This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ldap:ad_rfc2307 [2021/09/28 22:20] manu |
ldap:ad_rfc2307 [2022/03/28 21:11] (current) manu |
||
---|---|---|---|
Line 67: | Line 67: | ||
Set-ADUser | Set-ADUser | ||
+ | If Powershell modules are missing, install them | ||
+ | Get-WindowsCapability -Name RSAT.ActiveDirectory* -Online | Add-WindowsCapability -Online | ||
+ | | ||
Here is an example to create a AD group “linux_user” with a GID of 20000 and a NisDomain “emc”: | Here is an example to create a AD group “linux_user” with a GID of 20000 and a NisDomain “emc”: | ||
- | <cli prompt='$'> | ||
- | $ New-ADGroup -name linux_user -GroupScope 1 -OtherAttributes @{msSFU30NisDomain='emc';gidNumber=20000} | ||
- | </cli> | ||
- | |||
<cli prompt='$'> | <cli prompt='$'> | ||
$ New-ADGroup -name linux_user -GroupScope 1 -OtherAttributes @{msSFU30NisDomain='emc';gidNumber=20000} | $ New-ADGroup -name linux_user -GroupScope 1 -OtherAttributes @{msSFU30NisDomain='emc';gidNumber=20000} | ||
Line 77: | Line 76: | ||
If you have an existing group you can use following cmdlet to add the attributes: | If you have an existing group you can use following cmdlet to add the attributes: | ||
- | <cli prompt='$'> | ||
- | $ Set-ADGroup -Instance linux_user -Add @{msSFU30NisDomain='emc';gidNumber=20000} | ||
- | </cli> | ||
- | |||
<cli prompt='$'> | <cli prompt='$'> | ||
$ Set-ADGroup -Instance linux_user -Add @{msSFU30NisDomain='emc';gidNumber=20000} | $ Set-ADGroup -Instance linux_user -Add @{msSFU30NisDomain='emc';gidNumber=20000} | ||
Line 86: | Line 81: | ||
Next we are creating an user “user1” with a UID of 10000, being member of group 20000 and NisDomain ’emc’. Furthermore the user will use “/bin/bash” as login shell and a home directory located in “/home/EMC/user1”. | Next we are creating an user “user1” with a UID of 10000, being member of group 20000 and NisDomain ’emc’. Furthermore the user will use “/bin/bash” as login shell and a home directory located in “/home/EMC/user1”. | ||
- | <cli prompt='$'> | ||
- | $ New-ADUser -name user1 -OtherAttributes @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'} | ||
- | </cli> | ||
- | |||
<cli prompt='$'> | <cli prompt='$'> | ||
$ New-ADUser -name user1 -OtherAttributes @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'} | $ New-ADUser -name user1 -OtherAttributes @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'} | ||
Line 99: | Line 90: | ||
</cli> | </cli> | ||
- | <cli prompt='$'> | ||
- | $ Set-ADUser -Instance user1 -Add @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'} | ||
- | </cli> | ||
- | |||
Now you are able to query the active directory by LDAP from you linux client system to resolve user and group attributes. Furthermore you have a mapping between windows and linux users which is necessary for a multiprotocol access to NAS! | Now you are able to query the active directory by LDAP from you linux client system to resolve user and group attributes. Furthermore you have a mapping between windows and linux users which is necessary for a multiprotocol access to NAS! | ||
Line 110: | Line 97: | ||
</cli> | </cli> | ||
- | for ($i=1; $i -le 5; $i++){New-ADUser -name ('user' + $i) -PasswordNeverExpires:$true -AccountPassword (ConvertTo-SecureString "Passw0rd" -AsPlainText -Force) -Enabled:$true -OtherAttributes @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'}; Add-ADGroupMember -Identity linux_user -Members ('user'+$i)} | ||
- | |||
The last steps are configuring and joining the linux host to our active directory. This will be covered in one of the next posts. | The last steps are configuring and joining the linux host to our active directory. This will be covered in one of the next posts. | ||