2015


On 30/01/15 21:19, Bob of Donelson Trophy wrote:
>   
>
> Both DC1 and member server return nothing on 'getent passwd
> Administrator'
>
> I have no other users other than 'root' and 'Administrator' on all three
> (DC1, DC2 & member.)
>
> My plan was to get file permissions (aka profiles) working and add some
> test users.
>
> How do I add test users via linux side? (I'm with you, get linux side
> working first.)
>
> ---
>
> -------------------------
>
> Bob Wooden of Donelson Trophy
>
> 615.885.2846 (main)
> www.donelsontrophy.com [1]
>
> "Everyone deserves an award!!"
>
> On 2015-01-30 15:12, Rowland Penny wrote:
>
>> On 30/01/15 20:48, Bob of Donelson Trophy wrote:
>>
>>> Okay, added 'gidNumber: 10000' to the domain users group on DC1. (Was within my range 500-40000.) getnet passwd [user] returns nothing on DC1. W7 client still a "no". And now?
>> Have you tried getent on the member server ?
>>
>> Lets forget W7 for the moment, get the Unix side working and then go to W7.
>>
>> If I run getent on the DC I get this:
>>
>> root at dc01:~# getent passwd rowland
>> EXAMPLErowland:*:10000:10000:Rowland Penny:/home/HOME/rowland:/bin/bash
>>
>> So lets check a few files:
>>
>> /etc/resolv.conf should point to itself, I use
>>
>> search example.com
>> nameserver 127.0.0.1
>>
>> /etc/krb5.conf should contain this:
>>
>> [libdefaults]
>> default_realm = EXAMPLE.COM
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> /etc/nsswitch.conf
>>
>> should have these two lines set like this:
>>
>> passwd: compat winbind
>> group: compat winbind
>>
>> Finally can you run:
>>
>> pam-auth-update
>>
>> I have these enabled.
>>
>> Kerberos authentication
>> Unix authentication
>> Winbind NT/Active Directory authentication
>> GNOME Keyring Daemon - Login keyring management
>> ConsoleKit Session Management
>> Inheritable Capabilities Management
>>
>> Rowland
>   
>
> Links:
> ------
> [1] http://www.donelsontrophy.com

OK, you do it with samba-tool on the DC:

if you run samba-tool user add --help, you will get a list of the 
available options, trouble is, you need samba-tool from 4.2rc4 and you 
need to patch this with Marc's patches to get all the Unix attributes

So, I have attached the required files:

samdb.py
user.py
addunixuser

The first two go here:
/usr/share/pyshared/samba/samdb.py
/usr/share/pyshared/samba/netcmd/user.py

the last is a bash script I wrote myself, put this in /usr/sbin/
Make it executable: chmod 0755 /usr/sbin/addunixuser

Run it :
addunixuser

it will print the usage instructions :-)

I am (over the weekend) going to set up a couple of VM's and install a 
DC and a member server using Louis's scripts, your problems are 
beginning to bug me (no disrespect to yourself) it should be easier than 
this :-D

Rowland
Rowland


More information about the samba mailing list