Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] How do you configure a NIS group?
334 views
Skip to first unread message
John Lewis
Oct 8, 2014, 8:50:01 PM10/8/14
to
How do you configure a NIS group so it will be pulled out of the LDAP
with nslcd?
I think it may be mentioned in
https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
but I am not sure.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
with nslcd?
I think it may be mentioned in
https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
but I am not sure.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marc Muehlfeld
Oct 10, 2014, 11:00:02 AM10/10/14
to
Hello John,
Am 09.10.2014 um 02:49 schrieb John Lewis:
> How do you configure a NIS group so it will be pulled out of the LDAP
> with nslcd?
https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Administer_Unix_Attributes_in_Active_Directory
> I think it may be mentioned in
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
> but I am not sure.
I added a link to the 'Advantages and disadvantages of nslcd' section
talking about the central storage of posix data. Thanks.
Regards,
Marc
Am 09.10.2014 um 02:49 schrieb John Lewis:
> How do you configure a NIS group so it will be pulled out of the LDAP
> with nslcd?
> I think it may be mentioned in
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
> but I am not sure.
talking about the central storage of posix data. Thanks.
Regards,
Marc
John Lewis
Oct 10, 2014, 7:00:01 PM10/10/14
to
John Lewis
Oct 11, 2014, 6:40:02 PM10/11/14
to
That doesn't do anything for me because I don't have a Windows machine
on my network. I need the name of the attribute so I can ldapmodify it.
I think I need these attributes defined memberUid memberNisNetgroup
defined, but I haven't figured out where on the directory tree yet.
on my network. I need the name of the attribute so I can ldapmodify it.
I think I need these attributes defined memberUid memberNisNetgroup
defined, but I haven't figured out where on the directory tree yet.
Marc Muehlfeld
Oct 12, 2014, 4:00:02 AM10/12/14
to
Hello John,
Am 12.10.2014 um 00:41 schrieb John Lewis:
> That doesn't do anything for me because I don't have a Windows machine
> on my network. I need the name of the attribute so I can ldapmodify it.
You shouldn't use ldapmodify for doing changes. Use samba-tool!
AD uses backlinks for storing group memberships. See
http://www.frickelsoft.net/blog/?p=130
for details about AD backlinks.
If you use 'samba-tool', you are sure, that everything is done right in
your database and nothing gets corrupted by missing something or wrong
usage.
> I think I need these attributes defined memberUid memberNisNetgroup
> defined, but I haven't figured out where on the directory tree yet.
In the group DN, the following two attributes have to be added once, to
enable it for the usage like mentioned in the Wiki nslcd documentation
if you don't use ADUC:
msSFU30NisDomain: samdom
gidNumber: 12345
Use 'ldbedit' for adding them.
If you follow the documentation in the Wiki, then the group membership
is taken from the AD groups, so you don't have to maintain the
membership on two places (AD groups and Unix attributes group members).
In the group DN, the 'member' attribute points to the user account:
member: CN=demo01,CN=Users,DC=samdom,DC=example,DC=com
In the user DN, the 'memberOf' attribute points to the group:
memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
Am 12.10.2014 um 00:41 schrieb John Lewis:
> That doesn't do anything for me because I don't have a Windows machine
> on my network. I need the name of the attribute so I can ldapmodify it.
AD uses backlinks for storing group memberships. See
http://www.frickelsoft.net/blog/?p=130
for details about AD backlinks.
If you use 'samba-tool', you are sure, that everything is done right in
your database and nothing gets corrupted by missing something or wrong
usage.
> I think I need these attributes defined memberUid memberNisNetgroup
> defined, but I haven't figured out where on the directory tree yet.
enable it for the usage like mentioned in the Wiki nslcd documentation
if you don't use ADUC:
msSFU30NisDomain: samdom
gidNumber: 12345
Use 'ldbedit' for adding them.
If you follow the documentation in the Wiki, then the group membership
is taken from the AD groups, so you don't have to maintain the
membership on two places (AD groups and Unix attributes group members).
In the group DN, the 'member' attribute points to the user account:
member: CN=demo01,CN=Users,DC=samdom,DC=example,DC=com
In the user DN, the 'memberOf' attribute points to the group:
memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
Rowland Penny
Oct 12, 2014, 4:20:02 AM10/12/14
to
On 12/10/14 08:52, Marc Muehlfeld wrote:
> Hello John,
>
> Am 12.10.2014 um 00:41 schrieb John Lewis:
>> That doesn't do anything for me because I don't have a Windows machine
>> on my network. I need the name of the attribute so I can ldapmodify it.
> You shouldn't use ldapmodify for doing changes. Use samba-tool!
Hi Marc, sorry but I cannot agree with you, samba-tool is ok as far as
> Hello John,
>
> Am 12.10.2014 um 00:41 schrieb John Lewis:
>> That doesn't do anything for me because I don't have a Windows machine
>> on my network. I need the name of the attribute so I can ldapmodify it.
> You shouldn't use ldapmodify for doing changes. Use samba-tool!
it goes, but it fails woefully when it comes to Unix attributes. If you
create a user with samba-tool it is a basic AD user, yes you can add
basic Unix attributes, but **YOU** have to maintain the range of
uidNumber's & gidNumber's. If you add a user via ADUC, again you first
get a basic AD user, but then you can add the Unix attributes and when
you do, you get these:
uid
msSFU30Name
msSFU30NisDomain
uidNumber
gidNumber
loginShell
unixHomeDirectory
unixUserPassword
And the uidNumber's & gidNumber's are stored in AD using the attributes
microsoft designed.
Rowland
Marc Muehlfeld
Oct 12, 2014, 4:40:02 AM10/12/14
to
Hello Rowland,
Am 12.10.2014 um 10:10 schrieb Rowland Penny:
>>> That doesn't do anything for me because I don't have a Windows machine
>>> on my network. I need the name of the attribute so I can ldapmodify it.
>>
>> You shouldn't use ldapmodify for doing changes. Use samba-tool!
>
> Hi Marc, sorry but I cannot agree with you, samba-tool is ok as far as
> it goes, but it fails woefully when it comes to Unix attributes.
I fully agree for unix attributes on accounts. But John asked "How do
a) is best way to ensure everything stays consistant (e. g. backlinks)
b) 'samba-tool group addmembers' is faster than everytime
writing/modifying an ldif and pushing it into the database.
c) does everything that was requested.
Done on a test DC, that uses nslcd:
# samba-tool group add demoGroup
Added group demoGroup
# ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
Add:
msSFU30NisDomain: samdom
gidNumber: 12345
0 adds 2 modifies 0 deletes
# samba-tool group addmembers demoGroup demo01
Added members to group demoGroup
# getent group demoGroup
demoGroup:*:12345:demo01
Am 12.10.2014 um 10:10 schrieb Rowland Penny:
>>> That doesn't do anything for me because I don't have a Windows machine
>>> on my network. I need the name of the attribute so I can ldapmodify it.
>>
>> You shouldn't use ldapmodify for doing changes. Use samba-tool!
>
> Hi Marc, sorry but I cannot agree with you, samba-tool is ok as far as
> it goes, but it fails woefully when it comes to Unix attributes.
you configure a NIS group so it will be pulled out of the LDAP with nslcd?"
And for this, I think 'samba-tool'
a) is best way to ensure everything stays consistant (e. g. backlinks)
b) 'samba-tool group addmembers' is faster than everytime
writing/modifying an ldif and pushing it into the database.
c) does everything that was requested.
