Difference between revisions of "Adding users with samba tool"

(Adding Users into Samba Active Directory: user add deprecated by create)
m (/* Change incorrect way of altering Unix ID in AD. NOTE I will return to this and fill it out when I have more time)
Line 1: Line 1:
 
== Adding Users into Samba Active Directory ==
 
== Adding Users into Samba Active Directory ==
Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created.
+
When running Samba 4 as an Active Directory domain, unlike Samba 3, you cannot have a local Unix user for each Samba user that is created.
  
 
To create a Samba user, use the following command:
 
To create a Samba user, use the following command:
  
  /usr/local/samba/bin/samba-tool user create USERNAME
+
  /usr/local/samba/bin/samba-tool user create user1
  
 
To inspect the allocated user ID and SID, use the following command:
 
To inspect the allocated user ID and SID, use the following command:
  
  $ /usr/local/samba/bin/wbinfo --name-to-sid USERNAME
+
  $ /usr/local/samba/bin/wbinfo --name-to-sid user1
 
  S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)
 
  S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)
 
   
 
   
Line 14: Line 14:
 
  3000011
 
  3000011
  
If you want to change this mapping, then use <tt>ldbedit</tt> on the <tt>/usr/local/samba/private/idmap.ldb</tt>, as shown:
+
If you want to change this mapping, You must add a 'uidNumber' attribute to the users object in /usr/local/samba/private/sam.ldb
  
  $ ldbedit -e emacs -H /usr/local/samba/private/idmap.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
+
  $ ldbedit -e emacs -H /usr/local/samba/private/sam.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
  
 
*Note: You can replace <tt>emacs</tt> with your editor of choice.
 
*Note: You can replace <tt>emacs</tt> with your editor of choice.
  
You will find records that look like this:
 
  
# record 1
+
Find the record for 'user1', it will start like this:
dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
 
cn: S-1-5-21-4036476082-4153129556-3089177936-1005
 
objectClass: sidMap
 
objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005
 
type: ID_TYPE_BOTH
 
xidNumber: 3000011
 
distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
 
  
If you change the <tt>xidNumber</tt> attribute and save your editor then exit,
+
dn: CN=user1,CN=Users,DC=samdom,DC=example,DC=com
then Samba will update the mapping to between the SID and the user
+
objectClass: top
ID. Updating group mappings works in the same way.
+
objectClass: person
 +
objectClass: organizationalPerson
 +
objectClass: user
 +
cn: user1
 +
 
 +
 
 +
If you add a <tt>uidNumber</tt> attribute similar to this:
 +
 
 +
uidNumber: 10000
 +
 
 +
Then save and exit,
 +
Samba will then use ID '10000' for the user Unix ID.  
 +
 
 +
 
 +
You can change group Unix ID's in the same way.

Revision as of 20:56, 10 June 2017

Adding Users into Samba Active Directory

When running Samba 4 as an Active Directory domain, unlike Samba 3, you cannot have a local Unix user for each Samba user that is created.

To create a Samba user, use the following command:

/usr/local/samba/bin/samba-tool user create user1

To inspect the allocated user ID and SID, use the following command:

$ /usr/local/samba/bin/wbinfo --name-to-sid user1
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ /usr/local/samba/bin/wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
3000011

If you want to change this mapping, You must add a 'uidNumber' attribute to the users object in /usr/local/samba/private/sam.ldb

$ ldbedit -e emacs -H /usr/local/samba/private/sam.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
  • Note: You can replace emacs with your editor of choice.


Find the record for 'user1', it will start like this:

dn: CN=user1,CN=Users,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: user1


If you add a uidNumber attribute similar to this:

uidNumber: 10000

Then save and exit, Samba will then use ID '10000' for the user Unix ID.


You can change group Unix ID's in the same way.