Bulk add users and rfc2307 attributes questions

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bulk add users and rfc2307 attributes questions

Samba - General mailing list
Hi,

I am currently testing a self compiled 4.7.0rc3 AD DC and a samba member server
acting as a file server. I have them configured to use rfc2307 attributes
so that the samba users can access the shares on the member server. Everything
seems to be working as expected.

The problem I am facing is I need to add about 150 users. Once the initial
load of users is added I want to use the rsat tools to manage the users and
shares.

I found an article @ https://wiki.samba.org/index.php/Adding_users_with_samba_tool 
that says to add users using samba-tool. I think I want to  write a script that
does something like the following substituting variables where appropriate:

# samba-tool user create --nis-domain SAMDOM --uid-number 10007 \
--gid-number 10000 --login-shell=/sbin/nologin --unix-home \
/home/samba/users/test_user3 --home-drive H: --home-directory \
'\\fs1\users\test_user3' test_user3

Testing shows that if I use samba-tool to add users, when I switch back
to using ADUC to manage users the default UID in the Unix attributes tab
of ADUC does not show the correct uid to use to configure the next user. It would
appear that if I set the correct uid in the unix attributes tab when I configure
a user in ADUC, that it would then move on from there with the correct uid.

So my questions are:

1. Are my assumptions above correct?

2. Is there a better way to do this? This just seems kludgy to me.

3. Is there an automatic way to have samba-tool assign the correct rfc-2307 uid?

Regards,

--
Tom [hidden email] Spamtrap address [hidden email]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Bulk add users and rfc2307 attributes questions

Samba - General mailing list
On Tue, 1 Aug 2017 23:23:25 -0400 (EDT)
Tom Diehl via samba <[hidden email]> wrote:

> Hi,
>
> I am currently testing a self compiled 4.7.0rc3 AD DC and a samba
> member server acting as a file server. I have them configured to use
> rfc2307 attributes so that the samba users can access the shares on
> the member server. Everything seems to be working as expected.
>
> The problem I am facing is I need to add about 150 users. Once the
> initial load of users is added I want to use the rsat tools to manage
> the users and shares.
>
> I found an article @
> https://wiki.samba.org/index.php/Adding_users_with_samba_tool that
> says to add users using samba-tool. I think I want to  write a script
> that does something like the following substituting variables where
> appropriate:
>
> # samba-tool user create --nis-domain SAMDOM --uid-number 10007 \
> --gid-number 10000 --login-shell=/sbin/nologin --unix-home \
> /home/samba/users/test_user3 --home-drive H: --home-directory \
> '\\fs1\users\test_user3' test_user3
>
> Testing shows that if I use samba-tool to add users, when I switch
> back to using ADUC to manage users the default UID in the Unix
> attributes tab of ADUC does not show the correct uid to use to
> configure the next user. It would appear that if I set the correct
> uid in the unix attributes tab when I configure a user in ADUC, that
> it would then move on from there with the correct uid.
>
> So my questions are:
>
> 1. Are my assumptions above correct?

Unfortunately, yes

>
> 2. Is there a better way to do this? This just seems kludgy to me.

not really, when you are doing this on an individual, it does seem
kludgy, but, if you feed your script all the info, it will work as
expected.
 
>
> 3. Is there an automatic way to have samba-tool assign the correct
> rfc-2307 uid?

Probably only sat on my HD and this got rejected.

What you are missing, is a couple of attributes 'msSFU30MaxUidNumber' &
'msSFU30MaxGidNumber' (note 'Max' is microsoft for 'next'). These
should be in 'CN=<your lowercase domain
name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=YOUR,DC=DNS,DC=DOMAIN'

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Bulk add users and rfc2307 attributes questions

Samba - General mailing list
Hi Rowland,

On Wed, 2 Aug 2017, Rowland Penny via samba wrote:

