idamp ad/rid

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

idamp ad/rid

Samba - General mailing list
Hello friends,

My doubts are as follows. In an environment where we have, for example,
1000 users, I believe that rid would be the best choice in a fileserver
environment, because we don't need to manually configure via RSAT a unix
attribute for each user.

Is that more or less the thought, or am I wrong?

--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
On Fri, 1 Dec 2017 14:14:05 -0200
Elias Pereira via samba <[hidden email]> wrote:

> Hello friends,
>
> My doubts are as follows. In an environment where we have, for
> example, 1000 users, I believe that rid would be the best choice in a
> fileserver environment, because we don't need to manually configure
> via RSAT a unix attribute for each user.
>
> Is that more or less the thought, or am I wrong?
>

If you don't want to add anything to AD and you can live with all your
users having the same login shell and Unix home directory, then the
winbind rid backend is a good choice. If you are going to use more
than one Unix domain member as a fileserver, then you will probably be
better off using the winbind ad backend, this way you can ensure your
users and groups have the same ID everywhere.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
Thanks Rowland for the quick answer!! :)

 If you are going to use more
> than one Unix domain member as a fileserver, then you will probably be
> better off using the winbind ad backend, this way you can ensure your
> users and groups have the same ID everywhere.


Maybe in the near future I'll set up a new fileserver. That way, I believe
that ad as a backend is the best choice.

I have about 1000 users in our DC. They are all without unix attributes
configured, as I inserted them via script + samba-tool. I know I can edit
each user via "samba-too user edit <options>". Knowing this, I believe it
is possible to insert these attributes via script.

In the script I commented above, I inserted users by reading a csv file
that contained those users. Can I read these users directly from DC to
insert the new attributes?





On Fri, Dec 1, 2017 at 2:43 PM, Rowland Penny via samba <
[hidden email]> wrote:

> On Fri, 1 Dec 2017 14:14:05 -0200
> Elias Pereira via samba <[hidden email]> wrote:
>
> > Hello friends,
> >
> > My doubts are as follows. In an environment where we have, for
> > example, 1000 users, I believe that rid would be the best choice in a
> > fileserver environment, because we don't need to manually configure
> > via RSAT a unix attribute for each user.
> >
> > Is that more or less the thought, or am I wrong?
> >
>
> If you don't want to add anything to AD and you can live with all your
> users having the same login shell and Unix home directory, then the
> winbind rid backend is a good choice. If you are going to use more
> than one Unix domain member as a fileserver, then you will probably be
> better off using the winbind ad backend, this way you can ensure your
> users and groups have the same ID everywhere.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
On Fri, 1 Dec 2017 15:00:39 -0200
Elias Pereira <[hidden email]> wrote:

> Thanks Rowland for the quick answer!! :)
>
>  If you are going to use more
> > than one Unix domain member as a fileserver, then you will probably
> > be better off using the winbind ad backend, this way you can ensure
> > your users and groups have the same ID everywhere.
>
>
> Maybe in the near future I'll set up a new fileserver. That way, I
> believe that ad as a backend is the best choice.
>
> I have about 1000 users in our DC. They are all without unix
> attributes configured, as I inserted them via script + samba-tool. I
> know I can edit each user via "samba-too user edit <options>".
> Knowing this, I believe it is possible to insert these attributes via
> script.
>
> In the script I commented above, I inserted users by reading a csv
> file that contained those users. Can I read these users directly from
> DC to insert the new attributes?
>

Probably, you could read them via ldap or 'samba-tool user list' or
'wbinfo -u', etc

Rowland
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
Rowland,

I found something related that you were doing.

"[PATCH] samba-tool: Easily edit a users object in AD"

Did you finish the script?

