this post was submitted on 19 Apr 2024
103 points (94.8% liked)

Linux

48287 readers
638 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I just though I'd share

Edit: I'm not sure if this actually works. All else fails fall back to Ansible

you are viewing a single comment's thread
view the rest of the comments
[–] Luci@lemmy.ca 2 points 7 months ago (1 children)

Do you have any documentation on this by any chance? I don't really like messing with ad schemas

[–] cheet@infosec.pub 1 points 6 months ago (1 children)

sorry I don't have any real documentation but I have a snippet of powershell that explains it pretty well here this comes from a user creation script I wrote back when they removed the unix UI.

I was using Get-AdUser and discovered that the properties still existed but you have to manually shove those in, when an sssd "domain bound" linux machine has a user with these props login, they get the defined UID and GID and homefolder etc.

$otherAttributes = @{}
Write-Host -ForegroundColor Yellow "Adding Linux Attributes"

# get the next numeric uid number from AD
$uidNumber=((get-aduser -Filter * -Properties * | where-object {$_.uidNumber} | select uidNumber | sort uidNumber | select -Last 1).uidNumber)+1

$otherAttributes.Add("unixHomeDirectory","/homefolder/path/$($samAccountName)")
$otherAttributes.Add("uid","$($samAccountName)")
$otherAttributes.Add("gidNumber","$($gidNumber)")
$otherAttributes.Add("uidNumber","$($uidNumber)")
$otherAttributes.Add("loginShell","$($loginShell)")

$UserArgs = @{
    Credential = $creds
    Enabled = $true
    ChangePasswordAtLogon = $true
    Path = $usersOU
    HomeDirectory = "$homeDirPath\$samAccountName"
    HomeDrive = $homeDriveLetter
    GivenName = $firstName
    Surname = $lastName
    DisplayName = $displayName
    SamAccountName = $samAccountName
    Name = $displayName
    AccountPassword = $securePW
    UserPrincipalName = "$($aliasName)@DOMAIN.COM"
    OtherAttributes = $otherAttributes
}

$newUser = New-ADUser @UserArgs

basically the "OtherAttributes" on the ADUser object is a hashtable that holds all the special additional LDAP attributes, so in this example we use $otherAttributes to add all the fields we need, you can do the same with "Set-Aduser" if you just wanna edit an existing user and add these props

the @thing on New-ADuser is called a splat, very useful if you're not familiar, it turns a hashtable into arguments

lemme know if you have any questions

[–] cheet@infosec.pub 1 points 6 months ago* (last edited 6 months ago)

I think you could boil it down to something like Set-ADUser bob -otherattributes {uidNumber=1005, gidNumber=1005}