On 08/12/2012 08:49 PM, Nick Triantos wrote:
Thanks very much.
For some reason, this time, when I uncommented those idmap range lines, it all
worked.
Steve, to use rfc2307 out of the box, how do I specify uids for my users? I
installed sfu to get the tab in the Users & Computers where I could set stuff
like shell, uid, etc.
thanks,
-Nick
Hi Nick
Just knock up a quick script. Here's one we made using an idea from
Geza. It's specific to our domain but you can easily change it:
#!/bin/bash
# get next uid
getent passwd | cut -d ":" -f3 >/tmp/uid
sort -n /tmp/uid -o /tmp/uid
highuid=$(tail -1 /tmp/uid)
uid=$(($highuid+1))
echo $uid $highuid
# tidy up
rm /tmp/uid
samba-tool user add $1
echo Updating directory with uid $uid
sleep 1
echo "dn: cn=$1,cn=Users,dc=hh3,dc=site
changetype: modify
add: objectClass
objectClass: posixAccount
-
add: uidNumber
uidNumber: $uid
-
add: gidNumber
gidNumber: 20513
-
add: unixHomeDirectory
unixHomeDirectory: /home2/$2/$1
-
add: loginShell
loginShell: /bin/bash
-
add: profilePath
profilePath: \\\\hh30\\profiles\\$1
-
add: homeDirectory
homeDirectory: \\\\hh30\\$2\\$1
-
add: homeDrive
homeDrive: Z:" > /tmp/$1
ldbmodify --url=/usr/local/samba/private/sam.ldb /tmp/$1
sleep 1
mkdir /home2/$2/$1
chown $uid:20513 /home2/$2/$1
#So we can login on the DC too if/when we use winbind
ln -s /home2/$2/$1 /home/ALTEA
samba-tool user setexpiry $1 --noexpiry
echo $1 created
sleep 1
getent passwd $1
There is a full blown (non domain specific) set of utilities for
handling all AD objects from the DC without ever touching a m$ box here:
http://linuxcostablanca.blogspot.com.es/p/s4bind.html
HTH
Steve
http://linuxcostablanca.blogspot.com.es/p/s4bind.html
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
