User and Group management

From SambaWiki

User and Group and Computer accountd management with samba-tool

Adding Users into Samba Active Directory

add / delete users with samba-tool
Unlike Samba 3, Samba 4 does not require a local Unix user for each Samba user that is created.


example : to add an User 
  $ samba-tool user add fbaggins
   --random-password --use-username-as-cn
   --surname="Baggins" --given-name="Frodo"
   --initials=S --mail-address=fbaggins@SAM.DOMAIN.LOCAL.
   --company="Hobbiton Inc." --script-path=shire.bat
   --profile-path=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\profiles\\fbaggins
   --home-drive=F
   --home-directory=\\\\ADSMmeber.SAM.DOMAIN.LOCAL\\fbaggins
   --job-title="Goes there and back again"

To inspect the allocated user ID and SID, use the following command:

$ wbinfo --name-to-sid USERNAME
S-1-5-21-4036476082-4153129556-3089177936-1005 SID_USER (1)

$ wbinfo --sid-to-uid S-1-5-21-4036476082-4153129556-3089177936-1005
3000011

If you want to change this mapping, then use ldbedit on the /var/lib/samba/private/idmap.ldb, as shown:

$ ldbedit -e emacs -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-4036476082-4153129556-3089177936-1005
  • Note: You can replace emacs with your editor of choice.

You will find records that look like this:

# record 1
dn: CN=S-1-5-21-4036476082-4153129556-3089177936-1005
cn: S-1-5-21-4036476082-4153129556-3089177936-1005
objectClass: sidMap
objectSid: S-1-5-21-4036476082-4153129556-3089177936-1005
type: ID_TYPE_BOTH
xidNumber: 3000011
distinguishedName: CN=S-1-5-21-4036476082-4153129556-3089177936-1005

If you change the xidNumber attribute and save your editor then exit, then Samba will update the mapping to between the SID and the user ID. Updating group mappings works in the same way.


To create a Samba user, use the following command at samba-ad1 via ssh login as root :

 $ samba-tool user add USERNAME



samba-tool- Delete Users from Samba Active Directory

 # samba-tool user delete stduser

samba-tool -- create group from Samba Active Directory

 ~# samba-tool group add stdgroup
  Added group stdgroup

samba-tool - delete group from Samba Active Directory

 ~# samba-tool group delete stdgroup
  Added group stdgroup

samba-tool - group addmembers - Samba Active Directory

 ~# samba-tool group removemembers "Domain Users" stduser
 Removed members from group Domain Users

samba-tool- group removemembers - Samba Active Directory

 ~# samba-tool group removemembers "Domain Users" stduser
 Removed members from group Domain Users


samba-tool - group listmembers - Samba Active Directory

 ~# samba-tool group listmembers "Domain Users" | grep stduser
  stduser


samba-tool - Create a user, create a group, add the user to the group - Samba Active Directory

 ~# samba-tool user add stduser
   User 'stduser' created successfully
 
 ~# samba-tool group add stdgroup
  Added group stdgroup

 ~# samba-tool group addmembers stdgroup stduser
  Added members to group stdgroup