Adding users with samba tool: Difference between revisions
From SambaWiki
Jasonblewis (talk | contribs) (→Adding Users into Samba Active Directory: user add deprecated by create) |
m (/* Change incorrect way of altering Unix ID in AD. NOTE I will return to this and fill it out when I have more time) |
||
Line 1: | Line 1: | ||
== Adding Users into Samba Active Directory == |
== Adding Users into Samba Active Directory == |
||
When running Samba 4 as an Active Directory domain, unlike Samba 3, you cannot have a local Unix user for each Samba user that is created. |
|||
To create a Samba user, use the following command: |
To create a Samba user, use the following command: |
||
/usr/local/samba/bin/samba-tool user create |
/usr/local/samba/bin/samba-tool user create user1 |
||
To inspect the allocated user ID and SID, use the following command: |
To inspect the allocated user ID and SID, use the following command: |
||
$ /usr/local/samba/bin/wbinfo --name-to-sid |
$ /usr/local/samba/bin/wbinfo --name-to-sid user1 |
||
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1) |
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1) |
||
Line 14: | Line 14: | ||
3000011 |
3000011 |
||
If you want to change this mapping, |
If you want to change this mapping, You must add a 'uidNumber' attribute to the users object in /usr/local/samba/private/sam.ldb |
||
$ ldbedit -e emacs -H /usr/local/samba/private/ |
$ ldbedit -e emacs -H /usr/local/samba/private/sam.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005 |
||
*Note: You can replace <tt>emacs</tt> with your editor of choice. |
*Note: You can replace <tt>emacs</tt> with your editor of choice. |
||
You will find records that look like this: |
|||
Find the record for 'user1', it will start like this: |
|||
# record 1 |
|||
dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
cn: S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
⚫ | |||
objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
type: ID_TYPE_BOTH |
|||
xidNumber: 3000011 |
|||
distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
dn: CN=user1,CN=Users,DC=samdom,DC=example,DC=com |
|||
If you change the <tt>xidNumber</tt> attribute and save your editor then exit, |
|||
⚫ | |||
then Samba will update the mapping to between the SID and the user |
|||
objectClass: person |
|||
⚫ | |||
objectClass: organizationalPerson |
|||
objectClass: user |
|||
cn: user1 |
|||
If you add a <tt>uidNumber</tt> attribute similar to this: |
|||
uidNumber: 10000 |
|||
Then save and exit, |
|||
Samba will then use ID '10000' for the user Unix ID. |
|||
⚫ |
Revision as of 20:56, 10 June 2017
Adding Users into Samba Active Directory
When running Samba 4 as an Active Directory domain, unlike Samba 3, you cannot have a local Unix user for each Samba user that is created.
To create a Samba user, use the following command:
/usr/local/samba/bin/samba-tool user create user1
To inspect the allocated user ID and SID, use the following command:
$ /usr/local/samba/bin/wbinfo --name-to-sid user1 S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1) $ /usr/local/samba/bin/wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005 3000011
If you want to change this mapping, You must add a 'uidNumber' attribute to the users object in /usr/local/samba/private/sam.ldb
$ ldbedit -e emacs -H /usr/local/samba/private/sam.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
- Note: You can replace emacs with your editor of choice.
Find the record for 'user1', it will start like this:
dn: CN=user1,CN=Users,DC=samdom,DC=example,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: user1
If you add a uidNumber attribute similar to this:
uidNumber: 10000
Then save and exit, Samba will then use ID '10000' for the user Unix ID.
You can change group Unix ID's in the same way.