Adding users with samba tool

Revision as of 20:56, 10 June 2017 by Hortimech (talk | contribs) (/* Change incorrect way of altering Unix ID in AD. NOTE I will return to this and fill it out when I have more time)

Adding Users into Samba Active Directory

When running Samba 4 as an Active Directory domain, unlike Samba 3, you cannot have a local Unix user for each Samba user that is created.

To create a Samba user, use the following command:

/usr/local/samba/bin/samba-tool user create user1

To inspect the allocated user ID and SID, use the following command:

$ /usr/local/samba/bin/wbinfo --name-to-sid user1
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ /usr/local/samba/bin/wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005

If you want to change this mapping, You must add a 'uidNumber' attribute to the users object in /usr/local/samba/private/sam.ldb

$ ldbedit -e emacs -H /usr/local/samba/private/sam.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
  • Note: You can replace emacs with your editor of choice.

Find the record for 'user1', it will start like this:

dn: CN=user1,CN=Users,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: user1

If you add a uidNumber attribute similar to this:

uidNumber: 10000

Then save and exit, Samba will then use ID '10000' for the user Unix ID.

You can change group Unix ID's in the same way.