[Samba] Maintaining Unix Attributes in AD using ADUC?

Matthias Leopold matthias.leopold at meduniwien.ac.at
Fri Apr 2 10:22:53 UTC 2021


Hi,

after reading the documentation on RFC2307 attributes in Samba AD I 
still wasn't sure if UID/GID attributes would be _automatically_ 
assigned to new users/groups that where added with _ADUC_.

wiki.samba.org says:
"When using the ADUC utility, the user and group IDs are automatically 
tracked inside AD and incremented when creating a new user or group." 
(https://wiki.samba.org/index.php/Idmap_config_ad)

"Every time a UID/GID number is assigned using Active Directory Users 
and Computers (ADUC), the next UID/GID number is stored inside the 
Active Directory. By default, ADUC starts assigning UID and GID numbers 
at 10000." 
(https://wiki.samba.org/index.php/Maintaining_Unix_Attributes_in_AD_using_ADUC)

Now I tried it with a domain where RFC2307 was set up after provisioning 
(https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD#Installing_the_NIS_Extensions).
Additionally I set msSFU30MaxUidNumber/msSFU30MaxGidNumber to custom values.

I then created a user in ADUC, but uidnumber wasn't assigned, same for 
group and gidnumber. The question is: should these attributes have been 
assigned automatically? Did I miss something or is this not supposed to 
happen?
To me this is essential, because I want to delegate group creation in AD 
to users, so if automatic GID assignment doesn't work I can't use 
RFC2307 in Samba AD.

thx
Matthias




More information about the samba mailing list