On Fri, Dec 1, 2017 at 3:24 PM, Rowland Penny via samba <
[hidden email]> wrote:

> On Fri, 1 Dec 2017 15:00:39 -0200
> Elias Pereira <[hidden email]> wrote:
>
> > Thanks Rowland for the quick answer!! :)
> >
> >  If you are going to use more
> > > than one Unix domain member as a fileserver, then you will probably
> > > be better off using the winbind ad backend, this way you can ensure
> > > your users and groups have the same ID everywhere.
> >
> >
> > Maybe in the near future I'll set up a new fileserver. That way, I
> > believe that ad as a backend is the best choice.
> >
> > I have about 1000 users in our DC. They are all without unix
> > attributes configured, as I inserted them via script + samba-tool. I
> > know I can edit each user via "samba-too user edit <options>".
> > Knowing this, I believe it is possible to insert these attributes via
> > script.
> >
> > In the script I commented above, I inserted users by reading a csv
> > file that contained those users. Can I read these users directly from
> > DC to insert the new attributes?
> >
>
> Probably, you could read them via ldap or 'samba-tool user list' or
> 'wbinfo -u', etc
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
On Fri, 1 Dec 2017 16:27:11 -0200
Elias Pereira <[hidden email]> wrote:

> Rowland,
>
> I found something related that you were doing.
>
> "[PATCH] samba-tool: Easily edit a users object in AD"
>
> Did you finish the script?
>

Yes, it went into 4.7.0, it works just like a combination of ldbsearch
and ldbedit, but you just need to supply a username.

Rowland
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
Can you share with me? :)

On Fri, Dec 1, 2017 at 4:43 PM, Rowland Penny via samba <
[hidden email]> wrote:

> On Fri, 1 Dec 2017 16:27:11 -0200
> Elias Pereira <[hidden email]> wrote:
>
> > Rowland,
> >
> > I found something related that you were doing.
> >
> > "[PATCH] samba-tool: Easily edit a users object in AD"
> >
> > Did you finish the script?
> >
>
> Yes, it went into 4.7.0, it works just like a combination of ldbsearch
> and ldbedit, but you just need to supply a username.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
On Fri, 1 Dec 2017 16:51:57 -0200
Elias Pereira <[hidden email]> wrote:

> Can you share with me? :)

Download the latest Samba tarball and unpack it, you will find it as
part of user.py in:
samba-4.7.3 --> python --> samba --> netcmd

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
Found it! :)

I thought in make a script more or less that way.

#!/bin/bash
#
GROUP=ADM
GUID=10000      # Domain Users
UID=10000         # get the next ID ?

for USER in $(samba-tool group listmembers $GROUP)
do
    samba-tool user edit $USER -H ldap://samdom.example.com \
    -U administrato --nis-domain=samdom \
    --unix-home=/home/$USER \
    --uid-number=${NEXTID} \
    --login-shell=/sbin/nologin \
    --gid-number=$GUID
done


Of course that script is very simple, but is a beginning. :)

Can you help me to make this script?

On Fri, Dec 1, 2017 at 5:03 PM, Rowland Penny via samba <
[hidden email]> wrote:

> On Fri, 1 Dec 2017 16:51:57 -0200
> Elias Pereira <[hidden email]> wrote:
>
> > Can you share with me? :)
>
> Download the latest Samba tarball and unpack it, you will find it as
> part of user.py in:
> samba-4.7.3 --> python --> samba --> netcmd
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
Correcting! :)

#!/bin/bash
#
GROUP=ADM
GUID=10000      # Domain Users
UID=10000         # get the next ID ?

for USER in $(samba-tool group listmembers $GROUP)
do
    samba-tool user edit $USER --nis-domain=samdom \
    --unix-home=/home/$USER \
    --uid-number=${NEXTID} \
    --login-shell=/sbin/nologin \
    --gid-number=$GUID
done


Of course that script is very simple, but is a beginning. :)

Can you help me to make this script?

On Sat, Dec 2, 2017 at 10:05 AM, Elias Pereira <[hidden email]> wrote:

> Found it! :)
>
> I thought in make a script more or less that way.
>
> #!/bin/bash
> #
> GROUP=ADM
> GUID=10000      # Domain Users
> UID=10000         # get the next ID ?
>
> for USER in $(samba-tool group listmembers $GROUP)
> do
>     samba-tool user edit $USER -H ldap://samdom.example.com \
>     -U administrato --nis-domain=samdom \
>     --unix-home=/home/$USER \
>     --uid-number=${NEXTID} \
>     --login-shell=/sbin/nologin \
>     --gid-number=$GUID
> done
>
>
> Of course that script is very simple, but is a beginning. :)
>
> Can you help me to make this script?
>
> On Fri, Dec 1, 2017 at 5:03 PM, Rowland Penny via samba <
> [hidden email]> wrote:
>
>> On Fri, 1 Dec 2017 16:51:57 -0200
>> Elias Pereira <[hidden email]> wrote:
>>
>> > Can you share with me? :)
>>
>> Download the latest Samba tarball and unpack it, you will find it as
>> part of user.py in:
>> samba-4.7.3 --> python --> samba --> netcmd
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> Elias Pereira
>



--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
On Sat, 2 Dec 2017 10:21:07 -0200
Elias Pereira <[hidden email]> wrote:

> Correcting! :)
>
> #!/bin/bash
> #
> GROUP=ADM
> GUID=10000      # Domain Users
> UID=10000         # get the next ID ?
>
> for USER in $(samba-tool group listmembers $GROUP)
> do
>     samba-tool user edit $USER --nis-domain=samdom \
>     --unix-home=/home/$USER \
>     --uid-number=${NEXTID} \
>     --login-shell=/sbin/nologin \
>     --gid-number=$GUID
> done
>
>
> Of course that script is very simple, but is a beginning. :)
>
> Can you help me to make this script?
>
> On Sat, Dec 2, 2017 at 10:05 AM, Elias Pereira <[hidden email]>
> wrote:
>
> > Found it! :)
> >
> > I thought in make a script more or less that way.
> >
> > #!/bin/bash
> > #
> > GROUP=ADM
> > GUID=10000      # Domain Users
> > UID=10000         # get the next ID ?
> >
> > for USER in $(samba-tool group listmembers $GROUP)
> > do
> >     samba-tool user edit $USER -H ldap://samdom.example.com \
> >     -U administrato --nis-domain=samdom \
> >     --unix-home=/home/$USER \
> >     --uid-number=${NEXTID} \
> >     --login-shell=/sbin/nologin \
> >     --gid-number=$GUID
> > done
> >
> >
> > Of course that script is very simple, but is a beginning. :)
> >
> > Can you help me to make this script?
> >

Sorry, but that isn't going to work with 'samba-tool user edit'
You would need to write an 'editor' script to do what you would need to
do.

Bit busy, just now, give me some time, I have a script somewhere that
should do what you want.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
>
> Sorry, but that isn't going to work with 'samba-tool user edit'
> You would need to write an 'editor' script to do what you would need to
> do.


Ok.

Bit busy, just now, give me some time, I have a script somewhere that
> should do what you want.


Of course Rowland. Work on what you're working on. I do not want to disturb
you. :)

I'll give a researched on the "editor" script.

Thanks again for the help !!! :)

On Sat, Dec 2, 2017 at 11:01 AM, Rowland Penny via samba <
[hidden email]> wrote:

