User and Group management: Difference between revisions
From SambaWiki
m (/* added example of how to create Unix group) |
|||
(8 intermediate revisions by 5 users not shown) | |||
Line 3: | Line 3: | ||
== Adding Users into Samba Active Directory == |
== Adding Users into Samba Active Directory == |
||
⚫ | |||
You add / delete users with samba-tool |
|||
To create a Samba user, use the following command at samba-ad1 via ssh login as root : |
|||
⚫ | |||
⚫ | |||
An example of adding a User + Login Profile for the user <code>fbaggins</code> |
|||
⚫ | |||
⚫ | |||
This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be <code>P4ssw0rd*</code> |
|||
$ samba-tool user create fbaggins P4ssw0rd* |
|||
⚫ | |||
--use-username-as-cn --surname="Baggins" |
|||
--given-name="Frodo" --initials=S |
|||
--mail-address=fbaggins@samdom.example.com |
|||
--company="Hobbiton Inc." --script-path=shire.bat |
|||
--profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins |
|||
--home-drive=F |
|||
--home-directory=\\\\ADSMember.samdom.example.com\\fbaggins |
|||
--job-title="Goes there and back again" |
|||
⚫ | |||
{{Imbox |
|||
<pre> |
|||
| type = note |
|||
⚫ | |||
| text = You do not need to supply all of the above options when creating a new user. For details of available options, run <code>samba-tool user create --help</code> in a terminal. |
|||
⚫ | |||
}} |
|||
</pre> |
|||
⚫ | |||
To inspect the allocated user ID and SID, use the following commands: |
|||
<pre> |
|||
⚫ | |||
⚫ | |||
</pre> |
|||
$ wbinfo --name-to-sid USERNAME |
|||
⚫ | |||
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1) |
|||
$ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
3000011 |
|||
<pre> |
|||
⚫ | |||
⚫ | |||
</pre> |
|||
⚫ | |||
<pre> |
|||
⚫ | |||
⚫ | |||
⚫ | |||
</pre> |
|||
⚫ | |||
=== samba-tool |
=== samba-tool: create a group in Samba Active Directory === |
||
<pre> |
|||
⚫ | |||
stduser |
|||
</pre> |
|||
⚫ | |||
⚫ | |||
=== samba-tool |
=== samba-tool: create a Unix group in Samba Active Directory === |
||
~# samba-tool group add groupname --nis-domain=samdom --gid-number=<next available GID> |
|||
<pre> |
|||
Added group groupname |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
=== samba-tool: delete a group from Samba Active Directory === |
|||
⚫ | |||
⚫ | |||
Added group groupname |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
user |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
---- |
|||
</pre> |
|||
[[Category:User Management]] |
Latest revision as of 11:21, 22 April 2020
User and Group and Computer accountd management with samba-tool
Adding Users into Samba Active Directory
You add / delete users with samba-tool
Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.
An example of adding a User + Login Profile for the user fbaggins
This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be P4ssw0rd*
$ samba-tool user create fbaggins P4ssw0rd* --use-username-as-cn --surname="Baggins" --given-name="Frodo" --initials=S --mail-address=fbaggins@samdom.example.com --company="Hobbiton Inc." --script-path=shire.bat --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins --home-drive=F --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins --job-title="Goes there and back again"
You do not need to supply all of the above options when creating a new user. For details of available options, run samba-tool user create --help in a terminal. |
To inspect the allocated user ID and SID, use the following commands:
$ wbinfo --name-to-sid USERNAME S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1) $ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005 3000011
samba-tool: Delete Users from Samba Active Directory
# samba-tool user delete username
samba-tool: create a group in Samba Active Directory
~# samba-tool group add groupname Added group groupname
samba-tool: create a Unix group in Samba Active Directory
~# samba-tool group add groupname --nis-domain=samdom --gid-number=<next available GID> Added group groupname
samba-tool: delete a group from Samba Active Directory
~# samba-tool group delete groupname Added group groupname
samba-tool: add members to a group in Samba Active Directory
~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]] Added members to group Domain Users
samba-tool: remove members from a group in Samba Active Directory
~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]] Removed members from group Domain Users
samba-tool: list members of a group in Samba Active Directory
~# samba-tool group listmembers "Domain Users" | grep username user
samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory
~# samba-tool user create username User 'username' created successfully ~# samba-tool group add groupname Added group groupname ~# samba-tool group addmembers groupname username Added members to group groupname