Done on a test DC, that uses nslcd:
# samba-tool group add demoGroup
Added group demoGroup
# ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
Add:
msSFU30NisDomain: samdom
gidNumber: 12345
0 adds 2 modifies 0 deletes
# samba-tool group addmembers demoGroup demo01
Added members to group demoGroup
# getent group demoGroup
demoGroup:*:12345:demo01
steve
Oct 12, 2014, 6:30:02 AM10/12/14
to
On 12/10/14 10:38, Marc Muehlfeld wrote:
> Hello Rowland,
>
> Am 12.10.2014 um 10:10 schrieb Rowland Penny:
>>>> That doesn't do anything for me because I don't have a Windows machine
>>>> on my network. I need the name of the attribute so I can ldapmodify it.
>>>
>>> You shouldn't use ldapmodify for doing changes. Use samba-tool!
>>
>> Hi Marc, sorry but I cannot agree with you, samba-tool is ok as far as
>> it goes, but it fails woefully when it comes to Unix attributes.
>
> I fully agree for unix attributes on accounts. But John asked "How do
> you configure a NIS group so it will be pulled out of the LDAP with nslcd?"
>
> And for this, I think 'samba-tool'
> a) is best way to ensure everything stays consistant (e. g. backlinks)
> b) 'samba-tool group addmembers' is faster than everytime
> writing/modifying an ldif and pushing it into the database.
> c) does everything that was requested.
Eh?
> Hello Rowland,
>
> Am 12.10.2014 um 10:10 schrieb Rowland Penny:
>>>> That doesn't do anything for me because I don't have a Windows machine
>>>> on my network. I need the name of the attribute so I can ldapmodify it.
>>>
>>> You shouldn't use ldapmodify for doing changes. Use samba-tool!
>>
>> Hi Marc, sorry but I cannot agree with you, samba-tool is ok as far as
>> it goes, but it fails woefully when it comes to Unix attributes.
>
> I fully agree for unix attributes on accounts. But John asked "How do
> you configure a NIS group so it will be pulled out of the LDAP with nslcd?"
>
> And for this, I think 'samba-tool'
> a) is best way to ensure everything stays consistant (e. g. backlinks)
> b) 'samba-tool group addmembers' is faster than everytime
> writing/modifying an ldif and pushing it into the database.
> c) does everything that was requested.
>
>
>
> Done on a test DC, that uses nslcd:
>
> # samba-tool group add demoGroup
> Added group demoGroup
>
>
> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
> Add:
> msSFU30NisDomain: samdom
> gidNumber: 12345
> 0 adds 2 modifies 0 deletes
>
>
> # samba-tool group addmembers demoGroup demo01
> Added members to group demoGroup
>
>
> # getent group demoGroup
> demoGroup:*:12345:demo01
>
>
> Regards,
> Marc
>
So, how do you use samba-tool to add a NIS group as the OP asked? You
>
>
> Done on a test DC, that uses nslcd:
>
> # samba-tool group add demoGroup
> Added group demoGroup
>
>
> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
> Add:
> msSFU30NisDomain: samdom
> gidNumber: 12345
> 0 adds 2 modifies 0 deletes
>
>
> # samba-tool group addmembers demoGroup demo01
> Added members to group demoGroup
>
>
> # getent group demoGroup
> demoGroup:*:12345:demo01
>
>
> Regards,
> Marc
>
haven't. You've used ldbedit!
Marc Muehlfeld
Oct 12, 2014, 7:20:02 AM10/12/14
to
Am 12.10.2014 um 12:23 schrieb steve:
> So, how do you use samba-tool to add a NIS group as the OP asked? You
> haven't. You've used ldbedit!
Yes, you are right. For the initial question ('how to add a NIS
> So, how do you use samba-tool to add a NIS group as the OP asked? You
> haven't. You've used ldbedit!
group?'), I used 'ldbedit', to add the two attributes and not 'samba-tool'.
But my further thoughts were, that the OP maybe would use 'ldapmodify'
for the group membership management. This can be done without any
problems using 'samba-tool', if the group membership is taken from the
AD attributes member/memberOf. 'samba-tool' should be the preferred way
here, instead of 'ldapmodify'. Reasons posted before.
Sorry, if this caused confusion to some people here.