> On Sat, 2 Dec 2017 10:21:07 -0200
> Elias Pereira <[hidden email]> wrote:
>
> > Correcting! :)
> >
> > #!/bin/bash
> > #
> > GROUP=ADM
> > GUID=10000      # Domain Users
> > UID=10000         # get the next ID ?
> >
> > for USER in $(samba-tool group listmembers $GROUP)
> > do
> >     samba-tool user edit $USER --nis-domain=samdom \
> >     --unix-home=/home/$USER \
> >     --uid-number=${NEXTID} \
> >     --login-shell=/sbin/nologin \
> >     --gid-number=$GUID
> > done
> >
> >
> > Of course that script is very simple, but is a beginning. :)
> >
> > Can you help me to make this script?
> >
> > On Sat, Dec 2, 2017 at 10:05 AM, Elias Pereira <[hidden email]>
> > wrote:
> >
> > > Found it! :)
> > >
> > > I thought in make a script more or less that way.
> > >
> > > #!/bin/bash
> > > #
> > > GROUP=ADM
> > > GUID=10000      # Domain Users
> > > UID=10000         # get the next ID ?
> > >
> > > for USER in $(samba-tool group listmembers $GROUP)
> > > do
> > >     samba-tool user edit $USER -H ldap://samdom.example.com \
> > >     -U administrato --nis-domain=samdom \
> > >     --unix-home=/home/$USER \
> > >     --uid-number=${NEXTID} \
> > >     --login-shell=/sbin/nologin \
> > >     --gid-number=$GUID
> > > done
> > >
> > >
> > > Of course that script is very simple, but is a beginning. :)
> > >
> > > Can you help me to make this script?
> > >
>
> Sorry, but that isn't going to work with 'samba-tool user edit'
> You would need to write an 'editor' script to do what you would need to
> do.
>
> Bit busy, just now, give me some time, I have a script somewhere that
> should do what you want.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
On Sat, 2 Dec 2017 12:13:08 -0200
Elias Pereira via samba <[hidden email]> wrote:

> >
> > Sorry, but that isn't going to work with 'samba-tool user edit'
> > You would need to write an 'editor' script to do what you would
> > need to do.
>
>
> Ok.
>
> Bit busy, just now, give me some time, I have a script somewhere that
> > should do what you want.
>
>
> Of course Rowland. Work on what you're working on. I do not want to
> disturb you. :)
>
> I'll give a researched on the "editor" script.
>
> Thanks again for the help !!! :)
>
> On Sat, Dec 2, 2017 at 11:01 AM, Rowland Penny via samba <
> [hidden email]> wrote:
>
> > On Sat, 2 Dec 2017 10:21:07 -0200
> > Elias Pereira <[hidden email]> wrote:
> >
> > > Correcting! :)
> > >
> > > #!/bin/bash
> > > #
> > > GROUP=ADM
> > > GUID=10000      # Domain Users
> > > UID=10000         # get the next ID ?
> > >
> > > for USER in $(samba-tool group listmembers $GROUP)
> > > do
> > >     samba-tool user edit $USER --nis-domain=samdom \
> > >     --unix-home=/home/$USER \
> > >     --uid-number=${NEXTID} \
> > >     --login-shell=/sbin/nologin \
> > >     --gid-number=$GUID
> > > done
> > >
> > >
> > > Of course that script is very simple, but is a beginning. :)
> > >
> > > Can you help me to make this script?
> > >
> > > On Sat, Dec 2, 2017 at 10:05 AM, Elias Pereira
> > > <[hidden email]> wrote:
> > >
> > > > Found it! :)
> > > >
> > > > I thought in make a script more or less that way.
> > > >
> > > > #!/bin/bash
> > > > #
> > > > GROUP=ADM
> > > > GUID=10000      # Domain Users
> > > > UID=10000         # get the next ID ?
> > > >
> > > > for USER in $(samba-tool group listmembers $GROUP)
> > > > do
> > > >     samba-tool user edit $USER -H ldap://samdom.example.com \
> > > >     -U administrato --nis-domain=samdom \
> > > >     --unix-home=/home/$USER \
> > > >     --uid-number=${NEXTID} \
> > > >     --login-shell=/sbin/nologin \
> > > >     --gid-number=$GUID
> > > > done
> > > >
> > > >
> > > > Of course that script is very simple, but is a beginning. :)
> > > >
> > > > Can you help me to make this script?
> > > >
> >
> > Sorry, but that isn't going to work with 'samba-tool user edit'
> > You would need to write an 'editor' script to do what you would
> > need to do.
> >
> > Bit busy, just now, give me some time, I have a script somewhere
> > that should do what you want.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
>

Found it and tested it, still works ;-)

Hope you can understand it, all you need do is open sam.ldb with
ldbedit, find
'CN=your_workgroup_name,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=your,DC=dns,DC=name'

Add:
msSFU30MaxUidNumber: 'the start number for your UIDs'

Close and save sam.ldb

Then feed the script with the required info, I would suggest you try it
with just one user first.

