[Samba] Unix attributes

Rowland Penny rpenny at samba.org
Sun Mar 25 13:41:33 UTC 2018

On Sun, 25 Mar 2018 14:59:47 +0200
Rene Schmidt via samba <samba at lists.samba.org> wrote:

> Hello, 
> I have just started to experiment with Samba4 as an AD. 
> All together I have 3 sambas DCs in 3 locations. 
> In my SMB. CONF stands the following entry: idmap_ldb:use rfc2307 =
> yes 
> If I provide new users or groups, I do this about RSAT of a Windows
> Server 2008 R2. This Windows Server is only normal Domainmember. 
> I have problems with the care of the Unix attributes: 
> - If I put in a new user, I must still select by hand the NIS-Domain
> and the Default group as well as the Shell placed. Can be fixed
> there, e. g. , default or let itself steer this in such a way which
> takes here the normal primary group? 

This is how RSAT works.

> - The bigger problem is the care of the groups. If I change
> memberships of a group, I must do always in the tab members and in
> the tab Unix Attributes. 

Again this is how RSAT works

> If one maintains not by hand, there is a difference between the
> attributes "member" and "memberUid". If this is normal or what one
> can do against it, so that this is automatically comaintained. 

This is not really a problem, windows does not use the 'memberUid'
attribute and you don't need it on a properly set up Unix domain member.

Using RSAT has its benefits, but I think you will find it easier to use
samba-tool to create users & groups and maintain group membership etc.

You can write scripts around the various samba-tool subcommands (run
'samba-tool --help' to find these). There is also the possibility of
using a couple of attributes to store the next UID & GID (you would need
to create these) and your scripts could then use them.


More information about the samba mailing list