Web lists-archives.com

Re: [Samba] Maintaining Unix Attributes in AD - best practice?




On Thu, 24 May 2018 12:12:54 +0200
Henry Jensen via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello,
> 
> we are testing migration from a NT style Samba 3 domain to a Samba 4
> AD domain. As we are keeping RFC2307 Unix Attributes in the AD we also
> want to add them to future accounts.
> 
> Because the Unix Attributes tab is no lopnger available since Windows
> 10, I am looking for the best way to add Unix attibutes to users. 
> 
> I know that setting Unix attributes in Windows 10 ADUC tool is
> possible manually, but certainly not the best way. And keeping a
> Windows 7 station with RSAT tools online isn't the best solution
> either, especially when security support for Windows 7 runs out in
> 2020.
> 
> So, what would be the best was to add Unix attributes to AD? 
> I read on this list, that adding AD users with "samba-tool
> --uid-number" is discouraged.

Where did you read that ??
Of course you can use samba-tool, there are just two problems:
The first is that you cannot ADD posix attributes with 'samba-tool
user', you have to create the user with the attributes in the first
place. The second is, you have to track the uidNumber & gidNumber
attributes yourself, there is no automatic way of doing this. You could
always 'add' the two missing attributes and then write your own script
around 'samba-tool user create'

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba