I know I can set or modify RFC2307 attributes like uidNumber and gidNumber from the Windows side using RSAT. Since this is rather painfull with larger numbers of users and groups I'd really like to find a way to do it on the Linux command line. Is there a way to do this on Samba 4.3.11 (the version currently shipped with Ubuntu)?
Asked
Active
Viewed 2,947 times
2 Answers
2
Personally I would use LDAP as the protocol to connect to your Active Directory domain controller from Linux.
Then either use your favourite scripting language to connect directly to AD, or simply generate an LDIF file with your intended changes and use the ldapmodify commandline utility to do a bulk change.
# A simple LDIF to change a uidNumber and set a gidNumber
# for both John and Jane Doe would look like:
dn: cn=John Doe,ou=Users,dc=example,dc=com
changetype: modify
replace: uidNumber
uidNumber: 9001
-
add: gidNumber
gidNumber: 9001
-
dn: cn=Jane Doe,ou=Users,dc=example,dc=com
changetype: modify
add: uidNumber
uidNumber: 9002
-
add: gidNumber
gidNumber: 9001
-
# EOF
HBruijn
- 77,029
- 24
- 135
- 201
-
Thank you, that worked very well. Just for reference: I ended up using `ldbmodify` with Kerberos. – user292812 Apr 26 '17 at 11:49
1
Try ldbedit -H /var/lib/samba/private/sam.ldb and ldbedit -H /var/lib/samba/private/idmap.ldb
-
`ldbedit` is definitively a nice tool, but this would mean editing by hand, right? I'll rather go for an ldif solution, it's more convenient and secure. But +1 for mentioning it. – user292812 Apr 28 '17 at 06:35