Regards,
Marc
steve
Oct 12, 2014, 7:30:01 AM10/12/14
to
On 12/10/14 13:12, Marc Muehlfeld wrote:
>
>
> Sorry, if this caused confusion to some people here.
>
>
> Regards,
> Marc
>
Hi Marc
>
>
> Sorry, if this caused confusion to some people here.
>
>
> Regards,
> Marc
>
We don't think so, as no one ever appends 'SOLVED' to their treads on
this list anyway.
J
Rowland Penny
Oct 12, 2014, 7:30:01 AM10/12/14
to
On 12/10/14 12:12, Marc Muehlfeld wrote:
> Am 12.10.2014 um 12:23 schrieb steve:
>> So, how do you use samba-tool to add a NIS group as the OP asked? You
>> haven't. You've used ldbedit!
> Yes, you are right. For the initial question ('how to add a NIS
> group?'), I used 'ldbedit', to add the two attributes and not 'samba-tool'.
>
>
> But my further thoughts were, that the OP maybe would use 'ldapmodify'
> for the group membership management. This can be done without any
> problems using 'samba-tool', if the group membership is taken from the
> AD attributes member/memberOf. 'samba-tool' should be the preferred way
> here, instead of 'ldapmodify'. Reasons posted before.
OK, firstly you **never** modify the 'memberOf' attribute directly, AD
> Am 12.10.2014 um 12:23 schrieb steve:
>> So, how do you use samba-tool to add a NIS group as the OP asked? You
>> haven't. You've used ldbedit!
> Yes, you are right. For the initial question ('how to add a NIS
> group?'), I used 'ldbedit', to add the two attributes and not 'samba-tool'.
>
>
> But my further thoughts were, that the OP maybe would use 'ldapmodify'
> for the group membership management. This can be done without any
> problems using 'samba-tool', if the group membership is taken from the
> AD attributes member/memberOf. 'samba-tool' should be the preferred way
> here, instead of 'ldapmodify'. Reasons posted before.
will do it for you when you add/modify a users 'member' attribute.
Secondly, what is wrong with using this ldif with ldbmodify:
dn: <users DN>
changetype: modify
add: member
member: <group DN>
Rowland
Marc Muehlfeld
Oct 12, 2014, 8:30:03 AM10/12/14
to
Am 12.10.2014 um 13:26 schrieb Rowland Penny:
> OK, firstly you **never** modify the 'memberOf' attribute directly, AD
> will do it for you when you add/modify a users 'member' attribute.
I guess, you mean the _groups_ 'member' attribute.
> OK, firstly you **never** modify the 'memberOf' attribute directly, AD
> will do it for you when you add/modify a users 'member' attribute.
Haven't tried that before. But you're right, that AD manages the
backlinks internal automatically. You can't do changes in the 'memberOf'
attribute in a user DN. You have to do the changes in the 'member'
attribute of the group DN.
> Secondly, what is wrong with using this ldif with ldbmodify:
>
> dn: <users DN>
> changetype: modify
> add: member
> member: <group DN>
more space for doing it wrong and having trouble. :-)
Lets have a look at your example. If I try to import it, it would fail:
# cat example.ldif
dn: CN=demo01,CN=Users,DC=samdom,DC=example,DC=com
changetype: modify
add: member
member: CN=demoGroup,CN=Users,DC=samdom,DC=example,DC=com
# ldbmodify -H ldap://DC1 -U administrator example.ldif
Password for [SAMDOM\administrator]:
ERR: (Object class violation) "LDAP error 65 LDAP_OBJECT_CLASS_VIOLATION
- <00002014: objectclass_attrs: attribute 'member' on entry
'CN=demo01,CN=Users,DC=samdom,DC=example,DC=com' does not exist in the
specified objectclasses!> <>" on DN
CN=demo01,CN=Users,DC=samdom,DC=example,DC=com at block before line 4
Modify failed after processing 0 records
1. The group membership in a user DN is stored in the attribute
'memberOf' not 'member'.
2. You can't add the memberOf attribute to a user DN. You have to add
the user DN to the 'member' attribute of the group.
