Revision as of 17:48, 3 May 2019

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

You add / delete users with samba-tool

Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.

An example of adding a User + Login Profile for the user fbaggins

This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be P4ssw0rd*

$ samba-tool user create fbaggins P4ssw0rd*
 --use-username-as-cn --surname="Baggins"
 --given-name="Frodo" --initials=S
 --mail-address=fbaggins@samdom.example.com
 --company="Hobbiton Inc." --script-path=shire.bat
 --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins
 --home-drive=F
 --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins
 --job-title="Goes there and back again"

You do not need to supply all of the above options when creating a new user. For details of available options, run samba-tool user create --help in a terminal.

To inspect the allocated user ID and SID, use the following commands:

$ wbinfo --name-to-sid USERNAME
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
3000011

samba-tool: Delete Users from Samba Active Directory

# samba-tool user delete username

samba-tool: create a group in Samba Active Directory

~# samba-tool group add groupname
Added group groupname

samba-tool: delete a group from Samba Active Directory

~# samba-tool group delete groupname
Added group groupname

samba-tool: add members to a group in Samba Active Directory

~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]]
Added members to group Domain Users

samba-tool: remove members from a group in Samba Active Directory

~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]]
Removed members from group Domain Users

samba-tool: list members of a group in Samba Active Directory

~# samba-tool group listmembers "Domain Users" | grep username
 user

samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory

~# samba-tool user create username
  User 'username' created successfully

~# samba-tool group add groupname
 Added group groupname

~# samba-tool group addmembers groupname username
 Added members to group groupname

@@ Line 3: / Line 3: @@
 == Adding Users into Samba Active Directory ==
- add / delete users with samba-tool
- Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created.
- example  to add an User + Login Profile for  fbaggins
+You add / delete users with samba-tool
- This assume ADSMmeber been samba AD master / KDC and ADSMmeber Been used as Member server that stire the profile and shares
-<pre>
+Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.
-  $ samba-tool user add fbaggins
-   --random-password --use-username-as-cn
+An example of adding a User + Login Profile for the user <code>fbaggins</code>
-   --surname="Baggins" --given-name="Frodo"
-   --initials=S --mail-address=fbaggins@SAM.DOMAIN.LOCAL.
+This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be <code>P4ssw0rd*</code>
-   --company="Hobbiton Inc." --script-path=shire.bat
-   --profile-path=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\profiles\\fbaggins
+ $ samba-tool user create fbaggins P4ssw0rd*
-   --home-drive=F
+  --use-username-as-cn --surname="Baggins"
-   --home-directory=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\fbaggins
+  --given-name="Frodo" --initials=S
-   --job-title="Goes there and back again"
+  --mail-address=fbaggins@samdom.example.com
+  --company="Hobbiton Inc." --script-path=shire.bat
+  --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins
+  --home-drive=F
+  --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins
+  --job-title="Goes there and back again"
+{{Imbox
+| type = note
+| text = You do not need to supply all of the above options when creating a new user. For details of available options, run <code>samba-tool user create --help</code> in a terminal.
+}}
-</pre>
-To inspect the allocated user ID and SID, use the following command:
+To inspect the allocated user ID and SID, use the following commands:
   $ wbinfo --name-to-sid USERNAME
@@ Line 29: / Line 36: @@
   $ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
   3000011
-If you want to change this mapping, then use <tt>ldbedit</tt> on the <tt>/var/lib/samba/private/idmap.ldb</tt>, as shown:
- $ ldbedit -e emacs -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
-*Note: You can replace <tt>emacs</tt> with your editor of choice.
-You will find records that look like this:
- # record 1
- dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
- cn: S-1-5-21-4036476082-4153129556-3089177936-1005
- objectClass: sidMap
- objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005
- type: ID_TYPE_BOTH
- xidNumber: 3000011
- distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
-If you change the <tt>xidNumber</tt> attribute and save your editor then exit,
-then Samba will update the mapping to between the SID and the user
-ID. Updating group mappings works in the same way.
-To create a Samba user, use the following command at ADSMmeber via ssh login as root :
-  $ samba-tool user add USERNAME
@@ Line 61: / Line 41: @@
-=== samba-tool- Delete  Users from Samba Active Directory ===
+=== samba-tool: Delete  Users from Samba Active Directory ===
-  # samba-tool user delete stduser
+ # samba-tool user delete username
-=== samba-tool -- create  group  from Samba Active Directory ===
+=== samba-tool: create a group in Samba Active Directory ===
-<pre>
+  ~# samba-tool group add groupname
-  ~# samba-tool group add stdgroup
+ Added group groupname
-  Added group stdgroup
-</pre>
-=== samba-tool - delete  group  from Samba Active Directory ===
+=== samba-tool: delete a group from Samba Active Directory ===
-<pre>
+  ~# samba-tool group delete groupname
-  ~# samba-tool group delete stdgroup
+ Added group groupname
-  Added group stdgroup
-</pre>
-===  samba-tool - group addmembers  -  Samba Active Directory ===
+===  samba-tool: add members to a group in Samba Active Directory ===
-<pre>
+  ~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]]
-  ~# samba-tool group addmembers "Domain Users" stduser[,otheruser[,thirduser[,...]]]
   Added members to group Domain Users
-</pre>
+===  samba-tool: remove members from a group in Samba Active Directory ===
-===  samba-tool-  group removemembers -  Samba Active Directory ===
-<pre>
+  ~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]]
-  ~# samba-tool group removemembers "Domain Users" stduser[,otheruser[,thirduser[,...]]]
   Removed members from group Domain Users
-</pre>
+=== samba-tool: list members of a group in Samba Active Directory ===
+ ~# samba-tool group listmembers "Domain Users" | grep username
+  user
-=== samba-tool - group listmembers -  Samba Active Directory ===
+=== samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory ===
-<pre>
- ~# samba-tool group listmembers "Domain Users" | grep stduser
-  stduser
-</pre>
+ ~# samba-tool user create username
-=== samba-tool - Create a user, create a group, add the user to the group -  Samba Active Directory ===
+   User 'username' created successfully
-<pre>
+  ~# samba-tool group add groupname
-  ~# samba-tool user add stduser
+  Added group groupname
-   User 'stduser' created successfully
- ~# samba-tool group add stdgroup
+  ~# samba-tool group addmembers groupname username
-  Added group stdgroup
+   Added members to group groupname
-  ~# samba-tool group addmembers stdgroup stduser
-   Added members to group stdgroup
-</pre>
+----
+[[Category:User Management]]

Anonymous

Search

Navigation

Navigation

Wiki tools

Wiki tools

Difference between revisions of "User and Group management"

Namespaces

Page actions

Revision as of 17:48, 3 May 2019

Contents

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

samba-tool: Delete Users from Samba Active Directory

samba-tool: create a group in Samba Active Directory

samba-tool: delete a group from Samba Active Directory

samba-tool: add members to a group in Samba Active Directory

samba-tool: remove members from a group in Samba Active Directory

samba-tool: list members of a group in Samba Active Directory

samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory

Anonymous

Search

Navigation

Wiki tools

Page tools

Categories

Difference between revisions of "User and Group management"

Revision as of 17:48, 3 May 2019

Contents

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

samba-tool: Delete Users from Samba Active Directory

samba-tool: create a group in Samba Active Directory

samba-tool: delete a group from Samba Active Directory

samba-tool: add members to a group in Samba Active Directory

samba-tool: remove members from a group in Samba Active Directory

samba-tool: list members of a group in Samba Active Directory

samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory