No, you still can edit the Unix-Attributes, as long as you have the special schema installed to your AD. I don't now how to do this nowadays in Windows, but with Samba4 you have to provision the AD wit the rfc2307 schema and then you have the attributes. What you will not find anymore is the special Tag in ADUC for the Unix-Attributes, you must use the Attribute-Editor if you are looking at the properties of a user. LAM can manage this attribute too. But again you must install the schema.
Stefan Am 19.03.19 um 17:29 schrieb Rowland Penny: > On Tue, 19 Mar 2019 16:40:05 +0100 > lists <[email protected]> wrote: > >> Hi, >> >> It seems that microsoft removed the ability to manage unix attributes >> with from the windows 10 version of ADUC (Active Directory Users and >> Computers). This means we (and probably more institutes like us) have >> to look look for a good alternative. >> >> We used LAM in the past, and I am checking it out now again. We would >> like to ask some questions if we may. >> >> We are unsure on which modules to activate in the case of a 'regular' >> samba based Windows AD install (with unix attributes stored in AD) >> (like this: https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD >> >> Some quick remarks / observations: >> >> Nice to see an UID generator type "Windows domain info" that simply >> works, makes moving to LAM easier. :-) >> >> LAM does not seem to detect the unix attributes although they are >> added by ADUC, and displays the button to "add unix extension" >> instead. This is strange, because my users *are* unix users, and >> fully functional. >> >> We have added the two User modules "Windows windowsUser (*)" and >> "Unix (posixAccount), and for groups only the "windows (windowsGroup) >> (*)". We are not sure if those are the correct. (for example there is >> also windowsPosixGroup) Suggestions..? >> >> In LAM with an enabled unix posixAccount Users module, we are asked >> to set a seperate unix password for our users. This is not the case >> in ADUC, and we would like to avoid that if possible. >> >> So, in short: anyone here using LAM for a 'average' samba4-based >> active directory installation? Tips or suggestions for us? >> > > I wonder if LAM is still relying on the posixaccount & posixgroup > objectclasses ? > I pointed out quite sometime ago that they are not required on AD to > use the RFC2307 attributes and in fact neither Windows or Samba will > add them. > So to put it bluntly, if LAM uses the two posix objectclasses for AD, > it is broken. > > Rowland Penny > Samba team Member > > > > _______________________________________________ > Lam-public mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/lam-public > -- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre E-Mail. Weiter Informationen unter http://www.gnupg.org Mein Schlüssel liegt auf hkp://subkeys.pgp.net
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