# samba-tool group addmembers demoGroup demo01
work. No need to know all the member/memberOf, backlink, whatever
background stuff of Samba/AD. Why not doing it the simple way? :-)
Rowland Penny
Oct 12, 2014, 8:40:01 AM10/12/14
to
On 12/10/14 13:20, Marc Muehlfeld wrote:
> Am 12.10.2014 um 13:26 schrieb Rowland Penny:
>> OK, firstly you **never** modify the 'memberOf' attribute directly, AD
>> will do it for you when you add/modify a users 'member' attribute.
> I guess, you mean the _groups_ 'member' attribute.
OOPS, yes you are correct, I did mean 'group'
> Am 12.10.2014 um 13:26 schrieb Rowland Penny:
>> OK, firstly you **never** modify the 'memberOf' attribute directly, AD
>> will do it for you when you add/modify a users 'member' attribute.
> I guess, you mean the _groups_ 'member' attribute.
>
> Haven't tried that before. But you're right, that AD manages the
> backlinks internal automatically. You can't do changes in the 'memberOf'
> attribute in a user DN. You have to do the changes in the 'member'
> attribute of the group DN.
>
>
>
>
>> Secondly, what is wrong with using this ldif with ldbmodify:
>>
>> dn: <users DN>
>> changetype: modify
>> add: member
>> member: <group DN>
> There's not really something wrong in general, but the LDIF way provides
> more space for doing it wrong and having trouble. :-)
>
Must engage brain when typing
Other than that, there is nothing wrong with using ldbmodify and in
fact, to do some things with samba4 is the only way.
Rowland
John Lewis
Oct 12, 2014, 10:50:02 AM10/12/14
to
On 10/12/2014 04:38 AM, Marc Muehlfeld wrote:
>
> Done on a test DC, that uses nslcd:
>
> # samba-tool group add demoGroup
> Added group demoGroup
>
>
> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
> Add:
> msSFU30NisDomain: samdom
> gidNumber: 12345
> 0 adds 2 modifies 0 deletes
>
>
> # samba-tool group addmembers demoGroup demo01
> Added members to group demoGroup
>
>
> # getent group demoGroup
> demoGroup:*:12345:demo01
>
>
> Regards,
> Marc
>
This works and is easy enough to teach to other people.
>
> Done on a test DC, that uses nslcd:
>
> # samba-tool group add demoGroup
> Added group demoGroup
>
>
> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
> Add:
> msSFU30NisDomain: samdom
> gidNumber: 12345
> 0 adds 2 modifies 0 deletes
>
>
> # samba-tool group addmembers demoGroup demo01
> Added members to group demoGroup
>
>
> # getent group demoGroup
> demoGroup:*:12345:demo01
>
>
> Regards,
> Marc
>
Thanks!
steve
Oct 12, 2014, 11:30:02 AM10/12/14
to
On 12/10/14 16:44, John Lewis wrote:
> On 10/12/2014 04:38 AM, Marc Muehlfeld wrote:
>>
>> Done on a test DC, that uses nslcd:
>>
>> # samba-tool group add demoGroup
>> Added group demoGroup
>>
>>
>> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
>> Add:
>> msSFU30NisDomain: samdom
>> gidNumber: 12345
>> 0 adds 2 modifies 0 deletes
>>
>>
>> # samba-tool group addmembers demoGroup demo01
>> Added members to group demoGroup
>>
>>
>> # getent group demoGroup
>> demoGroup:*:12345:demo01
>>
>>
>> Regards,
>> Marc
>>
>
>
> This works and is easy enough to teach to other people.
>
> Thanks!
>
HEY, everybody. LOOK. Someone wrote 'SOLVED' to a thread. On the samba list!
