Re: [Samba] User management scripts in AD mode...
- Date: Fri, 23 Jun 2017 17:34:48 +0200
- From: Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] User management scripts in AD mode...
Mandi! Rowland Penny via samba
In chel di` si favelave...
Sorry, i come back to that:
> Not sure what you are getting at here, if you add a user to a group in
> AD, you not only get a record in the group object, you also get a
> record in the users object
> dn: CN=Unixgroup,CN=Users,DC=samdom,DC=example,DC=com
> member: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
> memberOf: CN=Unixgroup,CN=Users,DC=samdom,DC=example,DC=com
> So you don't have to modify the user at all, again samba-tool can do
> things like this for you, see 'samba-tool group --help'
Because i've not clear how group management works in AD. I'm using
'Active Directory Users and Computers', so i think a pretty standard
tool. Some question.
a) i've not found 'member' in user object.
b) membership are accounted in groups via the 'member' field in group
object. Membership are expressed as full user DN.
c) if, for the group object, i add some member in 'UNIX Attributes',
they are not saved (eg, if i add some user and i do 'Apply' and then
'OK', if i came back to the group, UNIX attributes membership are
d) if, for a user, i set a primary group in 'Member of' (NOT UNIX
attributes), user object get a 'primaryGroupID' data with the RID of
the group, and DESAPPEAR the relative data 'member' in the group. Argh!
So, seems to me that:
1) probably for my fault, some of the UNIX data (eg, group membership)
does not work. I think also can be irrilevant, because winbind/sssd
get unix membership by other way (eg, ''windows'' mempership and not
2) if i need to know what users belog to group 'X', i've to catch all
DN listed in 'member' of that group, AND all users that have
as 'primaryGroupID' the RID of the group.
I'm again a bit confused... ;-(((
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
To unsubscribe from this list go to the following URL and read the