Adding users with samba tool

From SambaWiki
Revision as of 20:56, 10 June 2017 by Hortimech (talk | contribs) (/* Change incorrect way of altering Unix ID in AD. NOTE I will return to this and fill it out when I have more time)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Adding Users into Samba Active Directory

When running Samba 4 as an Active Directory domain, unlike Samba 3, you cannot have a local Unix user for each Samba user that is created.

To create a Samba user, use the following command:

/usr/local/samba/bin/samba-tool user create user1

To inspect the allocated user ID and SID, use the following command:

$ /usr/local/samba/bin/wbinfo --name-to-sid user1
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ /usr/local/samba/bin/wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
3000011

If you want to change this mapping, You must add a 'uidNumber' attribute to the users object in /usr/local/samba/private/sam.ldb

$ ldbedit -e emacs -H /usr/local/samba/private/sam.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
  • Note: You can replace emacs with your editor of choice.


Find the record for 'user1', it will start like this:

dn: CN=user1,CN=Users,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: user1


If you add a uidNumber attribute similar to this:

uidNumber: 10000

Then save and exit, Samba will then use ID '10000' for the user Unix ID.


You can change group Unix ID's in the same way.