Adding users with samba tool

From SambaWiki
Revision as of 06:40, 9 June 2017 by Jasonblewis (talk | contribs) (→‎Adding Users into Samba Active Directory: user add deprecated by create)

Adding Users into Samba Active Directory

Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created.

To create a Samba user, use the following command:

/usr/local/samba/bin/samba-tool user create USERNAME

To inspect the allocated user ID and SID, use the following command:

$ /usr/local/samba/bin/wbinfo --name-to-sid USERNAME
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ /usr/local/samba/bin/wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
3000011

If you want to change this mapping, then use ldbedit on the /usr/local/samba/private/idmap.ldb, as shown:

$ ldbedit -e emacs -H /usr/local/samba/private/idmap.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
  • Note: You can replace emacs with your editor of choice.

You will find records that look like this:

# record 1
dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
cn: S-1-5-21-4036476082-4153129556-3089177936-1005
objectClass: sidMap
objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005
type: ID_TYPE_BOTH
xidNumber: 3000011
distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005

If you change the xidNumber attribute and save your editor then exit, then Samba will update the mapping to between the SID and the user ID. Updating group mappings works in the same way.