Re: [Users] oVirt 3.2.2 successfully connected to Samba4
Hi! I can also confirm this to be working. I set up a SAMBA4 DC on a freebsd-based VM and is successfully connected to it on my experimental oVirt-3.1 engine. Just FYI. /Karli fre 2013-06-28 klockan 16:19 +0200 skrev Gianluca Cecchi: Hello, in the past there were some threads related to this subject. Today I successfully connected my oVirt 3.2.2 (installed on f18 with ovirt-repo) to a CentOS 6 samba4 server. Basically I followed this nice page for CentOS 6 with the difference that I downloaded and compiled 4.0.6 version of Samba instead of 4.0.0: http://opentodo.net/2013/01/samba4-as-ad-domain-controller-on-centos-6/ One important thing is that I had to put samba4 server ip in resolv.conf as the first for my engine. But in my case this was not a problem because samba4 is then configured with the original corporate dns as forwarder, so all is ok for me Some commands' output [root@c6dc samba-4.0.6]# /usr/local/samba/bin/samba-tool domain provision --realm=ovtest.local --domain=OVTEST --adminpass 'X' --server-role=dc --dns-backend=BIND9_DLZ Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=ovtest,DC=local Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=ovtest,DC=local Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: c6dc NetBIOS Domain:OVTEST DNS Domain:ovtest.local DOMAIN SID:S-1-5-21-4186344073-955232896-1764362378 [root@c6dc samba-4.0.6]# rndc-confgen -a -r /dev/urandom wrote key file /etc/rndc.key - tests (see also http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller) [root@c6dc ]# /usr/local/samba/bin/smbclient -L localhost -U% Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Sharename Type Comment - --- netlogonDisk sysvol Disk IPC$IPC IPC Service (Samba 4.0.6) Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Server Comment ---- WorkgroupMaster ---- [root@c6dc ntp-4.2.6p5]# host -t SRV _ldap._tcp.ovtest.local. _ldap._tcp.ovtest.local has SRV record 0 100 389 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# host -t SRV _kerberos._udp.ovtest.local. _kerberos._udp.ovtest.local has SRV record 0 100 88 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# kinit administrator@OVTEST.LOCALmailto:administrator@OVTEST.LOCAL Password for administrator@OVTEST.LOCALmailto:administrator@OVTEST.LOCAL: Warning: Your password will expire in 41 days on Fri Aug 9 13:30:59 2013 [root@c6dc ntp-4.2.6p5]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@OVTEST.LOCALmailto:administrator@OVTEST.LOCAL Valid starting ExpiresService principal 06/28/13 14:55:11 06/29/13 00:55:11 krbtgt/OVTEST.LOCAL@OVTEST.LOCALmailto:OVTEST.LOCAL@OVTEST.LOCAL renew until 07/05/13 14:55:08 Users' mgmt can be done from windows with Samba AD management tools see: http://wiki.samba.org/index.php/Samba_AD_management_from_windows I managed from linux see: http://wiki.samba.org/index.php/Adding_users_with_samba_tool [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/samba-tool user add OVIRTADM New Password: Retype Password: User 'OVIRTADM' created successfully [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/wbinfo --name-to-sid OVIRTADM S-1-5-21-4186344073-955232896-1764362378-1104 SID_USER (1) [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/wbinfo --sid-to-uid S-1-5-21-4186344073-955232896-1764362378-1104 316 I missed givenName and sn in user creation Unfortunately there is a only proposed patch for an edit subcommand but is not inside yet. http://samba.2283325.n4.nabble.com/Patch-for-samba-tool-user-modify-subcommand-td4634884.html See also:
Re: [Users] oVirt 3.2.2 successfully connected to Samba4
Hello everybody, I can confirm also that after implement my Samba4 Active Directory emulation and add it to my engine it works fine. I can add users to my Samba4 and after that I can grant the permission in my engine webadmin portal and use my VMs. Now, as I told before I will try to create a process to import my OpenLDAP users to this Samba 4.0.6 to be able to use the ovirt by the students. Many thanks. Juanjo. On Mon, Jul 1, 2013 at 1:56 PM, Juan Jose jj197...@gmail.com wrote: Hello everybody, Thanks Gianluca for share your experience. I have now installed and configured a Samba 4.0.6 over Debian 7 Stable distro and I'm in the step of importing all my users from my production OpenLDAP + Samba 3 server to this new server which it's now working. After that I want join it to my oVirt engine. I will share too my experience when I have the system all working. Thanks again, Juanjo. On Fri, Jun 28, 2013 at 4:44 PM, Charlie medieval...