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: idamp ad/rid

Samba - General mailing list
On 12/2/2017 10:10 AM, Rowland Penny via samba wrote:

> On Sat, 2 Dec 2017 12:13:08 -0200
> Elias Pereira via samba <[hidden email]> wrote:
>
>>> Sorry, but that isn't going to work with 'samba-tool user edit'
>>> You would need to write an 'editor' script to do what you would
>>> need to do.
>>
>> Ok.
>>
>> Bit busy, just now, give me some time, I have a script somewhere that
>>> should do what you want.
>>
>> Of course Rowland. Work on what you're working on. I do not want to
>> disturb you. :)
>>
>> I'll give a researched on the "editor" script.
>>
>> Thanks again for the help !!! :)
>>
>> On Sat, Dec 2, 2017 at 11:01 AM, Rowland Penny via samba <
>> [hidden email]> wrote:
>>
>>> On Sat, 2 Dec 2017 10:21:07 -0200
>>> Elias Pereira <[hidden email]> wrote:
>>>
>>>> Correcting! :)
>>>>
>>>> #!/bin/bash
>>>> #
>>>> GROUP=ADM
>>>> GUID=10000      # Domain Users
>>>> UID=10000         # get the next ID ?
>>>>
>>>> for USER in $(samba-tool group listmembers $GROUP)
>>>> do
>>>>      samba-tool user edit $USER --nis-domain=samdom \
>>>>      --unix-home=/home/$USER \
>>>>      --uid-number=${NEXTID} \
>>>>      --login-shell=/sbin/nologin \
>>>>      --gid-number=$GUID
>>>> done
>>>>
>>>>
>>>> Of course that script is very simple, but is a beginning. :)
>>>>
>>>> Can you help me to make this script?
>>>>
>>>> On Sat, Dec 2, 2017 at 10:05 AM, Elias Pereira
>>>> <[hidden email]> wrote:
>>>>
>>>>> Found it! :)
>>>>>
>>>>> I thought in make a script more or less that way.
>>>>>
>>>>> #!/bin/bash
>>>>> #
>>>>> GROUP=ADM
>>>>> GUID=10000      # Domain Users
>>>>> UID=10000         # get the next ID ?
>>>>>
>>>>> for USER in $(samba-tool group listmembers $GROUP)
>>>>> do
>>>>>      samba-tool user edit $USER -H ldap://samdom.example.com \
>>>>>      -U administrato --nis-domain=samdom \
>>>>>      --unix-home=/home/$USER \
>>>>>      --uid-number=${NEXTID} \
>>>>>      --login-shell=/sbin/nologin \
>>>>>      --gid-number=$GUID
>>>>> done
>>>>>
>>>>>
>>>>> Of course that script is very simple, but is a beginning. :)
>>>>>
>>>>> Can you help me to make this script?
>>>>>
>>> Sorry, but that isn't going to work with 'samba-tool user edit'
>>> You would need to write an 'editor' script to do what you would
>>> need to do.
>>>
>>> Bit busy, just now, give me some time, I have a script somewhere
>>> that should do what you want.
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
> Found it and tested it, still works ;-)
>
> Hope you can understand it, all you need do is open sam.ldb with
> ldbedit, find
> 'CN=your_workgroup_name,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=your,DC=dns,DC=name'
>
> Add:
> msSFU30MaxUidNumber: 'the start number for your UIDs'
>
> Close and save sam.ldb
>
> Then feed the script with the required info, I would suggest you try it
> with just one user first.
>
> Rowland

This was my attempt at getting the next uid. Maybe it can assist with
this project? If not I'll climb back down in my hole.

#!/bin/bash

result=$(ldbsearch -H /usr/local/samba/private/sam.ldb | grep
"uidNumber:" | sort -n | cut -d\      -f2 |tail -n1)

uid1=$(echo $((result+1)))
echo $uid1


--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba