User and Group management
From SambaWiki
User and Group and Computer accountd management with samba-tool
Adding Users into Samba Active Directory
add / delete users with samba-tool Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created.
example : to add an User
$ samba-tool user add fbaggins --random-password --use-username-as-cn --surname="Baggins" --given-name="Frodo" --initials=S --mail-address=fbaggins@SAM.DOMAIN.LOCAL. --company="Hobbiton Inc." --script-path=shire.bat --profile-path=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\profiles\\fbaggins --home-drive=F --home-directory=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\fbaggins --job-title="Goes there and back again"
To inspect the allocated user ID and SID, use the following command:
$ wbinfo --name-to-sid USERNAME S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1) $ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005 3000011
If you want to change this mapping, then use ldbedit on the /var/lib/samba/private/idmap.ldb, as shown:
$ ldbedit -e emacs -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
- Note: You can replace emacs with your editor of choice.
You will find records that look like this:
# record 1 dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005 cn: S-1-5-21-4036476082-4153129556-3089177936-1005 objectClass: sidMap objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005 type: ID_TYPE_BOTH xidNumber: 3000011 distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
If you change the xidNumber attribute and save your editor then exit, then Samba will update the mapping to between the SID and the user ID. Updating group mappings works in the same way.
To create a Samba user, use the following command at samba-ad1 via ssh login as root :
$ samba-tool user add USERNAME
samba-tool- Delete Users from Samba Active Directory
# samba-tool user delete stduser
samba-tool -- create group from Samba Active Directory
~# samba-tool group add stdgroup Added group stdgroup
samba-tool - delete group from Samba Active Directory
~# samba-tool group delete stdgroup Added group stdgroup
samba-tool - group addmembers - Samba Active Directory
~# samba-tool group removemembers "Domain Users" stduser Removed members from group Domain Users
samba-tool- group removemembers - Samba Active Directory
~# samba-tool group removemembers "Domain Users" stduser Removed members from group Domain Users
samba-tool - group listmembers - Samba Active Directory
~# samba-tool group listmembers "Domain Users" | grep stduser stduser
samba-tool - Create a user, create a group, add the user to the group - Samba Active Directory
~# samba-tool user add stduser User 'stduser' created successfully ~# samba-tool group add stdgroup Added group stdgroup ~# samba-tool group addmembers stdgroup stduser Added members to group stdgroup