Difference between revisions of "User and Group management"

(Adding Users into Samba Active Directory)
m (added category: User Management)
 
(5 intermediate revisions by 4 users not shown)
Line 3: Line 3:
  
 
== Adding Users into Samba Active Directory ==
 
== Adding Users into Samba Active Directory ==
add / delete users with samba-tool
 
Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created.
 
  
 +
You add / delete users with samba-tool
  
example : to add an User
+
Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.
  
<pre>
+
An example of adding a User + Login Profile for the user <code>fbaggins</code>
  $ samba-tool user add fbaggins
+
   --random-password --use-username-as-cn
+
This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be <code>P4ssw0rd*</code>
   --surname="Baggins" --given-name="Frodo"
 
   --initials=S --mail-address=fbaggins@SAM.DOMAIN.LOCAL.
 
   --company="Hobbiton Inc." --script-path=shire.bat
 
   --profile-path=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\profiles\\fbaggins
 
   --home-drive=F
 
   --home-directory=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\fbaggins
 
   --job-title="Goes there and back again"
 
  
</pre>
+
$ samba-tool user create fbaggins P4ssw0rd*
 +
  --use-username-as-cn --surname="Baggins"
 +
  --given-name="Frodo" --initials=S
 +
  --mail-address=fbaggins@samdom.example.com
 +
  --company="Hobbiton Inc." --script-path=shire.bat
 +
  --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins
 +
  --home-drive=F
 +
  --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins
 +
  --job-title="Goes there and back again"
  
To inspect the allocated user ID and SID, use the following command:
+
 
 +
{{Imbox
 +
| type = note
 +
| text = You do not need to supply all of the above options when creating a new user. For details of available options, run <code>samba-tool user create --help</code> in a terminal.
 +
}}
 +
 
 +
 
 +
To inspect the allocated user ID and SID, use the following commands:
  
 
  $ wbinfo --name-to-sid USERNAME
 
  $ wbinfo --name-to-sid USERNAME
Line 29: Line 36:
 
  $ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
 
  $ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
 
  3000011
 
  3000011
 
If you want to change this mapping, then use <tt>ldbedit<tt> on the <tt>/var/lib/samba/private/idmap.ldb</tt>, as shown:
 
 
$ ldbedit -e emacs -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
 
 
*Note: You can replace <tt>emacs</tt> with your editor of choice.
 
 
You will find records that look like this:
 
 
# record 1
 
dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
 
cn: S-1-5-21-4036476082-4153129556-3089177936-1005
 
objectClass: sidMap
 
objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005
 
type: ID_TYPE_BOTH
 
xidNumber: 3000011
 
distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
 
 
If you change the <tt>xidNumber</tt> attribute and save your editor then exit,
 
then Samba will update the mapping to between the SID and the user
 
ID. Updating group mappings works in the same way.
 
 
  
  
To create a Samba user, use the following command at samba-ad1 via ssh login as root :
 
  
  $ samba-tool user add USERNAME
 
  
  
 +
=== samba-tool: Delete  Users from Samba Active Directory ===
  
 +
# samba-tool user delete username
  
 +
=== samba-tool: create a group in Samba Active Directory ===
  
=== samba-tool- Delete Users from Samba Active Directory ===
+
~# samba-tool group add groupname
 +
  Added group groupname
  
  # samba-tool user delete stduser
+
=== samba-tool: delete a group from Samba Active Directory ===
  
=== samba-tool -- create group from Samba Active Directory ===
+
~# samba-tool group delete groupname
 +
  Added group groupname
  
<pre>
+
=== samba-tool: add members to a group in Samba Active Directory ===
  ~# samba-tool group add stdgroup
 
  Added group stdgroup
 
</pre>
 
  
=== samba-tool - delete group from Samba Active Directory ===
+
~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]]
 +
  Added members to group Domain Users
  
<pre>
+
=== samba-tool: remove members from a group in Samba Active Directory ===
  ~# samba-tool group delete stdgroup
 
  Added group stdgroup
 
</pre>
 
  
===  samba-tool - group addmembers  -  Samba Active Directory ===
+
  ~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]]
 
 
<pre>
 
  ~# samba-tool group removemembers "Domain Users" stduser
 
 
  Removed members from group Domain Users
 
  Removed members from group Domain Users
  
</pre>
+
=== samba-tool: list members of a group in Samba Active Directory ===
  
=== samba-toolgroup removemembers -  Samba Active Directory ===
+
  ~# samba-tool group listmembers "Domain Users" | grep username
 +
  user
  
<pre>
+
=== samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory ===
~# samba-tool group removemembers "Domain Users" stduser
 
Removed members from group Domain Users
 
  
</pre>
+
  ~# samba-tool user create username
 
+
  User 'username' created successfully
 
+
=== samba-tool - group listmembers -  Samba Active Directory ===
+
  ~# samba-tool group add groupname
<pre>
+
  Added group groupname
  ~# samba-tool group listmembers "Domain Users" | grep stduser
 
  stduser
 
</pre>
 
 
 
 
 
=== samba-tool - Create a user, create a group, add the user to the group -  Samba Active Directory ===
 
 
 
<pre>
 
  ~# samba-tool user add stduser
 
  User 'stduser' created successfully
 
 
   
 
   
~# samba-tool group add stdgroup
+
  ~# samba-tool group addmembers groupname username
  Added group stdgroup
+
   Added members to group groupname
 
 
  ~# samba-tool group addmembers stdgroup stduser
 
   Added members to group stdgroup
 
  
</pre>
+
----
 +
[[Category:User Management]]

Latest revision as of 17:48, 3 May 2019

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

You add / delete users with samba-tool

Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.

An example of adding a User + Login Profile for the user fbaggins

This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be P4ssw0rd*

$ samba-tool user create fbaggins P4ssw0rd*
 --use-username-as-cn --surname="Baggins"
 --given-name="Frodo" --initials=S
 --mail-address=fbaggins@samdom.example.com
 --company="Hobbiton Inc." --script-path=shire.bat
 --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins
 --home-drive=F
 --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins
 --job-title="Goes there and back again"



To inspect the allocated user ID and SID, use the following commands:

$ wbinfo --name-to-sid USERNAME
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
3000011



samba-tool: Delete Users from Samba Active Directory

# samba-tool user delete username

samba-tool: create a group in Samba Active Directory

~# samba-tool group add groupname
Added group groupname

samba-tool: delete a group from Samba Active Directory

~# samba-tool group delete groupname
Added group groupname

samba-tool: add members to a group in Samba Active Directory

~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]]
Added members to group Domain Users

samba-tool: remove members from a group in Samba Active Directory

~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]]
Removed members from group Domain Users

samba-tool: list members of a group in Samba Active Directory

~# samba-tool group listmembers "Domain Users" | grep username
 user

samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory

~# samba-tool user create username
  User 'username' created successfully

~# samba-tool group add groupname
 Added group groupname

~# samba-tool group addmembers groupname username
 Added members to group groupname