Latest revision as of 17:48, 3 May 2019

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

You add / delete users with samba-tool

Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.

An example of adding a User + Login Profile for the user fbaggins

This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be P4ssw0rd*

$ samba-tool user create fbaggins P4ssw0rd*
 --use-username-as-cn --surname="Baggins"
 --given-name="Frodo" --initials=S
 --mail-address=fbaggins@samdom.example.com
 --company="Hobbiton Inc." --script-path=shire.bat
 --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins
 --home-drive=F
 --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins
 --job-title="Goes there and back again"

You do not need to supply all of the above options when creating a new user. For details of available options, run samba-tool user create --help in a terminal.

To inspect the allocated user ID and SID, use the following commands:

$ wbinfo --name-to-sid USERNAME
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
3000011

samba-tool: Delete Users from Samba Active Directory

# samba-tool user delete username

samba-tool: create a group in Samba Active Directory

~# samba-tool group add groupname
Added group groupname

samba-tool: delete a group from Samba Active Directory

~# samba-tool group delete groupname
Added group groupname

samba-tool: add members to a group in Samba Active Directory

~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]]
Added members to group Domain Users

samba-tool: remove members from a group in Samba Active Directory

~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]]
Removed members from group Domain Users

samba-tool: list members of a group in Samba Active Directory

~# samba-tool group listmembers "Domain Users" | grep username
 user

samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory

~# samba-tool user create username
  User 'username' created successfully

~# samba-tool group add groupname
 Added group groupname

~# samba-tool group addmembers groupname username
 Added members to group groupname

@@ Line 3: / Line 3: @@
 == Adding Users into Samba Active Directory ==
- add / delete users with samba-tool
- Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created.
- example  to add an User + Login Profile for  fbaggins
+You add / delete users with samba-tool
- This assume ADSMmeber been samba AD master / KDC and ADSMmeber Been used as Member server that stire the profile and shares
-<pre>
+Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.
-  $ samba-tool user add fbaggins
-   --random-password --use-username-as-cn
+An example of adding a User + Login Profile for the user <code>fbaggins</code>
-   --surname="Baggins" --given-name="Frodo"
-   --initials=S --mail-address=fbaggins@SAM.DOMAIN.LOCAL.
+This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be <code>P4ssw0rd*</code>
-   --company="Hobbiton Inc." --script-path=shire.bat
-   --profile-path=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\profiles\\fbaggins
+ $ samba-tool user create fbaggins P4ssw0rd*
-   --home-drive=F
+  --use-username-as-cn --surname="Baggins"
-   --home-directory=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\fbaggins
+  --given-name="Frodo" --initials=S
-   --job-title="Goes there and back again"
+  --mail-address=fbaggins@samdom.example.com
+  --company="Hobbiton Inc." --script-path=shire.bat
+  --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins
+  --home-drive=F
+  --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins
+  --job-title="Goes there and back again"
+{{Imbox
+| type = note
+| text = You do not need to supply all of the above options when creating a new user. For details of available options, run <code>samba-tool user create --help</code> in a terminal.
+}}
-</pre>
-To inspect the allocated user ID and SID, use the following command:
+To inspect the allocated user ID and SID, use the following commands:
   $ wbinfo --name-to-sid USERNAME
@@ Line 29: / Line 36: @@
   $ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
   3000011
-If you want to change this mapping, then use <tt>ldbedit</tt> on the <tt>/var/lib/samba/private/idmap.ldb</tt>, as shown:
- $ ldbedit -e emacs -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
-*Note: You can replace <tt>emacs</tt> with your editor of choice.
-You will find records that look like this:
- # record 1
- dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
- cn: S-1-5-21-4036476082-4153129556-3089177936-1005
- objectClass: sidMap
- objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005
- type: ID_TYPE_BOTH
- xidNumber: 3000011
- distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
-If you change the <tt>xidNumber</tt> attribute and save your editor then exit,
-then Samba will update the mapping to between the SID and the user
-ID. Updating group mappings works in the same way.
-To create a Samba user, use the following command at ADSMmeber via ssh login as root :
-  $ samba-tool user add USERNAME
@@ Line 61: / Line 41: @@
-=== samba-tool- Delete  Users from Samba Active Directory ===
+=== samba-tool: Delete  Users from Samba Active Directory ===
-  # samba-tool user delete stduser
+ # samba-tool user delete username
-=== samba-tool -- create  group  from Samba Active Directory ===
+=== samba-tool: create a group in Samba Active Directory ===
-<pre>
+  ~# samba-tool group add groupname
-  ~# samba-tool group add stdgroup
+ Added group groupname
-  Added group stdgroup
-</pre>
-=== samba-tool - delete  group  from Samba Active Directory ===
+=== samba-tool: delete a group from Samba Active Directory ===
-<pre>
+  ~# samba-tool group delete groupname
-  ~# samba-tool group delete stdgroup
+ Added group groupname
-  Added group stdgroup
-</pre>
-===  samba-tool - group addmembers  -  Samba Active Directory ===
+===  samba-tool: add members to a group in Samba Active Directory ===
-<pre>
+  ~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]]
-  ~# samba-tool group addmembers "Domain Users" stduser[,otheruser[,thirduser[,...]]]
   Added members to group Domain Users
-</pre>
+===  samba-tool: remove members from a group in Samba Active Directory ===
-===  samba-tool-  group removemembers -  Samba Active Directory ===
-<pre>
+  ~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]]
-  ~# samba-tool group removemembers "Domain Users" stduser[,otheruser[,thirduser[,...]]]
   Removed members from group Domain Users
-</pre>
+=== samba-tool: list members of a group in Samba Active Directory ===
+ ~# samba-tool group listmembers "Domain Users" | grep username
+  user
-=== samba-tool - group listmembers -  Samba Active Directory ===
+=== samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory ===
-<pre>
- ~# samba-tool group listmembers "Domain Users" | grep stduser
-  stduser
-</pre>
+ ~# samba-tool user create username
-=== samba-tool - Create a user, create a group, add the user to the group -  Samba Active Directory ===
+   User 'username' created successfully
-<pre>
+  ~# samba-tool group add groupname
-  ~# samba-tool user add stduser
+  Added group groupname
-   User 'stduser' created successfully
- ~# samba-tool group add stdgroup
+  ~# samba-tool group addmembers groupname username
-  Added group stdgroup
+   Added members to group groupname
-  ~# samba-tool group addmembers stdgroup stduser
-   Added members to group stdgroup
-</pre>
+----
+[[Category:User Management]]

Anonymous

Search

Navigation

Navigation

Wiki tools

Wiki tools

Difference between revisions of "User and Group management"

Namespaces

Page actions

Latest revision as of 17:48, 3 May 2019

Contents

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

samba-tool: Delete Users from Samba Active Directory

samba-tool: create a group in Samba Active Directory

samba-tool: delete a group from Samba Active Directory

samba-tool: add members to a group in Samba Active Directory

samba-tool: remove members from a group in Samba Active Directory

samba-tool: list members of a group in Samba Active Directory

samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory

Anonymous

Search

Navigation

Wiki tools

Page tools

Categories

Difference between revisions of "User and Group management"

Latest revision as of 17:48, 3 May 2019

Contents

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

samba-tool: Delete Users from Samba Active Directory

samba-tool: create a group in Samba Active Directory

samba-tool: delete a group from Samba Active Directory

samba-tool: add members to a group in Samba Active Directory

samba-tool: remove members from a group in Samba Active Directory

samba-tool: list members of a group in Samba Active Directory

samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory