[Samba] Changing default UID/GID beginning for AD
mathias dufresne
infractory at gmail.com
Tue Jun 14 08:50:14 UTC 2016
2016-06-13 18:27 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 13/06/16 13:13, mathias dufresne wrote:
>
>> I loved to find out how to achieve that.
>>
>> I did looked for information, all I found was that:
>>
>> https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS
>>
>> Unfortunately it seems to list all users (I don't know these MS commands
>> but "Get-AdUser -Filter"...) then sending that list to something to modify
>> received users list ("Set-AdObject -Replace
>> @{unixhomedirectory='/bin/sh','bin/bash'}" and
>> https://technet.microsoft.com/en-us/library/ee617215.aspx).
>>
>
> You could always use ldbmodify on the Samba4 DC and the attribute you need
> to change for the users login shell is 'loginShell' :-)
>
Yep, MS doc, the dude who wrote that made a mistake, he tried to help at
least.
>
>
>> I would have looked into AD schema and configuration DIT (or naming
>> context?) but first I did a grep on Samba's source tree looking for
>> "/bin/sh" string but that strnig seems to be used for running commands and
>> shebangs only, I could easily have missed something anyway.
>>
>
> Try reading
> /usr/local/samba/share/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
> Note: the path to your copy may vary.
>
I thought schemas were descriptions of attributes and classes, not places
to set values. As I could be wrong, I used grep to read that file:
cat `locate MS-AD_Schema_2K8_R2_Attributes.txt` | grep sh -w -> no answer,
"sh" (as word) is not present in that file.
There is still a chance it is written in configuration DIT but as the same
grep was done during the week-end on the whole Samba 4.4.4 source tree
without findind more relevant traces of "sh" word, I'm now suspecting the
client is the one managing that.
If I found time I'll have a look into that DIT...
>
> Rowland
>
>
>> A cheating method is to give that task (user creation) to another team or
>> to use LDIF to create user, but you already thought about these options I
>> expect : )
>>
>> Cheers,
>>
>> mathias
>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list