[Samba] Add gidNumber for group
rpenny at samba.org
Fri Jun 19 18:55:53 UTC 2020
On 19/06/2020 19:31, Robert E. Wooden via samba wrote:
> On 6/19/2020 10:00 AM, Rowland penny via samba wrote:
>> The easiest way is to upgrade to 4.12.x and then use '_*samba-tool
>> group addunixattrs*_', otherwise you could use ldbedit or create an
>> ldif and use ldbmodify or ldapmodify. Another option would be to use
>> something like LAM.
> Sorry, but, there is what you told me to do in your first email reply.
> AND it does not matter to me, who did what.
> I have already _deleted the "unixattrs" group that had been created_.
> Now, on to this.
> When I do this:
> root at dc01:~# samba-tool group list
> Server Operators
> Distributed COM Users
> Group Policy Creator Owners
> Domain Computers
> Print Operators
> Cert Publishers
> Incoming Forest Trust Builders
> Event Log Readers
> Backup Operators
> Domain Admins
> Cryptographic Operators
> Windows Authorization Access Group
> Terminal Server License Servers
> RAS and IAS Servers
> Network Configuration Operators
> Allowed RODC Password Replication Group
> Remote Desktop Users
> Denied RODC Password Replication Group
> Enterprise Read-only Domain Controllers
> Performance Log Users
> Read-only Domain Controllers
> Enterprise Admins
> Account Operators
> Performance Monitor Users
> Domain Guests
> Domain Users
> Schema Admins
> Pre-Windows 2000 Compatible Access
> Certificate Service DCOM Access
> Domain Controllers
> I do not see a group "addunixattrs"?
> If I run your suggestion "/samba-tool group addunixattrs <groupnane>
> <next_available_gidNumber>/" how do I determine the
> "<next_available_gidNumber>" or is that "next number" found by your
> command suggestion?
> Clearly, the "groupname" is 'Domain Users'.
> Finding the "next gidNumber" becomes the next question?
> Bob Wooden
All of this would have been a lot easier if I could have added the code
to obtain the next available u/gidNumber ;-)
Oh well, it isn't there, so you have to add it manually, you need to
find the next available gidNumber and use that, if Domain Users does not
have a gidNumber, you probably do not have any yet, so you can use
whatever number you like, but I would recommend using the Number that
ADUC started from: '10000'
If you do have any gidNumbers in AD, you can find the highest with this
ldbsearch -H /var/lib/samba/private/sam.ldb '(gidNumber=*)' | grep
'gidNumber:' | sed 's/gidNumber: //' | sort | tail -n1
Add 1 to the output and use that.
More information about the samba