@gmail.com wrote: Excellent, Gianluca, thanks for sharing the information! --Charlie On Fri, Jun 28, 2013 at 10:19 AM, Gianluca Cecchi gianluca.cec...@gmail.com wrote: Hello, in the past there were some threads related to this subject. Today I successfully connected my oVirt 3.2.2 (installed on f18 with ovirt-repo) to a CentOS 6 samba4 server. Basically I followed this nice page for CentOS 6 with the difference that I downloaded and compiled 4.0.6 version of Samba instead of 4.0.0: http://opentodo.net/2013/01/samba4-as-ad-domain-controller-on-centos-6/ One important thing is that I had to put samba4 server ip in resolv.conf as the first for my engine. But in my case this was not a problem because samba4 is then configured with the original corporate dns as forwarder, so all is ok for me Some commands' output [root@c6dc samba-4.0.6]# /usr/local/samba/bin/samba-tool domain provision --realm=ovtest.local --domain=OVTEST --adminpass 'X' --server-role=dc --dns-backend=BIND9_DLZ Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=ovtest,DC=local Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=ovtest,DC=local Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: c6dc NetBIOS Domain:OVTEST DNS Domain:ovtest.local DOMAIN SID:S-1-5-21-4186344073-955232896-1764362378 [root@c6dc samba-4.0.6]# rndc-confgen -a -r /dev/urandom wrote key file /etc/rndc.key - tests (see also http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller ) [root@c6dc ]# /usr/local/samba/bin/smbclient -L localhost -U% Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Sharename Type Comment - --- netlogonDisk sysvol Disk IPC$IPC IPC Service (Samba 4.0.6) Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Server Comment ---- WorkgroupMaster ---- [root@c6dc ntp-4.2.6p5]# host -t SRV _ldap._tcp.ovtest.local. _ldap._tcp.ovtest.local has SRV record 0 100 389 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# host -t SRV _kerberos._udp.ovtest.local. _kerberos._udp.ovtest.local has SRV record 0 100 88 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# kinit administrator@OVTEST.LOCAL Password for administrator@OVTEST.LOCAL: Warning: Your password will expire in 41 days on Fri Aug 9 13:30:59 2013 [root@c6dc ntp-4.2.6p5]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@OVTEST.LOCAL Valid starting ExpiresService principal 06/28/13 14:55:11 06/29/13 00:55:11 krbtgt/OVTEST.LOCAL@OVTEST.LOCAL renew until 07/05/13 14:55:08 Users' mgmt
Re: [Users] oVirt 3.2.2 successfully connected to Samba4
Hello everybody, Thanks Gianluca for share your experience. I have now installed and configured a Samba 4.0.6 over Debian 7 Stable distro and I'm in the step of importing all my users from my production OpenLDAP + Samba 3 server to this new server which it's now working. After that I want join it to my oVirt engine. I will share too my experience when I have the system all working. Thanks again, Juanjo. On Fri, Jun 28, 2013 at 4:44 PM, Charlie medieval...@gmail.com wrote: Excellent, Gianluca, thanks for sharing the information! --Charlie On Fri, Jun 28, 2013 at 10:19 AM, Gianluca Cecchi gianluca.cec...@gmail.com wrote: Hello, in the past there were some threads related to this subject. Today I successfully connected my oVirt 3.2.2 (installed on f18 with ovirt-repo) to a CentOS 6 samba4 server. Basically I followed this nice page for CentOS 6 with the difference that I downloaded and compiled 4.0.6 version of Samba instead of 4.0.0: http://opentodo.net/2013/01/samba4-as-ad-domain-controller-on-centos-6/ One important thing is that I had to put samba4 server ip in resolv.conf as the first for my engine. But in my case this was not a problem because samba4 is then configured with the original corporate dns as forwarder, so all is ok for me Some commands' output [root@c6dc samba-4.0.6]# /usr/local/samba/bin/samba-tool domain provision --realm=ovtest.local --domain=OVTEST --adminpass 'X' --server-role=dc --dns-backend=BIND9_DLZ Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=ovtest,DC=local Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=ovtest,DC=local Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: c6dc NetBIOS Domain:OVTEST DNS