[Samba] Changing default UID/GID beginning for AD

mathias dufresne infractory at gmail.com
Mon Jun 13 12:13:05 UTC 2016 

I loved to find out how to achieve that.

I did looked for information, all I found was that:
https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS

Unfortunately it seems to list all users (I don't know these MS commands
but "Get-AdUser -Filter"...) then sending that list to something to modify
received users list ("Set-AdObject -Replace
@{unixhomedirectory='/bin/sh','bin/bash'}" and
https://technet.microsoft.com/en-us/library/ee617215.aspx).

I would have looked into AD schema and configuration DIT (or naming
context?) but first I did a grep on Samba's source tree looking for
"/bin/sh" string but that strnig seems to be used for running commands and
shebangs only, I could easily have missed something anyway.

A cheating method is to give that task (user creation) to another team or
to use LDIF to create user, but you already thought about these options I
expect : )

Cheers,

mathias

2016-06-13 9:22 GMT+02:00 Daniel Thielking <
daniel.thielking at ias.rwth-aachen.de>:

> That already works and we use RFC2307. We also create user account with
> ADUC. But every time we create a user with ADUC we have to change the
> attribute /bin/sh to /bin/tcsh because /bin/sh seems to be the default
> value for this attribute.  I want to know how to change this default value
> to /bin/tcsh so that we don't need to change it every time when we create
> new users via ADUC.
>
>
> On 13/06/16 09:07, Rowland penny wrote:
>
>> On 13/06/16 07:27, Daniel Thielking wrote:
>>
>>> Yes of course. We use Samba4 ADDC with winbind to get unix attributes
>>> from the DC to the clients. But every time we creating a new member in the
>>> AD we have to change the default shell what is /bin/sh to /bin/tcsh. So we
>>> want to change the default value of the field in the AD that we don't have
>>> to change it every time.
>>>
>>> The users logging in on a unix domain member. No login on DC themselves.
>>>
>>> Samba Version is 4.4.4 compiled from source no extra options chosen.
>>>
>>>
>>>
>>>
>> OK, if you are logging into a domain member, then you need to use RFC2307
>> attributes, see here:
>>
>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>>
>> I take it you are creating the users with ADUC, if you use samba-tool on
>> the DC, you can add the required attributes when you create a new user,
>> type 'samba-tool user create --help' in a terminal on the DC for more info.
>>
>> Rowland
>>
>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list