[Samba] User and Group management
Robert Moskowitz
rgm at htt-consult.com
Tue Sep 8 12:49:12 UTC 2015
On 09/08/2015 03:01 AM, Rowland Penny wrote:
> On 07/09/15 22:07, Robert Moskowitz wrote:
>> Right now, RSAT seems not to be an option for me, as the only Win
>> systems here are XP...
>>
>> None of my PDC users were brought over with classicupdate. Perhaps
>> becuase my users are LINUX user accounts? And the home directories
>> map to /home/user ?
>
> Not having seen your old setup, but if you had a PDC, the users &
> groups should have been created in AD by classicupgrade, it is the
> only reason for the upgrade tool existing.
Well they are not there.
# wbinfo -u
administrator
dns-homebase
dhcpduser
krbtgt
guest
The two 'main' users of the PDC are: abba, imma
>
>>
>> So I would think I need to start adding users and put them into
>> groups. How?
>
> By using the RSAT tools from windows, or by using samba-tool etc
I did a google search and seems RSAT is available for XP:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/bbf2fb6d-24ac-4436-b5cc-20d1009552c9/rsat-on-windows-xp-client?forum=winservergen
>
>> Then there is:
>>
>> chgrp „Domain Users“ /srv/samba/profiles
>>
>> and I don't see „Domain Users“ defined.
>>
>
> If you have an AD DC, you have "Domain Users", try this:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb
> '(&(objectclass=group)(samaccountname=Domain Users))'
First I was wondering about the different quoting method than what you
commonly see in commands. Wondering if it was done this way to indicate
something was to replace this content.
# record 1
dn: CN=Domain Users,CN=Users,DC=home,DC=htt
objectClass: top
objectClass: group
cn: Domain Users
description: All domain users
instanceType: 4
whenCreated: 20150904135233.0Z
whenChanged: 20150904135233.0Z
uSNCreated: 3541
uSNChanged: 3541
name: Domain Users
objectGUID: 40cff32a-a6f2-4610-835a-71ce69706097
objectSid: S-1-5-21-4240919292-2417995422-4236335894-513
sAMAccountName: Domain Users
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=home,DC=htt
isCriticalSystemObject: TRUE
memberOf: CN=Users,CN=Builtin,DC=home,DC=htt
distinguishedName: CN=Domain Users,CN=Users,DC=home,DC=htt
# Referral
ref: ldap://home.htt/CN=Configuration,DC=home,DC=htt
# Referral
ref: ldap://home.htt/DC=DomainDnsZones,DC=home,DC=htt
# Referral
ref: ldap://home.htt/DC=ForestDnsZones,DC=home,DC=htt
# returned 4 records
# 1 entries
# 3 referrals
>
>> Finally, as this is an AD, not a PDC, I am assuming I need to use
>> 'ADUC' to enable roaming profiles for selected users (that got added
>> how, see above). Is ADUC available on XP? I may have to break down
>> and buy a 'cheap' used notebook on ebay with Win7 OEM preloaded...
>
> Yes, you can use ADUC on XP, download it from here:
>
> http://www.microsoft.com/en-us/download/details.aspx?id=16770
thanks.
>
> But, you can do most of what ADUC does with samba-tool.
Trying to learn all I can do with samba-tool and not use MS tools.
Now here is my original smb.conf, perhaps it will provide a clue what
happened to my users not being imported by classicupgrade:
[global]
# General
netbios name = HOMEBASE
workgroup = HOME
server string = home
security = user
# Logging
syslog = 0
log level = 1
log file = /var/log/samba/%L-%m
max log size = 0
utmp = Yes
# Network
bind interfaces only = No
interfaces = lo eth0
smb ports = 139
# Printing
printcap name = /etc/printcap
load printers = Yes
# Security settings
guest account = guest
#restrict anonymous = 2
# WINS
wins support = Yes
wins server =
# PDC/BDC
domain logons = Yes
add machine script = /usr/sbin/samba-add-machine "%u"
logon drive = H:
logon script = %U.cmd
logon path = \\%L\profiles\%U
logon home = \\%L\%U
# Winbind
idmap config * : backend = ldap
idmap config * : range = 20000000-29999999
winbind enum users = Yes
winbind enum groups = Yes
winbind offline logon = false
winbind use default domain = true
winbind separator = +
template homedir = /home/%U
template shell = /sbin/nologin
# Other
preferred master = Yes
domain master = Yes
passwd program = /usr/sbin/userpasswd %u
passwd chat = *password:* %n\n *password:* %n\n *successfully.*
passwd chat timeout = 10
username map = /etc/samba/smbusers
wide links = No
# LDAP settings
include = /etc/samba/smb.ldap.conf
# Winbind LDAP settings
include = /etc/samba/smb.winbind.conf
#============================ Share Definitions
==============================
# Flexshare
include = /etc/samba/flexshare.conf
And the above include just lists all the shares.
More information about the samba
mailing list