> On Tue, 1 Aug 2017 23:23:25 -0400 (EDT)
> Tom Diehl via samba <[hidden email]> wrote:
>
>> Hi,
>>
>> I am currently testing a self compiled 4.7.0rc3 AD DC and a samba
>> member server acting as a file server. I have them configured to use
>> rfc2307 attributes so that the samba users can access the shares on
>> the member server. Everything seems to be working as expected.
>>
>> The problem I am facing is I need to add about 150 users. Once the
>> initial load of users is added I want to use the rsat tools to manage
>> the users and shares.
>>
>> I found an article @
>> https://wiki.samba.org/index.php/Adding_users_with_samba_tool that
>> says to add users using samba-tool. I think I want to  write a script
>> that does something like the following substituting variables where
>> appropriate:
>>
>> # samba-tool user create --nis-domain SAMDOM --uid-number 10007 \
>> --gid-number 10000 --login-shell=/sbin/nologin --unix-home \
>> /home/samba/users/test_user3 --home-drive H: --home-directory \
>> '\\fs1\users\test_user3' test_user3
>>
>> Testing shows that if I use samba-tool to add users, when I switch
>> back to using ADUC to manage users the default UID in the Unix
>> attributes tab of ADUC does not show the correct uid to use to
>> configure the next user. It would appear that if I set the correct
>> uid in the unix attributes tab when I configure a user in ADUC, that
>> it would then move on from there with the correct uid.
>>
>> So my questions are:
>>
>> 1. Are my assumptions above correct?
>
> Unfortunately, yes
>
>>
>> 2. Is there a better way to do this? This just seems kludgy to me.
>
> not really, when you are doing this on an individual, it does seem
> kludgy, but, if you feed your script all the info, it will work as
> expected.
>
>>
>> 3. Is there an automatic way to have samba-tool assign the correct
>> rfc-2307 uid?
>
> Probably only sat on my HD and this got rejected.

Sorry, I do not understand the above statement.

>
> What you are missing, is a couple of attributes 'msSFU30MaxUidNumber' &
> 'msSFU30MaxGidNumber' (note 'Max' is microsoft for 'next'). These
> should be in 'CN=<your lowercase domain
> name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=YOUR,DC=DNS,DC=DOMAIN'

So if I understand you, I would do something like:
ldbsearch -H /usr/local/samba/private/sam.ldb -b CN=samdom,CN=ypservers,CN=ypServ30,\
CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com | grep msSFU30MaxUidNumber
to get the next uid to use in the script. Is this correct?

What is the best/safest way to update msSFU30MaxUidNumber after I add a user?
I am thinking about Creating an ldif tmp file and then read that in with
ldbmodify.

Does this sound sane? Is there a better way?

Thanks for your help.

Regards,

--
Tom [hidden email] Spamtrap address [hidden email]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Bulk add users and rfc2307 attributes questions

Samba - General mailing list
On Wed, 2 Aug 2017 12:21:24 -0400 (EDT)
[hidden email] wrote:

> Hi Rowland,
>
> >>
> >> 3. Is there an automatic way to have samba-tool assign the correct
> >> rfc-2307 uid?
> >
> > Probably only sat on my HD and this got rejected.
>
> Sorry, I do not understand the above statement.

I wrote a patch to 'samba-tool user create' that does everything you
want to do, i.e. it worked just like ADUC, but it wasn't accepted, for
various reasons.

>
> >
> > What you are missing, is a couple of attributes
> > 'msSFU30MaxUidNumber' & 'msSFU30MaxGidNumber' (note 'Max' is
> > microsoft for 'next'). These should be in 'CN=<your lowercase domain
> > name>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=YOUR,DC=DNS,DC=DOMAIN'
>
> So if I understand you, I would do something like:
> ldbsearch -H /usr/local/samba/private/sam.ldb -b
> CN=samdom,CN=ypservers,CN=ypServ30,\
> CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com | grep
> msSFU30MaxUidNumber to get the next uid to use in the script. Is this
> correct?

Well basically, except you would have to replace 'samdom' with your
lowercase WORKGROUP/DOMAIN and 'DC=samdom,DC=example,DC=com' with your
dns domain.

>
> What is the best/safest way to update msSFU30MaxUidNumber after I add
> a user? I am thinking about Creating an ldif tmp file and then read
> that in with ldbmodify.

You will need two ldif's, one to create/update the user and another to
update 'msSFU30MaxUid'

>
> Does this sound sane? Is there a better way?

Yes and not at the moment.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...