Difference between revisions of "User and Group management"

m (Corrected wrong <tt> tag)
m (FIX /samba-tool - group addmembers/, add syntax for optionally multiple users (as I listed them space-separated, instead of comma-separated)
Line 82: Line 82:
  
 
<pre>
 
<pre>
  ~# samba-tool group removemembers "Domain Users" stduser
+
  ~# samba-tool group addmembers "Domain Users" stduser[,otheruser[,thirduser[,...]]]
  Removed members from group Domain Users
+
  Added members to group Domain Users
  
 
</pre>
 
</pre>
Line 90: Line 90:
  
 
<pre>
 
<pre>
  ~# samba-tool group removemembers "Domain Users" stduser
+
  ~# samba-tool group removemembers "Domain Users" stduser[,otheruser[,thirduser[,...]]]
 
  Removed members from group Domain Users
 
  Removed members from group Domain Users
  

Revision as of 08:44, 26 August 2016

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

add / delete users with samba-tool
Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created.
example  to add an User + Login Profile for  fbaggins 
This assume ADSMmeber been samba AD master / KDC and ADSMmeber Been used as Member server that stire the profile and shares
  $ samba-tool user add fbaggins
   --random-password --use-username-as-cn
   --surname="Baggins" --given-name="Frodo"
   --initials=S --mail-address=fbaggins@SAM.DOMAIN.LOCAL.
   --company="Hobbiton Inc." --script-path=shire.bat
   --profile-path=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\profiles\\fbaggins
   --home-drive=F
   --home-directory=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\fbaggins
   --job-title="Goes there and back again"

To inspect the allocated user ID and SID, use the following command:

$ wbinfo --name-to-sid USERNAME
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
3000011

If you want to change this mapping, then use ldbedit on the /var/lib/samba/private/idmap.ldb, as shown:

$ ldbedit -e emacs -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
  • Note: You can replace emacs with your editor of choice.

You will find records that look like this:

# record 1
dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
cn: S-1-5-21-4036476082-4153129556-3089177936-1005
objectClass: sidMap
objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005
type: ID_TYPE_BOTH
xidNumber: 3000011
distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005

If you change the xidNumber attribute and save your editor then exit, then Samba will update the mapping to between the SID and the user ID. Updating group mappings works in the same way.


To create a Samba user, use the following command at ADSMmeber via ssh login as root :

 $ samba-tool user add USERNAME



samba-tool- Delete Users from Samba Active Directory

 # samba-tool user delete stduser

samba-tool -- create group from Samba Active Directory

 ~# samba-tool group add stdgroup
  Added group stdgroup

samba-tool - delete group from Samba Active Directory

 ~# samba-tool group delete stdgroup
  Added group stdgroup

samba-tool - group addmembers - Samba Active Directory

 ~# samba-tool group addmembers "Domain Users" stduser[,otheruser[,thirduser[,...]]]
 Added members to group Domain Users

samba-tool- group removemembers - Samba Active Directory

 ~# samba-tool group removemembers "Domain Users" stduser[,otheruser[,thirduser[,...]]]
 Removed members from group Domain Users


samba-tool - group listmembers - Samba Active Directory

 ~# samba-tool group listmembers "Domain Users" | grep stduser
  stduser


samba-tool - Create a user, create a group, add the user to the group - Samba Active Directory

 ~# samba-tool user add stduser
   User 'stduser' created successfully
 
 ~# samba-tool group add stdgroup
  Added group stdgroup

 ~# samba-tool group addmembers stdgroup stduser
  Added members to group stdgroup