[Samba] ldbedit: no matching records - cannot edit (newly-created user)
Rowland Penny
rowlandpenny241155 at gmail.com
Thu Sep 10 19:30:17 UTC 2015
On 10/09/15 20:06, Jim Seymour wrote:
> On Thu, 10 Sep 2015 18:55:08 +0100
> Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
>
> [snip]
>> Yes, after I engaged my brain, idmap.ldb contains the mappings of
>> Domain users & groups to Unix users & groups and they only get into
>> idmap.ldb after samba (on the DC) first pulls the users info from AD,
>> it only does this when the user or group first contacts the AD DC
>> i.e. the user logs in.
> Ho-ly smokes, what an incredibly clunky thing this Samba4 thing is.
> It's as if the developers set out how to create MS-Win domain support
> in a way that is as decoupled from, and as hostile to, *nix as they
> possibly could.
Yes, it works just like a windows AD DC :-)
> And the docs... lead one all over hell's half acre... pointlessly, it
> turns out, because much of what the docs say to do simply does not work.
The 'docs' as you call them are being re-written and aren't so much
wrong as disorganised, but as I say, they are being re-written.
>
> (I'm trying to get roaming profiles going while waiting for answers to
> this thread. They don't work, either.)
Roaming profiles do work and I am sure others will back up this statement.
>
>> I think you are going to have to rethink this, the users (or groups)
>> RID will always be unique in the domain, so you could use this to
>> create a uidNumber or gidNumber and add this to the user (or group)
>> object.
> Are you suggesting that, for the existing users with hundreds or even
> thousands of files on a server with about 1TB of storage, I need to
> change all their UIDs and GIDs, and all the user and group ownerships
> for all their network storage files and directories, to suit this thing?
This 'thing' as you call it, is a clone of a windows AD DC and as such,
works just like one.
If you have existing users and groups, you can user their existing
UID/GID numbers in AD, investigate the 'uidNumber' & 'gidNumber'
attributes in AD.
>
> A UID number of "3000024" is *way* outside the UID_MAX value for an
> out-of-the-box Linux system. (Ubuntu 14.04 LTS is 60000.)
Actually it is a 16bit number, so I suppose it will 65536, it must be
because 'nobody' is 65534 on debian.
>
> Yeah, you're right: I'm going to have to re-think this. My boss
> suggested, in the IT meeting this morning, that this isn't going to be
> worth the trouble. I disagreed. Now I'm not so sure. Every step I
> take is riddled with incorrect and misleading documentation, and people
> telling me "You shouldn't/can't do it that way."
All I can say is that it works if it is set up correctly, most of the
time when admins have problems with a samba4, it is usually because the
admin is trying to 'bend' it do something it isn't capable of.
>
> Thanks for your attempt to help, tho. It truly *is* appreciated. I'm
> going to walk away from this for the remainder of the day, take care of
> a bunch of piddly little annoying admin stuff that's been held in
> abeyance while I tackled this project, and decide in the morning. I
> rarely give up, but this is looking like throwing good time after bad.
>
> And, yes, to those who might rightfully take offence to my complaining
> about the quality of something I'm getting for free: It's all (or
> mostly, anyway) volunteers doing it out of the goodness of their
> hearts. Believe me: I know. BTDT GTTS to prove it. But still...
It may help us to help you if you explained just what you need to do.
Rowland
>
> Regards,
> Jim
More information about the samba
mailing list