Web lists-archives.com

Re: [Samba] Bulk add users and rfc2307 attributes questions




Hi Rowland,

On Wed, 2 Aug 2017, Rowland Penny via samba wrote:

On Tue, 1 Aug 2017 23:23:25 -0400 (EDT)
Tom Diehl via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi,

I am currently testing a self compiled 4.7.0rc3 AD DC and a samba
member server acting as a file server. I have them configured to use
rfc2307 attributes so that the samba users can access the shares on
the member server. Everything seems to be working as expected.

The problem I am facing is I need to add about 150 users. Once the
initial load of users is added I want to use the rsat tools to manage
the users and shares.

I found an article @
https://wiki.samba.org/index.php/Adding_users_with_samba_tool that
says to add users using samba-tool. I think I want to  write a script
that does something like the following substituting variables where
appropriate:

# samba-tool user create --nis-domain SAMDOM --uid-number 10007 \
--gid-number 10000 --login-shell=/sbin/nologin --unix-home \
/home/samba/users/test_user3 --home-drive H: --home-directory \
'\\fs1\users\test_user3' test_user3

Testing shows that if I use samba-tool to add users, when I switch
back to using ADUC to manage users the default UID in the Unix
attributes tab of ADUC does not show the correct uid to use to
configure the next user. It would appear that if I set the correct
uid in the unix attributes tab when I configure a user in ADUC, that
it would then move on from there with the correct uid.

So my questions are:

1. Are my assumptions above correct?

Unfortunately, yes


2. Is there a better way to do this? This just seems kludgy to me.

not really, when you are doing this on an individual, it does seem
kludgy, but, if you feed your script all the info, it will work as
expected.


3. Is there an automatic way to have samba-tool assign the correct
rfc-2307 uid?

Probably only sat on my HD and this got rejected.

Sorry, I do not understand the above statement.


What you are missing, is a couple of attributes 'msSFU30MaxUidNumber' &
'msSFU30MaxGidNumber' (note 'Max' is microsoft for 'next'). These
should be in 'CN=<your lowercase domain
name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=YOUR,DC=DNS,DC=DOMAIN'

So if I understand you, I would do something like:
ldbsearch -H /usr/local/samba/private/sam.ldb -b CN=samdom,CN=ypservers,CN=ypServ30,\
CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com | grep msSFU30MaxUidNumber
to get the next uid to use in the script. Is this correct?

What is the best/safest way to update msSFU30MaxUidNumber after I add a user?
I am thinking about Creating an ldif tmp file and then read that in with
ldbmodify.

Does this sound sane? Is there a better way?

Thanks for your help.

Regards,

--
Tom			me@xxxxxxxxxx		Spamtrap address	 		me123@xxxxxxxxxx

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba