Re: [Samba] Some Clarification?

steve Sat, 13 Apr 2013 09:29:08 -0700

On 13/04/13 18:06, Stuart Sheldon wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Thanks for the response Andrew,

Using ad for my idmap sounds like what I'm looking for. I'm having
problems finding how I add the map ids to the AD manually for new users.
Could you direct me to some information regarding cli tools to do that?

Thanks Again,

Stu

Hi
If you want to do it manually e.g. to add a domain user called steve2:

samba-tool user add steve2
(enter the passwords)

then edit the record:
ldbedit  --url=/usr/local/samba/private/sam.ldb cn=steve2

You can use any editor:

ldbedit -e gedit --url=/usr/local/samba/private/sam.ldb cn=steve2

Here is a fully loaded domain user with the rfc2307 objects andattributes added you need to forget about idmap altogether:) With thislot, he's good for both Linux and windows clients.


# editing 1 records
# record 1
dn: CN=steve2,CN=Users,DC=hh3,DC=site
cn: steve2
instanceType: 4
whenCreated: 20130412075527.0Z
uSNCreated: 3737
name: steve2
objectGUID: 1fb4f5fe-11db-47da-a3d7-962717a81881
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-1555648365-2472922434-3126067274-1106
logonCount: 0
sAMAccountName: steve2
sAMAccountType: 805306368

userPrincipalName: [email protected] is a fully loaded domain userwith thfor both Linux and windows clients. You can any editor:e rfc2307objects and idmap attributes added. With this lot, he's good for bothLinux and windows clients.

objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=hh3,DC=site
pwdLastSet: 130102269270000000
userAccountControl: 66048
accountExpires: 0
uidNumber: 3000034
gidNumber: 20513
unixHomeDirectory: /home/users/steve2
loginShell: /bin/bash
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
profilePath: \\hh16\profiles\steve2
homeDrive: Z:
homeDirectory: \\hh16\users\steve2
whenChanged: 20130412075530.0Z
uSNChanged: 3743
distinguishedName: CN=steve2,CN=Users,DC=hh3,DC=site

Note: you'll soon get bored adding all the extra stuff but it's easy towrite a script to automate it.


You need to tell Samba to use AD in the [global] section of smb.conf:
idmap_ldb:use rfc2307 = Yes

As a matter of interest, how do you plan on pulling the id info from thedatabase?

hth
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Some Clarification?

Reply via email to