[Samba] user works on DC, not on DM
Rowland Penny
rpenny at samba.org
Fri Sep 1 08:02:19 UTC 2017
On Fri, 1 Sep 2017 09:35:50 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 2017-09-01 um 09:17 schrieb Rowland Penny via samba:
>
> >> The user can login to the domain, it only can't connect to a share
> >> on the DM (group membership is OK, we only filter for "Domain
> >> Users", and the GPOs are applied).
> >
> > Have you given the user a 'uidNumber' attribute containing a unique
> > number inside 10000-9999999 ? and have you given Domain Users a
> > gidNumber attribute containing a number inside the same range (I
> > don't think you have, or it wouldn't be '100' above)
>
> We expected that creating the user via RSAT would be enough.
> But now as I read this I remember a similar thread from back then.
>
> How to add that uidNumber in the easiest way?
> I would like to be able to let the local admin do that ...
>
> can't remember the steps anymore, something with LDAP, I assume?
>
> thx
>
>
It all depends on what version of Windows you are running RSAT on, If
you are using a version before Win10, you can add the Unix attributes
tab and set the uidNumber there. Windows 10 doesn't have the Unix
attributes tab, it has been removed, so you would have to use the
attribute editor.
If you want to do this on the Samba DC, then you can create new users
with the required rfc2307 attributes using 'samba-tool user create'.
If you want to add rfc2307 attributes, then you will have to write your
own scripts, there are no Samba tools to do this.
Rowland
More information about the samba
mailing list