[Samba] W7 client cannot adjust file permissions via ADUC

Bob of Donelson Trophy bob at donelsontrophy.net
Fri Jan 30 15:25:37 MST 2015 

 

Rowland, 

You forget, mailing list strips the attachments. Besides, I'm some what
leery of getting up in "rc4" territory. Grated I am anxious for 4.2.0
but, not until it's ready. 

Regarding my problems. Just looking for "simple, oh it works." And yes,
it should be easier. But I understand that anything can have issues. 

So, I have an idea. PM me directly. (Family coming in in a little bit,
so I may not answer until tomorrow.) 

---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-01-30 15:52, Rowland Penny wrote: 

> On 30/01/15 21:19, Bob of Donelson Trophy wrote:
> Both DC1 and member server return nothing on 'getent passwd Administrator' I have no other users other than 'root' and 'Administrator' on all three (DC1, DC2 & member.) My plan was to get file permissions (aka profiles) working and add some test users. How do I add test users via linux side? (I'm with you, get linux side working first.) --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] [1 [1]] "Everyone deserves an award!!" On 2015-01-30 15:12, Rowland Penny wrote: On 30/01/15 20:48, Bob of Donelson Trophy wrote: Okay, added 'gidNumber: 10000' to the domain users group on DC1. (Was within my range 500-40000.) getnet passwd [user] returns nothing on DC1. W7 client still a "no". And now? Have you tried getent on the member server ? Lets forget W7 for the moment, get the Unix side working and then go to W7. If I run getent on the DC I get this: root at dc01:~# getent passwd rowland EXAMPLErowland:*:10000:10000:Rowland
Penny:/home/HOME/rowland:/bin/bash So lets check a few files: /etc/resolv.conf should point to itself, I use search example.com nameserver 127.0.0.1 /etc/krb5.conf should contain this: [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true /etc/nsswitch.conf should have these two lines set like this: passwd: compat winbind group: compat winbind Finally can you run: pam-auth-update I have these enabled. Kerberos authentication Unix authentication Winbind NT/Active Directory authentication GNOME Keyring Daemon - Login keyring management ConsoleKit Session Management Inheritable Capabilities Management Rowland
 Links: ------ [1] http://www.donelsontrophy.com [1] 

OK, you do it with samba-tool on the DC:

if you run samba-tool user add --help, you will get a list of the
available options, trouble is, you need samba-tool from 4.2rc4 and you
need to patch this with Marc's patches to get all the Unix attributes

So, I have attached the required files:

samdb.py
user.py
addunixuser

The first two go here:
/usr/share/pyshared/samba/samdb.py
/usr/share/pyshared/samba/netcmd/user.py

the last is a bash script I wrote myself, put this in /usr/sbin/
Make it executable: chmod 0755 /usr/sbin/addunixuser

Run it :
addunixuser

it will print the usage instructions :-)

I am (over the weekend) going to set up a couple of VM's and install a
DC and a member server using Louis's scripts, your problems are
beginning to bug me (no disrespect to yourself) it should be easier than
this :-D

Rowland
Rowland

 

Links:
------
[1] http://www.donelsontrophy.com

More information about the samba mailing list