> On 10/12/2014 04:38 AM, Marc Muehlfeld wrote:
>>
>> Done on a test DC, that uses nslcd:
>>
>> # samba-tool group add demoGroup
>> Added group demoGroup
>>
>>
>> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
>> Add:
>> msSFU30NisDomain: samdom
>> gidNumber: 12345
>> 0 adds 2 modifies 0 deletes
>>
>>
>> # samba-tool group addmembers demoGroup demo01
>> Added members to group demoGroup
>>
>>
>> # getent group demoGroup
>> demoGroup:*:12345:demo01
>>
>>
>> Regards,
>> Marc
>>
>
>
> This works and is easy enough to teach to other people.
>
> Thanks!
>
Marc Muehlfeld
Oct 29, 2014, 3:40:04 PM10/29/14
to
Hello,
just an update to this thread:
Am 12.10.2014 um 12:23 schrieb steve:
add the attributes msSFU30NisDomain and gidNumber directly during group
creation:
# samba-tool group add demoGroup --nis-domain=samdom --gid-number=12345
So the 'ldbedit' is not longer required then.
Regards,
Marc
just an update to this thread:
Am 12.10.2014 um 12:23 schrieb steve:
>> Done on a test DC, that uses nslcd:
>>
>> # samba-tool group add demoGroup
>> Added group demoGroup
>>
>>
>> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
>> Add:
>> msSFU30NisDomain: samdom
>> gidNumber: 12345
>> 0 adds 2 modifies 0 deletes
>>
>>
>> # samba-tool group addmembers demoGroup demo01
>> Added members to group demoGroup
>>
>>
>> # getent group demoGroup
>> demoGroup:*:12345:demo01
>>
>>
>>
>> # samba-tool group add demoGroup
>> Added group demoGroup
>>
>>
>> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
>> Add:
>> msSFU30NisDomain: samdom
>> gidNumber: 12345
>> 0 adds 2 modifies 0 deletes
>>
>>
>> # samba-tool group addmembers demoGroup demo01
>> Added members to group demoGroup
>>
>>
>> # getent group demoGroup
>> demoGroup:*:12345:demo01
>>
>>
> So, how do you use samba-tool to add a NIS group as the OP asked?
> You haven't. You've used ldbedit!
I've submitted a patch, that will be part of 4.2. It will allow you to
> You haven't. You've used ldbedit!
add the attributes msSFU30NisDomain and gidNumber directly during group
creation:
# samba-tool group add demoGroup --nis-domain=samdom --gid-number=12345
So the 'ldbedit' is not longer required then.
Regards,
Marc
Harry Jede
Oct 30, 2014, 6:10:04 AM10/30/14
to
On 11:02:36 wrote Marc Muehlfeld:
>
> Regards,
> Marc
--
Regards
Harry Jede
> Hello,
>
> just an update to this thread:
>
> Am 12.10.2014 um 12:23 schrieb steve:
> >> Done on a test DC, that uses nslcd:
> >>
> >> # samba-tool group add demoGroup
> >> Added group demoGroup
> >>
> >>
> >> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
> >>
> >> Add:
> >> msSFU30NisDomain: samdom
> >> gidNumber: 12345
> >>
> >> 0 adds 2 modifies 0 deletes
> >>
> >>
> >> # samba-tool group addmembers demoGroup demo01
> >> Added members to group demoGroup
> >>
> >>
> >> # getent group demoGroup
> >> demoGroup:*:12345:demo01
> >
> > So, how do you use samba-tool to add a NIS group as the OP asked?
> > You haven't. You've used ldbedit!
>
> I've submitted a patch, that will be part of 4.2. It will allow you
> to add the attributes msSFU30NisDomain and gidNumber directly during
> group creation:
>
> # samba-tool group add demoGroup --nis-domain=samdom
> --gid-number=12345
>
> So the 'ldbedit' is not longer required then.