Domain:ovtest.local DOMAIN SID:S-1-5-21-4186344073-955232896-1764362378 [root@c6dc samba-4.0.6]# rndc-confgen -a -r /dev/urandom wrote key file /etc/rndc.key - tests (see also http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller ) [root@c6dc ]# /usr/local/samba/bin/smbclient -L localhost -U% Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Sharename Type Comment - --- netlogonDisk sysvol Disk IPC$IPC IPC Service (Samba 4.0.6) Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Server Comment ---- WorkgroupMaster ---- [root@c6dc ntp-4.2.6p5]# host -t SRV _ldap._tcp.ovtest.local. _ldap._tcp.ovtest.local has SRV record 0 100 389 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# host -t SRV _kerberos._udp.ovtest.local. _kerberos._udp.ovtest.local has SRV record 0 100 88 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# kinit administrator@OVTEST.LOCAL Password for administrator@OVTEST.LOCAL: Warning: Your password will expire in 41 days on Fri Aug 9 13:30:59 2013 [root@c6dc ntp-4.2.6p5]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@OVTEST.LOCAL Valid starting ExpiresService principal 06/28/13 14:55:11 06/29/13 00:55:11 krbtgt/OVTEST.LOCAL@OVTEST.LOCAL renew until 07/05/13 14:55:08 Users' mgmt can be done from windows with Samba AD management tools see: http://wiki.samba.org/index.php/Samba_AD_management_from_windows I managed from linux see: http://wiki.samba.org/index.php/Adding_users_with_samba_tool [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/samba-tool user add OVIRTADM New Password: Retype Password: User 'OVIRTADM' created successfully [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/wbinfo --name-to-sid OVIRTADM S-1-5-21-4186344073-955232896-1764362378-1104
[Users] oVirt 3.2.2 successfully connected to Samba4
Hello, in the past there were some threads related to this subject. Today I successfully connected my oVirt 3.2.2 (installed on f18 with ovirt-repo) to a CentOS 6 samba4 server. Basically I followed this nice page for CentOS 6 with the difference that I downloaded and compiled 4.0.6 version of Samba instead of 4.0.0: http://opentodo.net/2013/01/samba4-as-ad-domain-controller-on-centos-6/ One important thing is that I had to put samba4 server ip in resolv.conf as the first for my engine. But in my case this was not a problem because samba4 is then configured with the original corporate dns as forwarder, so all is ok for me Some commands' output [root@c6dc samba-4.0.6]# /usr/local/samba/bin/samba-tool domain provision --realm=ovtest.local --domain=OVTEST --adminpass 'X' --server-role=dc --dns-backend=BIND9_DLZ Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=ovtest,DC=local Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=ovtest,DC=local Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: c6dc NetBIOS Domain:OVTEST DNS Domain:ovtest.local DOMAIN SID:S-1-5-21-4186344073-955232896-1764362378 [root@c6dc samba-4.0.6]# rndc-confgen -a -r /dev/urandom wrote key file /etc/rndc.key - tests (see also http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller) [root@c6dc ]# /usr/local/samba/bin/smbclient -L localhost -U% Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Sharename Type Comment - --- netlogonDisk sysvol Disk IPC$IPC IPC Service (Samba 4.0.6) Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Server Comment ---- WorkgroupMaster ---- [root@c6dc ntp-4.2.6p5]# host -t SRV _ldap._tcp.ovtest.local. _ldap._tcp.ovtest.local has SRV record 0 100 389 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# host -t SRV _kerberos._udp.ovtest.local. _kerberos._udp.ovtest.local has SRV record 0 100 88 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# kinit administrator@OVTEST.LOCAL Password for administrator@OVTEST.LOCAL: Warning: Your password will expire in 41 days on Fri Aug 9 13:30:59 2013 [root@c6dc ntp-4.2.6p5]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@OVTEST.LOCAL Valid starting ExpiresService principal 06/28/13 14:55:11 06/29/13 00:55:11 krbtgt/OVTEST.LOCAL@OVTEST.LOCAL renew until 07/05/13 14:55:08 Users' mgmt can be done from windows with Samba AD management tools see: http://wiki.samba.org/index.php/Samba_AD_management_from_windows I managed from linux see: http://wiki.samba.org/index.php/Adding_users_with_samba_tool [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/samba-tool user add OVIRTADM New Password: