[Samba] Bulk add users and rfc2307 attributes questions

Rowland Penny rpenny at samba.org
Wed Aug 2 06:52:05 UTC 2017 

On Tue, 1 Aug 2017 23:23:25 -0400 (EDT)
Tom Diehl via samba <samba at lists.samba.org> wrote:

> Hi,
> 
> I am currently testing a self compiled 4.7.0rc3 AD DC and a samba
> member server acting as a file server. I have them configured to use
> rfc2307 attributes so that the samba users can access the shares on
> the member server. Everything seems to be working as expected.
> 
> The problem I am facing is I need to add about 150 users. Once the
> initial load of users is added I want to use the rsat tools to manage
> the users and shares.
> 
> I found an article @
> https://wiki.samba.org/index.php/Adding_users_with_samba_tool that
> says to add users using samba-tool. I think I want to  write a script
> that does something like the following substituting variables where
> appropriate:
> 
> # samba-tool user create --nis-domain SAMDOM --uid-number 10007 \
> --gid-number 10000 --login-shell=/sbin/nologin --unix-home \
> /home/samba/users/test_user3 --home-drive H: --home-directory \
> '\\fs1\users\test_user3' test_user3
> 
> Testing shows that if I use samba-tool to add users, when I switch
> back to using ADUC to manage users the default UID in the Unix
> attributes tab of ADUC does not show the correct uid to use to
> configure the next user. It would appear that if I set the correct
> uid in the unix attributes tab when I configure a user in ADUC, that
> it would then move on from there with the correct uid.
> 
> So my questions are:
> 
> 1. Are my assumptions above correct?

Unfortunately, yes

> 
> 2. Is there a better way to do this? This just seems kludgy to me.

not really, when you are doing this on an individual, it does seem
kludgy, but, if you feed your script all the info, it will work as
expected.
  
> 
> 3. Is there an automatic way to have samba-tool assign the correct
> rfc-2307 uid?

Probably only sat on my HD and this got rejected.

What you are missing, is a couple of attributes 'msSFU30MaxUidNumber' &
'msSFU30MaxGidNumber' (note 'Max' is microsoft for 'next'). These
should be in 'CN=<your lowercase domain
name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=YOUR,DC=DNS,DC=DOMAIN'

Rowland

More information about the samba mailing list