[Samba] Bulk add users and rfc2307 attributes questions

me at tdiehl.org me at tdiehl.org
Wed Aug 2 16:21:24 UTC 2017

Hi Rowland,

On Wed, 2 Aug 2017, Rowland Penny via samba wrote:

> On Tue, 1 Aug 2017 23:23:25 -0400 (EDT)
> Tom Diehl via samba <samba at lists.samba.org> wrote:
>> Hi,
>> I am currently testing a self compiled 4.7.0rc3 AD DC and a samba
>> member server acting as a file server. I have them configured to use
>> rfc2307 attributes so that the samba users can access the shares on
>> the member server. Everything seems to be working as expected.
>> The problem I am facing is I need to add about 150 users. Once the
>> initial load of users is added I want to use the rsat tools to manage
>> the users and shares.
>> I found an article @
>> https://wiki.samba.org/index.php/Adding_users_with_samba_tool that
>> says to add users using samba-tool. I think I want to  write a script
>> that does something like the following substituting variables where
>> appropriate:
>> # samba-tool user create --nis-domain SAMDOM --uid-number 10007 \
>> --gid-number 10000 --login-shell=/sbin/nologin --unix-home \
>> /home/samba/users/test_user3 --home-drive H: --home-directory \
>> '\\fs1\users\test_user3' test_user3
>> Testing shows that if I use samba-tool to add users, when I switch
>> back to using ADUC to manage users the default UID in the Unix
>> attributes tab of ADUC does not show the correct uid to use to
>> configure the next user. It would appear that if I set the correct
>> uid in the unix attributes tab when I configure a user in ADUC, that
>> it would then move on from there with the correct uid.
>> So my questions are:
>> 1. Are my assumptions above correct?
> Unfortunately, yes
>> 2. Is there a better way to do this? This just seems kludgy to me.
> not really, when you are doing this on an individual, it does seem
> kludgy, but, if you feed your script all the info, it will work as
> expected.
>> 3. Is there an automatic way to have samba-tool assign the correct
>> rfc-2307 uid?
> Probably only sat on my HD and this got rejected.

Sorry, I do not understand the above statement.

> What you are missing, is a couple of attributes 'msSFU30MaxUidNumber' &
> 'msSFU30MaxGidNumber' (note 'Max' is microsoft for 'next'). These
> should be in 'CN=<your lowercase domain
> name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=YOUR,DC=DNS,DC=DOMAIN'

So if I understand you, I would do something like:
ldbsearch -H /usr/local/samba/private/sam.ldb -b CN=samdom,CN=ypservers,CN=ypServ30,\
CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com | grep msSFU30MaxUidNumber
to get the next uid to use in the script. Is this correct?

What is the best/safest way to update msSFU30MaxUidNumber after I add a user?
I am thinking about Creating an ldif tmp file and then read that in with

Does this sound sane? Is there a better way?

Thanks for your help.


Tom			me at tdiehl.org		Spamtrap address	 		me123 at tdiehl.org

More information about the samba mailing list