[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))
Jim Seymour
jseymour at LinxNet.com
Mon Sep 14 16:32:27 UTC 2015
On Sun, 13 Sep 2015 18:33:33 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
> On 13/09/15 17:41, Jim Seymour wrote:
> > On Sat, 12 Sep 2015 17:59:54 +0100
> > Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
> >
> > [snip]
> >> To add the unix attributes to a user with the samaccountname of
> >> user, you will need to find the users 'dn'
> >>
> >> ldbsearch -H /var/lib/samba/private/sam.ldb '(samaccountname=user)'
> >> | grep 'dn'
> >>
> >> dn: CN=Test User,CN=Users,DC=example,DC=com
> >>
> >> OK, now you will need an ldif like this:
> >>
> > [snip]
> >> -
> >> add: gidNumber
> >> gidNumber: 10000 # what ever gidNumber you gave to Domain Users
> >> -
> > [snip]
> >
> > Based on later comments, this would more accurately be:
> > -
> > add: gidNumber
> > gidNumber: 10000 # whatever Unix GID you gave to "Domain Users"
> > # Actually: Can be whatever you want, but
> > don't # change the primaryGroupID from the "Domain
> > # Users" gid or Things Will Break
> > -
> >
> > Correct?
> >
> > Regards,
> > Jim
>
> Yes, I set the users gidNumber to be the gidNumber of Domain Users,
> but it could easily be the gidNumber of another group, just make sure
> the group exists and contains the gidNumber you use.
Setting gidNumber in the user's entry seems to have no effect:
The user:
dn: CN=someuser,CN=Users,DC=ad,DC=example,DC=com
objectClass: user
...
gidNumber: 120
...
The group:
dn: CN=users2,CN=Users,DC=ad,DC=example,DC=com
objectClass: group
cn: users2
name: users2
sAMAccountName: users2
gidNumber: 120
$ getent group users2
EXAMPLE\users2:*:120:
$ getent passwd someuser
EXAMPLE\someuser:*:6001:513::/home/%U:/bin/false
And, indeed, things created by the user end up group 513.
Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
More information about the samba
mailing list