May be you wish to patch "samba-tool user add --nis-domain=samdom"
>
> just an update to this thread:
>
> Am 12.10.2014 um 12:23 schrieb steve:
> >> Done on a test DC, that uses nslcd:
> >>
> >> # samba-tool group add demoGroup
> >> Added group demoGroup
> >>
> >>
> >> # ldbedit -H /usr/local/samba/private/sam.ldb 'CN=demoGroup'
> >>
> >> Add:
> >> msSFU30NisDomain: samdom
> >> gidNumber: 12345
> >>
> >> 0 adds 2 modifies 0 deletes
> >>
> >>
> >> # samba-tool group addmembers demoGroup demo01
> >> Added members to group demoGroup
> >>
> >>
> >> # getent group demoGroup
> >> demoGroup:*:12345:demo01
> >
> > So, how do you use samba-tool to add a NIS group as the OP asked?
> > You haven't. You've used ldbedit!
>
> I've submitted a patch, that will be part of 4.2. It will allow you
> to add the attributes msSFU30NisDomain and gidNumber directly during
> group creation:
>
> # samba-tool group add demoGroup --nis-domain=samdom
> --gid-number=12345
>
> So the 'ldbedit' is not longer required then.
>
> Regards,
> Marc
--
Regards
Harry Jede
Marc Muehlfeld
Oct 30, 2014, 2:10:05 PM10/30/14
to
Hello Harry,
Am 30.10.2014 um 11:07 schrieb Harry Jede:
> May be you wish to patch "samba-tool user add --nis-domain=samdom"
Let me have a look on this. Is this the only attribute of the ADUC "Unix
Attributes" tab, that isn't available yet in 'samba-tool user add'?
Regards,
Marc
Am 30.10.2014 um 11:07 schrieb Harry Jede:
> May be you wish to patch "samba-tool user add --nis-domain=samdom"
Attributes" tab, that isn't available yet in 'samba-tool user add'?
Regards,
Marc
Rowland Penny
Oct 30, 2014, 2:30:03 PM10/30/14
to
On 30/10/14 18:05, Marc Muehlfeld wrote:
> Hello Harry,
>
> Am 30.10.2014 um 11:07 schrieb Harry Jede:
>> May be you wish to patch "samba-tool user add --nis-domain=samdom"
> Let me have a look on this. Is this the only attribute of the ADUC "Unix
> Attributes" tab, that isn't available yet in 'samba-tool user add'?
>
>
> Regards,
> Marc
Hi Marc, I will give you a hint, if you add unix attrs via ADUC
> Hello Harry,
>
> Am 30.10.2014 um 11:07 schrieb Harry Jede:
>> May be you wish to patch "samba-tool user add --nis-domain=samdom"
> Let me have a look on this. Is this the only attribute of the ADUC "Unix
> Attributes" tab, that isn't available yet in 'samba-tool user add'?
>
>
> Regards,
> Marc
UNIX_Attributes tab, you get these attributes:
uid
msSFU30Name
msSFU30NisDomain
uidNumber
gidNumber
loginShell
unixHomeDirectory
Rowland
Marc Muehlfeld
Oct 30, 2014, 2:40:04 PM10/30/14
to
Am 30.10.2014 um 19:33 schrieb Rowland Penny:
>>> unixUserPassword: ABCD!efgh12345$67890
>> Question about that one: Where is this value comming from? I saw exact
>> the same here. Is it just a static value that is always the same for all
>> where NIS has been enabled?
>>
> It is a static password that ADUC adds to every Unix user
Thanks.
I'll have a look on the additional attributes for a patch.
Regards,
Marc
>>> unixUserPassword: ABCD!efgh12345$67890
>> Question about that one: Where is this value comming from? I saw exact
>> the same here. Is it just a static value that is always the same for all
>> where NIS has been enabled?
>>
> It is a static password that ADUC adds to every Unix user
Thanks.
I'll have a look on the additional attributes for a patch.
Regards,
Marc
Marc Muehlfeld
Oct 30, 2014, 2:40:04 PM10/30/14
to
Hello Rowland,
Am 30.10.2014 um 19:25 schrieb Rowland Penny:
> Hi Marc, I will give you a hint, if you add unix attrs via ADUC
> UNIX_Attributes tab, you get these attributes:
>
> uid
> uidNumber
> gidNumber
> loginShell
These we're already having in samba-tool.
