I just though I’d share
Edit: I’m not sure if this actually works. All else fails fall back to Ansible
TD;DR
Too Dull; Didn’t Read?
I thought this stopped working after MS pulled the Unix subsystem, as samba was using those attributes to manage the Linux systems?
Microsoft pulled those from the UI, but if you’re adventurous you can just shove those attributes in to user with power shell and it works the same.
Then just use sssd instead of NIS, surprised me at work when this worked.
Do you have any documentation on this by any chance? I don’t really like messing with ad schemas
sorry I don’t have any real documentation but I have a snippet of powershell that explains it pretty well here this comes from a user creation script I wrote back when they removed the unix UI.
I was using Get-AdUser and discovered that the properties still existed but you have to manually shove those in, when an sssd “domain bound” linux machine has a user with these props login, they get the defined UID and GID and homefolder etc.
$otherAttributes = @{} Write-Host -ForegroundColor Yellow "Adding Linux Attributes" # get the next numeric uid number from AD $uidNumber=((get-aduser -Filter * -Properties * | where-object {$_.uidNumber} | select uidNumber | sort uidNumber | select -Last 1).uidNumber)+1 $otherAttributes.Add("unixHomeDirectory","/homefolder/path/$($samAccountName)") $otherAttributes.Add("uid","$($samAccountName)") $otherAttributes.Add("gidNumber","$($gidNumber)") $otherAttributes.Add("uidNumber","$($uidNumber)") $otherAttributes.Add("loginShell","$($loginShell)") $UserArgs = @{ Credential = $creds Enabled = $true ChangePasswordAtLogon = $true Path = $usersOU HomeDirectory = "$homeDirPath\$samAccountName" HomeDrive = $homeDriveLetter GivenName = $firstName Surname = $lastName DisplayName = $displayName SamAccountName = $samAccountName Name = $displayName AccountPassword = $securePW UserPrincipalName = "$($aliasName)@DOMAIN.COM" OtherAttributes = $otherAttributes } $newUser = New-ADUser @UserArgsbasically the “OtherAttributes” on the ADUser object is a hashtable that holds all the special additional LDAP attributes, so in this example we use $otherAttributes to add all the fields we need, you can do the same with “Set-Aduser” if you just wanna edit an existing user and add these props
the @thing on New-ADuser is called a splat, very useful if you’re not familiar, it turns a hashtable into arguments
lemme know if you have any questions
I think you could boil it down to something like
Set-ADUser bob -otherattributes {uidNumber=1005, gidNumber=1005}
I don’t know. I just found this why looking for something else.
Grid by Zorin, whenever it gets released, will be what you want
But is it distro acrostic?
Why why why would you do that?
Because your insane?
Actually it might be useful in mixed Windows Linux environments.
Compliance. Control. Security. Lots of things?
I hope the global catalog gets finished one day for freeipa.
Very cool!
All else fails fall back to Ansible
Fucking hell. THAT far back?
We were doing everything Ansible does for the 95% case in 2002. Like, for 95% of use-cases, Ansible is absolutely no better than a conglomeration of tools from 2002. Definitely no reason to pay licensing.
Bonus: since it’s version-agnostic (another win over Ansible if you’ve ever managed Tower/AAP/whatever next week) I’m still using that paradigm today because it works SO well. It’s losing to Cinc or mgmtConfig but only because those are 1 and 2 generations newer than Ansible and do offer distinguishing features.
Ansible is foss, free of cost and requires almost no additional overhead or hardware.
It isn’t the best sometimes but if you have a bunch of machines to manage it works great. (Assuming they aren’t behind a NAT)
Ansible is foss, free of cost and requires almost no additional overhead or hardware.
Um, why are you stressing foss ? I only ask because the 2002 kit was
- cron
- make
- awk
- at
- rpm
‘It’s foss’ isn’t really a selling point, here, since ansible is still outmatched by everything else available – including that gaggle of tools from 22 years ago.
… which was foss.
The only thing Ansible has going for it is momentum; and cult-people who haven’t seen Chef or even that aforementioned tool-bag. Heaven forbid someone sees MgmtConfig converging 1000 machines in under a second immediately after a file is changed on one (ergo no playbook run taking 10 minutes). They’d be crying every day afterward that they were still stuck on worse-than-2002-technology Ansible. At 2002, Ansible pre-dates GOOGLE MAPS for technology; and facebook; and the iPhone. Ansible is the MapQuest Printout of technology.
The new tech is so reactive, it can revert a file back to conformity immediately after it’s saved; before it can be reopened!
AND IT’S STILL OPEN SOURCE. Of course. Because that’s a no-brainer.
Keep your filthy Microsoft mitts off my Linux environment
Do you run a Linux environment? If so, you should post about it (don’t reveal to much info obviously)
I run linux on my kettle don’t you know
Can you play doom on it?
