Difference between revisions of "User and Group management"

(Adding Users into Samba Active Directory)
m (added category: User Management)
 
(8 intermediate revisions by 4 users not shown)
Line 2: Line 2:
 
=  User and Group and Computer accountd management with samba-tool =
 
=  User and Group and Computer accountd management with samba-tool =
  
== add / delete users with samba-tool ==
+
== Adding Users into Samba Active Directory ==
 +
 
 +
You add / delete users with samba-tool
 +
 
 +
Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.
 +
 
 +
An example of adding a User + Login Profile for the user <code>fbaggins</code>
 +
 +
This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be <code>P4ssw0rd*</code>
 +
 
 +
$ samba-tool user create fbaggins P4ssw0rd*
 +
  --use-username-as-cn --surname="Baggins"
 +
  --given-name="Frodo" --initials=S
 +
  --mail-address=fbaggins@samdom.example.com
 +
  --company="Hobbiton Inc." --script-path=shire.bat
 +
  --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins
 +
  --home-drive=F
 +
  --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins
 +
  --job-title="Goes there and back again"
 +
 
 +
 
 +
{{Imbox
 +
| type = note
 +
| text = You do not need to supply all of the above options when creating a new user. For details of available options, run <code>samba-tool user create --help</code> in a terminal.
 +
}}
 +
 
  
== Adding Users into Samba Active Directory ==
+
To inspect the allocated user ID and SID, use the following commands:
Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created.
 
  
To create a Samba user, use the following command at samba-ad1 via ssh login as root :
+
$ wbinfo --name-to-sid USERNAME
 +
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)
 +
 +
$ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
 +
3000011
  
  $ samba-tool user add USERNAME
 
  
=== samba-tool- Delete  Users from Samba Active Directory ===
 
  
  # samba-tool user delete stduser
 
  
=== samba-tool -- create  group  from Samba Active Directory ===
 
  
<pre>
+
=== samba-tool: Delete  Users from Samba Active Directory ===
~# samba-tool group add stdgroup
 
  Added group stdgroup
 
</pre>
 
  
=== samba-tool - delete group  from Samba Active Directory ===
+
# samba-tool user delete username
  
<pre>
+
=== samba-tool: create a group in Samba Active Directory ===
~# samba-tool group delete stdgroup
 
  Added group stdgroup
 
</pre>
 
  
=== samba-tool - group addmembers -  Samba Active Directory ===
+
  ~# samba-tool group add groupname
 +
  Added group groupname
  
<pre>
+
=== samba-tool: delete a group from Samba Active Directory ===
~# samba-tool group removemembers "Domain Users" stduser
 
Removed members from group Domain Users
 
  
</pre>
+
~# samba-tool group delete groupname
 +
Added group groupname
  
===  samba-toolgroup removemembers -  Samba Active Directory ===
+
===  samba-tool: add members to a group in Samba Active Directory ===
  
<pre>
+
  ~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]]
  ~# samba-tool group removemembers "Domain Users" stduser
+
  Added members to group Domain Users
  Removed members from group Domain Users
 
  
</pre>
+
===  samba-tool: remove members from a group in Samba Active Directory ===
  
 +
~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]]
 +
Removed members from group Domain Users
  
=== samba-tool - group listmembers -  Samba Active Directory ===
+
=== samba-tool: list members of a group in Samba Active Directory ===
<pre>
 
~# samba-tool group listmembers "Domain Users" | grep stduser
 
  stduser
 
</pre>
 
  
 +
~# samba-tool group listmembers "Domain Users" | grep username
 +
  user
  
=== samba-tool - Create a user, create a group, add the user to the group Samba Active Directory ===
+
=== samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory ===
  
<pre>
+
  ~# samba-tool user create username
  ~# samba-tool user add stduser
+
   User 'username' created successfully
   User 'stduser' created successfully
+
 +
~# samba-tool group add groupname
 +
  Added group groupname
 
   
 
   
~# samba-tool group add stdgroup
+
  ~# samba-tool group addmembers groupname username
  Added group stdgroup
+
   Added members to group groupname
 
 
  ~# samba-tool group addmembers stdgroup stduser
 
   Added members to group stdgroup
 
  
</pre>
+
----
 +
[[Category:User Management]]

Latest revision as of 17:48, 3 May 2019

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

You add / delete users with samba-tool

Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.

An example of adding a User + Login Profile for the user fbaggins

This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be P4ssw0rd*

$ samba-tool user create fbaggins P4ssw0rd*
 --use-username-as-cn --surname="Baggins"
 --given-name="Frodo" --initials=S
 --mail-address=fbaggins@samdom.example.com
 --company="Hobbiton Inc." --script-path=shire.bat
 --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins
 --home-drive=F
 --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins
 --job-title="Goes there and back again"



To inspect the allocated user ID and SID, use the following commands:

$ wbinfo --name-to-sid USERNAME
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
3000011



samba-tool: Delete Users from Samba Active Directory

# samba-tool user delete username

samba-tool: create a group in Samba Active Directory

~# samba-tool group add groupname
Added group groupname

samba-tool: delete a group from Samba Active Directory

~# samba-tool group delete groupname
Added group groupname

samba-tool: add members to a group in Samba Active Directory

~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]]
Added members to group Domain Users

samba-tool: remove members from a group in Samba Active Directory

~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]]
Removed members from group Domain Users

samba-tool: list members of a group in Samba Active Directory

~# samba-tool group listmembers "Domain Users" | grep username
 user

samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory

~# samba-tool user create username
  User 'username' created successfully

~# samba-tool group add groupname
 Added group groupname

~# samba-tool group addmembers groupname username
 Added members to group groupname