[Samba] Using samba-tool to modify group?
Rowland Penny
rpenny at samba.org
Mon Nov 21 11:09:22 UTC 2016
On Mon, 21 Nov 2016 10:57:03 +0000
Brian Candler via samba <samba at lists.samba.org> wrote:
> Sorry if I am being dense here.
>
> I want to add a gidNumber attribute to the existing group "Domain
> Users". Is this possible using samba-tool? If not, what's the
> recommended way - using ldapmodify?
>
> I can see that "samba-tool group add" supports a --gid-number flag,
> but as this is an important system group I don't want to delete and
> recreate it just to add this attribute.
>
> Thanks,
>
> Brian.
>
>
Quickest and easiest way for just one attribute, use 'ldbedit'.
run it on a Samba DC:
ldbedit -e nano -H /usr/local/samba/private/sam.ldb
You can either replace 'nano' with your favourite editor or even leave
it out, in which case it will use 'vi'
You will possibly also have to change the path to 'sam.ldb'
Once you have AD open in the editor, search for 'CN=Domain Users', then
add 'gidNumber: <whatever number you want>' somewhere in the Domain
Users object, close and save.
Or you could use 'ldbmodify', but this will entail creating an ldif and
feeding this to 'ldbmodify'
Rowland
More information about the samba
mailing list