[Samba] samba 4 ad member - idmap = ad for machine accounts [SOLVED]
Rowland Penny
rpenny at samba.org
Tue Nov 21 19:15:39 UTC 2017
On Tue, 21 Nov 2017 11:42:52 -0700 (MST)
tomict via samba <samba at lists.samba.org> wrote:
> Samba - General mailing list wrote
> > Do you need to manually set up a password for the machine account
> > PC050$ ?
>
> Manually is relative :-) I scripted the bunch of PC's by first
> finding out at which uidNumber I could start counting and then put
> everything (PC and uid Numbers) in a loop. You could use ldbmodify,
> but since it was a small edit and not much PC's I used ldbedit like
> this:
>
> ldbedit starts your editor and lets you edit a temporary ldif file
> which is fed back into the database when you are done editing.
> Instead of an interactive editor, here I use the streaming editor
> (sed) to insert a line at position 10 (arbitrary, the ldif is much
> longer in this search) with the contents "uidNumber: <number>". This
> is an ugly hack. Be careful/very sure that the computers do not have
> a uidNumber before you do this.
If you are using Samba 4.7.x, you could probably user 'samba-tool user
edit' to automate this.
The test for this command uses sed to change an attribute, so it
should be easy to create your own editor to add an attribute.
>
> I don't know where you can hook in to the samba computer account
> creation process to automatically insert a uidNumber.
If you use samba-tool to create users, this can add uidNumbers for you,
I know it says 'If --nis-domain is set, then the other four parameters
are mandatory.', what it doesn't say is if you don't add
'--nis-domain', you can add '--uid-number' all by itself.
Rowland
More information about the samba
mailing list