> msSFU30Name
> msSFU30NisDomain
> unixHomeDirectory
Ok. I'll write a patch for these ones.
> unixUserPassword: ABCD!efgh12345$67890
Question about that one: Where is this value comming from? I saw exact
the same here. Is it just a static value that is always the same for all
where NIS has been enabled?
Regards,
Marc
Am 30.10.2014 um 19:25 schrieb Rowland Penny:
> Hi Marc, I will give you a hint, if you add unix attrs via ADUC
> UNIX_Attributes tab, you get these attributes:
>
> uid
> gidNumber
> loginShell
These we're already having in samba-tool.
> msSFU30Name
> msSFU30NisDomain
> unixHomeDirectory
Ok. I'll write a patch for these ones.
> unixUserPassword: ABCD!efgh12345$67890
Question about that one: Where is this value comming from? I saw exact
the same here. Is it just a static value that is always the same for all
where NIS has been enabled?
Marc
Rowland Penny
Oct 30, 2014, 2:40:04 PM10/30/14
to
On 30/10/14 18:30, Marc Muehlfeld wrote:
> Hello Rowland,
>
> Am 30.10.2014 um 19:25 schrieb Rowland Penny:
>> Hi Marc, I will give you a hint, if you add unix attrs via ADUC
>> UNIX_Attributes tab, you get these attributes:
>>
>> uid
>> uidNumber
>> gidNumber
>> loginShell
> These we're already having in samba-tool.
>
>
>
>> msSFU30Name
>> msSFU30NisDomain
>> unixHomeDirectory
> Ok. I'll write a patch for these ones.
>
>
>
>> unixUserPassword: ABCD!efgh12345$67890
> Question about that one: Where is this value comming from? I saw exact
> the same here. Is it just a static value that is always the same for all
> where NIS has been enabled?
>
>
> Regards,
> Marc
>
> Hello Rowland,
>
> Am 30.10.2014 um 19:25 schrieb Rowland Penny:
>> Hi Marc, I will give you a hint, if you add unix attrs via ADUC
>> UNIX_Attributes tab, you get these attributes:
>>
>> uid
>> uidNumber
>> gidNumber
>> loginShell
> These we're already having in samba-tool.
>
>
>
>> msSFU30Name
>> msSFU30NisDomain
>> unixHomeDirectory
> Ok. I'll write a patch for these ones.
>
>
>
>> unixUserPassword: ABCD!efgh12345$67890
> Question about that one: Where is this value comming from? I saw exact
> the same here. Is it just a static value that is always the same for all
> where NIS has been enabled?
>
>
> Regards,
> Marc
>
It is a static password that ADUC adds to every Unix user
Rowland
John Lewis
Nov 1, 2014, 6:40:03 AM11/1/14
to
On 10/30/2014 02:35 PM, Marc Muehlfeld wrote:
> Am 30.10.2014 um 19:33 schrieb Rowland Penny:
>>>> unixUserPassword: ABCD!efgh12345$67890
>>> Question about that one: Where is this value comming from? I saw exact
>>> the same here. Is it just a static value that is always the same for all
>>> where NIS has been enabled?
>>>
>> It is a static password that ADUC adds to every Unix user
>
> Thanks.
>
>
> I'll have a look on the additional attributes for a patch.
>
>
> Regards,
> Marc
>
Awesome!
> Am 30.10.2014 um 19:33 schrieb Rowland Penny:
>>>> unixUserPassword: ABCD!efgh12345$67890
>>> Question about that one: Where is this value comming from? I saw exact
>>> the same here. Is it just a static value that is always the same for all
>>> where NIS has been enabled?
>>>
>> It is a static password that ADUC adds to every Unix user
>
> Thanks.
>
>
> I'll have a look on the additional attributes for a patch.
>
>
> Regards,
> Marc
>
Thanks Guys, I didn't when I would get around to making my lame attempt
at patching samba-tool myself.
0 new messages