[Samba] userou= question

Robert Wooden wdn2420systm at gmail.com
Sun Oct 11 14:14:03 UTC 2020 

Okay great.

First I ran:

> root at dc1:~# samba-tool user create seth28 *pas$w0rd*  --given-name=Seth
> --initials=28 --surname=Samba
> --userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName' --uid-number=19000
> --gid-number=10000 --profile-path=\\\\mbr04.subdom.example.com\\profiles\\seth28
> --home-drive=M: --home-directory=\\\\mbr04.subdom.example.com\\users\\seth28
> --company="Donelson Trophy" --job-title="Training Doegee"
> --description="user created by Samba-tool" --telephone-number=555.555.1295
> ERROR(ldb): Failed to add user 'seth28':  - 0000052D: Constraint violation
> - check_password_restrictions: the password is too short. *It should be
> equal or longer than 7 characters!*
>

Then I switched to your generic password:

> root at dc1:~# samba-tool user create seth28 *P4ssw0rd** --given-name=Seth
> --initials=28 --surname=Samba
> --userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName' --uid-number=19000
> --gid-number=10000 --profile-path=\\\\mbr04.subdom.example.com\\profiles\\seth28
> --home-drive=M: --home-directory=\\\\mbr04.subdom.example.com\\users\\seth28
> --company="Donelson Trophy" --job-title="Training Doegee"
> --description="user created by Samba-tool" --telephone-number=555.555.1295
> User 'seth28' created successfully
>

All this time my eight character password (pas$w0rd) was not liked by
Samba. It likes your password though.

As always, you're the best!! THANKS. (Especially thanks for being available
on the weekends.)

On Sun, Oct 11, 2020 at 8:25 AM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 11/10/2020 13:59, Robert Wooden wrote:
> > Yes, thank you for the guidance.
> >
> > Regarding "/You do not put the users password here (if that is what
> > you are trying to do): --password=PASSWORD1/"
> >
> > My experience has been this, no matter where I put "--password=" in
> > the string, after the "user" as the manpage suggests or the end. When
> > I run the create string I am asked for a "New Password:' and then
> > "Retype Password:". Which is fine by me, I want a different password
> > for the test users anyway. Hence, in  testing I just left the
> > --password at the end of the string because it did not seem to matter,
> > Samba still asked to enter New and Retype New.
>
> Lets say you want to create a user called fred, with the password
> 'fredspassword', you would do this:
>
> samba-tool user create fred fredspassword
>
> The '--password=' is for authentication when creating the user, not the
> users passwords.
>
> >
> > Regarding "/--home-drive=M: (note the ':' at the end)/" thanks, it
> > makes sense to add the colon. But, I will comment that on the W10 side
> > the "M" by itself is working fine.
> Without the ':', it has never worked for myself.
> >
> > Finally regarding the userou=. At this point I have a very simple,
> > _almost default_ ou structure. I have added only a "CompanyName OU"
> > and two (2) subOU's of the "CompanyName OU", they are
> > "DmnMmbrs-folder-redirection" and "DmnMmbrUsers". Only
> > "DmnMmbrs-folder-redirection" have any GPO's applied to it.
> >
> > I have tried the same order of OU's you suggest (yes, with the single
> > quotation marks and no spaces in the OU's) and as well have reversed
> > the order of the OU's. Both sequences failed, as my previous email
> > indicated. So, yes, as I read the manpage and it should work in the
> > manner you suggest but, it does not.
> >
> OK, I did this:
>
> samba-tool ou create 'OU=CompanyName'
>
> and got this:
>
> Created ou "OU=CompanyName,DC=samdom,DC=example,DC=com"
>
> Then I did this:
>
> samba-tool ou create 'OU=DmnMmbrs-folder-redirection,OU=CompanyName'
>
> which lead to this:
>
> Created ou
> "OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=samdom,DC=example,DC=com"
>
> I then did this:
>
> samba-tool user create robert P4ssw0rd* --given-name=Robert
> --surname=Wooden --userou='OU=DmnMmbrs-folder-redirection,OU=CompanyName'
>
> and got this:
>
> User 'robert' created successfully
>
> With this in AD:
>
> dn: CN=Robert
>
> Wooden,OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=samdom,DC=example,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Robert Wooden
> sn: Wooden
> givenName: Robert
> instanceType: 4
> whenCreated: 20201011131747.0Z
> whenChanged: 20201011131747.0Z
> displayName: Robert Wooden
> uSNCreated: 1497670
> name: Robert Wooden
> objectGUID: e0ffd79f-786c-4e02-8cfd-90db74101f89
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-5198
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: robert
> sAMAccountType: 805306368
> userPrincipalName: robert at samdom.example.com
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
> pwdLastSet: 132468958672325130
> userAccountControl: 512
> uSNChanged: 1497672
> distinguishedName: CN=Robert
>
> Wooden,OU=DmnMmbrs-folder-redirection,OU=CompanyName,DC=samdom,DC=example,DC=com
>
> So, what are you doing differently ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list