[Samba] ldbedit: no matching records - cannot edit (newly-created user)
Rowland Penny
rowlandpenny241155 at gmail.com
Fri Sep 11 15:26:16 UTC 2015
On 11/09/15 15:48, Jim Seymour wrote:
> On Thu, 10 Sep 2015 15:44:01 -0500 (CDT)
> Sketch <smblist at rednsx.org> wrote:
>
> [snip]
>> ... it's best to keep LDAP user ids assigned to a higher range
>> which will never conflict with local users, so I would consider this
>> a positive "limitation", and might even consider lowering UID_MAX if
>> i had pre-existing domain UIDs inside this range.
> TBH: I find this kind of view, similar to others I see posted, here,
> kind of astonishing. Perhaps it goes a long way to explaining just
> why Samba4 is, essentially, so "Unix-hostile."
>
> I guess few? none? of you are operating in a heterogeneous environment,
> where there is a mix of Unix, Linux and MS-Win users. Ours is. And
> some of those users use both MS-Win *and* Linux. One or two use Sun
> Sparc Solaris, one-or-another flavour Linux (mostly Mint or Ubuntu,
> these days) *and* MS-Win.
>
> It may seem odd, to some of you, but when my multi-platform users log on
> to MS-Win or *nix: They expect to see their files and directories,
> regardless of which platform they're using. They don't expect to see
> their "Windows stuff" in one place and their "Unix stuff" in another.
>
> So, yes, the UIDs/GIDs have to be *nix user UIDs and GIDs.
>
> No offense intended, to you, anybody else on this mailing list or the
> Samba4 devs: But if we wanted separate MS-Win and *nix environments we
> could just go out and buy a MS-Win server and run AD from that. Would
> certainly save *me* a lot of trouble.
>
> Regards,
> Jim
If you want to use samba4 in AD mode, well, you need to use it as if it
was a windows AD DC, but you don't have to use samba4 as an AD DC,
samba4 will do everything that samba3 can as well.
If you already have samba3 running as an NT4-style domain, you could try
using the 'classicupgrade' method, this should setup everything for you,
but of course you should try this out first in a test network.
See here for info on the classicupgrade:
https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_domain_to_a_Samba_AD_domain_%28classic_upgrade%29
If you have to start again with a new AD domain, you could export your
users & groups info from your old setup, but there is one big thing you
will need to get your head around, out of the box, a brand new AD domain
knows little about Unix, you need to tell it about it. Luckily, samba4
comes with all the required attributes, samba-tool can create a user
just like windows does, it can also create a user with the required Unix
attributes.
If you are prepared to work with a samba4 AD domain, it can do
everything that you want, without having to pay out for windows CALs
If you want further info, send me a private email and lets discuss your
problems.
Rowland
More information about the samba
mailing list