[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

Jim Seymour jseymour at LinxNet.com
Sat Sep 12 20:18:11 UTC 2015

On Sat, 12 Sep 2015 17:59:54 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:

> OK, now you will need an ldif like this:
> dn: CN=Test User,CN=Users,DC=example,DC=com
> changetype: modify
> add: uid
> uid: user

Where you write "user" in your example, you mean "username," as
opposed to UID, correct?

> -
> add: msSFU30NisDomain
> msSFU30NisDomain: example # change this to your lowercase domain
> name

By "domain" ("example" in your example), do you mean the "Samba NT
Domain" (what shows up for "workgroup =" in smb.conf) or the domain
in which the AD DC resides, minus the TLD?  (e.g.: "example.com"
less the ".com" or "dc.example.com" less the ".com"?)  I *suspect*
you mean the "NT Domain" or workgroup name.
> -
> add: gidNumber
> gidNumber: 10000 # what ever gidNumber you gave to Domain Users

This is the number you earlier said most people set to 513 or 20513,
yes?  Is there a reason most people use one of those numbers?  Is
there a common/traditional Unix group name associated with whatever
that GID is?  (e.g.: "domusers," "ntusers" or the like?)

> -
> add: unixUserPassword
> unixUserPassword: ABCD!efgh12345$67890 # dummy unix password that
> ADUC gives to all Unix users

Is this a no-op field, or should (can) it have the Unix password, or
should it explicitly *not* have the Unix password or what?

[remainder: snip]

Thanks Again,
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the samba mailing list