Retype Password: User 'OVIRTADM' created successfully [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/wbinfo --name-to-sid OVIRTADM S-1-5-21-4186344073-955232896-1764362378-1104 SID_USER (1) [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/wbinfo --sid-to-uid S-1-5-21-4186344073-955232896-1764362378-1104 316 I missed givenName and sn in user creation Unfortunately there is a only proposed patch for an edit subcommand but is not inside yet. http://samba.2283325.n4.nabble.com/Patch-for-samba-tool-user-modify-subcommand-td4634884.html See also: https://wiki.samba.org/index.php/Samba4/LDBIntro To modify users' attributes I used this: [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/ldbedit -e vi -H /usr/local/samba/private/idmap.ldb objectsid=S-1-5-21-4186344073-955232896-1764362378-1104 here you enter into a vi session # editing 1 records # record 1 dn: CN=S-1-5-21-4186344073-955232896-1764362378-1104 cn:
Re: [Users] oVirt 3.2.2 successfully connected to Samba4
Excellent, Gianluca, thanks for sharing the information! --Charlie On Fri, Jun 28, 2013 at 10:19 AM, Gianluca Cecchi gianluca.cec...@gmail.com wrote: Hello, in the past there were some threads related to this subject. Today I successfully connected my oVirt 3.2.2 (installed on f18 with ovirt-repo) to a CentOS 6 samba4 server. Basically I followed this nice page for CentOS 6 with the difference that I downloaded and compiled 4.0.6 version of Samba instead of 4.0.0: http://opentodo.net/2013/01/samba4-as-ad-domain-controller-on-centos-6/ One important thing is that I had to put samba4 server ip in resolv.conf as the first for my engine. But in my case this was not a problem because samba4 is then configured with the original corporate dns as forwarder, so all is ok for me Some commands' output [root@c6dc samba-4.0.6]# /usr/local/samba/bin/samba-tool domain provision --realm=ovtest.local --domain=OVTEST --adminpass 'X' --server-role=dc --dns-backend=BIND9_DLZ Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=ovtest,DC=local Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=ovtest,DC=local Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: c6dc NetBIOS Domain:OVTEST DNS Domain:ovtest.local DOMAIN SID:S-1-5-21-4186344073-955232896-1764362378 [root@c6dc samba-4.0.6]# rndc-confgen -a -r /dev/urandom wrote key file /etc/rndc.key - tests (see also http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller ) [root@c6dc ]# /usr/local/samba/bin/smbclient -L localhost -U% Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Sharename Type Comment - --- netlogonDisk sysvol Disk IPC$IPC IPC Service (Samba 4.0.6) Domain=[OVTEST] OS=[Unix] Server=[Samba 4.0.6] Server Comment ---- WorkgroupMaster ---- [root@c6dc ntp-4.2.6p5]# host -t SRV _ldap._tcp.ovtest.local. _ldap._tcp.ovtest.local has SRV record 0 100 389 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# host -t SRV _kerberos._udp.ovtest.local. _kerberos._udp.ovtest.local has SRV record 0 100 88 c6dc.ovtest.local. [root@c6dc ntp-4.2.6p5]# kinit administrator@OVTEST.LOCAL Password for administrator@OVTEST.LOCAL: Warning: Your password will expire in 41 days on Fri Aug 9 13:30:59 2013 [root@c6dc ntp-4.2.6p5]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@OVTEST.LOCAL Valid starting ExpiresService principal 06/28/13 14:55:11 06/29/13 00:55:11 krbtgt/OVTEST.LOCAL@OVTEST.LOCAL renew until 07/05/13 14:55:08 Users' mgmt can be done from windows with Samba AD management tools see: http://wiki.samba.org/index.php/Samba_AD_management_from_windows I managed from linux see: http://wiki.samba.org/index.php/Adding_users_with_samba_tool [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/samba-tool user add OVIRTADM New Password: Retype Password: User 'OVIRTADM' created successfully [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/wbinfo --name-to-sid OVIRTADM S-1-5-21-4186344073-955232896-1764362378-1104 SID_USER (1) [root@c6dc ntp-4.2.6p5]# /usr/local/samba/bin/wbinfo --sid-to-uid S-1-5-21-4186344073-955232896-1764362378-1104 316 I missed givenName and sn in user creation Unfortunately there is a only proposed patch for an edit subcommand but is not inside yet. http://samba.2283325.n4.nabble.com/Patch-for-samba-tool-user-modify-subcommand-td4634884.html See also: https://wiki.samba.org/index.php/Samba4/LDBIntro To modify users' attributes I used this: [root@c6dc