User and Group management: Difference between revisions
From SambaWiki
(5 intermediate revisions by 4 users not shown) | |||
Line 3: | Line 3: | ||
== Adding Users into Samba Active Directory == |
== Adding Users into Samba Active Directory == |
||
add / delete users with samba-tool |
|||
Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created. |
|||
You add / delete users with samba-tool |
|||
Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created. |
|||
example : to add an User |
|||
An example of adding a User + Login Profile for the user <code>fbaggins</code> |
|||
<pre> |
|||
$ samba-tool user add fbaggins |
|||
This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be <code>P4ssw0rd*</code> |
|||
--random-password --use-username-as-cn |
|||
--surname="Baggins" --given-name="Frodo" |
|||
$ samba-tool user create fbaggins P4ssw0rd* |
|||
--initials=S --mail-address=fbaggins@SAM.DOMAIN.LOCAL. |
|||
--use-username-as-cn --surname="Baggins" |
|||
--company="Hobbiton Inc." --script-path=shire.bat |
|||
--given-name="Frodo" --initials=S |
|||
--profile-path=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\profiles\\fbaggins |
|||
--mail-address=fbaggins@samdom.example.com |
|||
--home-drive=F |
|||
--company="Hobbiton Inc." --script-path=shire.bat |
|||
--home-directory=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\fbaggins |
|||
--profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins |
|||
--job-title="Goes there and back again" |
|||
--home-drive=F |
|||
--home-directory=\\\\ADSMember.samdom.example.com\\fbaggins |
|||
--job-title="Goes there and back again" |
|||
</pre> |
|||
{{Imbox |
|||
To inspect the allocated user ID and SID, use the following command: |
|||
| type = note |
|||
| text = You do not need to supply all of the above options when creating a new user. For details of available options, run <code>samba-tool user create --help</code> in a terminal. |
|||
}} |
|||
To inspect the allocated user ID and SID, use the following commands: |
|||
$ wbinfo --name-to-sid USERNAME |
$ wbinfo --name-to-sid USERNAME |
||
Line 30: | Line 37: | ||
3000011 |
3000011 |
||
If you want to change this mapping, then use <tt>ldbedit<tt> on the <tt>/var/lib/samba/private/idmap.ldb</tt>, as shown: |
|||
$ ldbedit -e emacs -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
*Note: You can replace <tt>emacs</tt> with your editor of choice. |
|||
You will find records that look like this: |
|||
=== samba-tool: Delete Users from Samba Active Directory === |
|||
# record 1 |
|||
dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
cn: S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
objectClass: sidMap |
|||
objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
type: ID_TYPE_BOTH |
|||
xidNumber: 3000011 |
|||
distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005 |
|||
# samba-tool user delete username |
|||
If you change the <tt>xidNumber</tt> attribute and save your editor then exit, |
|||
then Samba will update the mapping to between the SID and the user |
|||
ID. Updating group mappings works in the same way. |
|||
=== samba-tool: create a group in Samba Active Directory === |
|||
~# samba-tool group add groupname |
|||
Added group groupname |
|||
=== samba-tool: delete a group from Samba Active Directory === |
|||
To create a Samba user, use the following command at samba-ad1 via ssh login as root : |
|||
~# samba-tool group delete groupname |
|||
Added group groupname |
|||
=== samba-tool: add members to a group in Samba Active Directory === |
|||
~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]] |
|||
Added members to group Domain Users |
|||
=== samba-tool: remove members from a group in Samba Active Directory === |
|||
~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]] |
|||
=== samba-tool- Delete Users from Samba Active Directory === |
|||
# samba-tool user delete stduser |
|||
=== samba-tool -- create group from Samba Active Directory === |
|||
<pre> |
|||
~# samba-tool group add stdgroup |
|||
Added group stdgroup |
|||
</pre> |
|||
=== samba-tool - delete group from Samba Active Directory === |
|||
<pre> |
|||
~# samba-tool group delete stdgroup |
|||
Added group stdgroup |
|||
</pre> |
|||
=== samba-tool - group addmembers - Samba Active Directory === |
|||
<pre> |
|||
~# samba-tool group removemembers "Domain Users" stduser |
|||
Removed members from group Domain Users |
Removed members from group Domain Users |
||
=== samba-tool: list members of a group in Samba Active Directory === |
|||
</pre> |
|||
~# samba-tool group listmembers "Domain Users" | grep username |
|||
user |
|||
=== samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory === |
|||
<pre> |
|||
~# samba-tool group removemembers "Domain Users" stduser |
|||
Removed members from group Domain Users |
|||
~# samba-tool user create username |
|||
</pre> |
|||
User 'username' created successfully |
|||
=== samba-tool - group listmembers - Samba Active Directory === |
|||
<pre> |
|||
~# samba-tool group listmembers "Domain Users" | grep stduser |
|||
stduser |
|||
</pre> |
|||
=== samba-tool - Create a user, create a group, add the user to the group - Samba Active Directory === |
|||
<pre> |
|||
~# samba-tool user add stduser |
|||
User 'stduser' created successfully |
|||
~# samba-tool group add |
~# samba-tool group add groupname |
||
Added group |
Added group groupname |
||
~# samba-tool group addmembers |
~# samba-tool group addmembers groupname username |
||
Added members to group |
Added members to group groupname |
||
---- |
|||
</pre> |
|||
[[Category:User Management]] |
Revision as of 17:48, 3 May 2019
User and Group and Computer accountd management with samba-tool
Adding Users into Samba Active Directory
You add / delete users with samba-tool
Unlike Samba 3, running Samba 4 as an AD DC or Unix AD domain member does not require a local Unix user for each Samba user that is created.
An example of adding a User + Login Profile for the user fbaggins
This assumes that ADSMember is being used as a Unix Member server that stores the profile and shares and the new users password will be P4ssw0rd*
$ samba-tool user create fbaggins P4ssw0rd* --use-username-as-cn --surname="Baggins" --given-name="Frodo" --initials=S --mail-address=fbaggins@samdom.example.com --company="Hobbiton Inc." --script-path=shire.bat --profile-path=\\\\ADSMember.samdom.example.com\\profiles\\fbaggins --home-drive=F --home-directory=\\\\ADSMember.samdom.example.com\\fbaggins --job-title="Goes there and back again"
You do not need to supply all of the above options when creating a new user. For details of available options, run samba-tool user create --help in a terminal. |
To inspect the allocated user ID and SID, use the following commands:
$ wbinfo --name-to-sid USERNAME S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1) $ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005 3000011
samba-tool: Delete Users from Samba Active Directory
# samba-tool user delete username
samba-tool: create a group in Samba Active Directory
~# samba-tool group add groupname Added group groupname
samba-tool: delete a group from Samba Active Directory
~# samba-tool group delete groupname Added group groupname
samba-tool: add members to a group in Samba Active Directory
~# samba-tool group addmembers "Domain Users" user[,otheruser[,thirduser[,...]]] Added members to group Domain Users
samba-tool: remove members from a group in Samba Active Directory
~# samba-tool group removemembers "Domain Users" user[,otheruser[,thirduser[,...]]] Removed members from group Domain Users
samba-tool: list members of a group in Samba Active Directory
~# samba-tool group listmembers "Domain Users" | grep username user
samba-tool: Create a user, create a group, add the user to the group in Samba Active Directory
~# samba-tool user create username User 'username' created successfully ~# samba-tool group add groupname Added group groupname ~# samba-tool group addmembers groupname username Added members to group groupname