[Samba] See if authenticated user is in group XYZ

James Zuelow James_Zuelow at ci.juneau.ak.us
Wed Jun 7 17:52:41 GMT 2006 


 

> -----Original Message-----
> From: 
> samba-bounces+james_zuelow=ci.juneau.ak.us at lists.samba.org 
> [mailto:samba-bounces+james_zuelow=ci.juneau.ak.us at lists.samba
> .org] On Behalf Of Jeremiah Martell
> Sent: Wednesday, June 07, 2006 9:05 AM
> To: samba at lists.samba.org
> Subject: [Samba] See if authenticated user is in group XYZ
> 
> I have winbindd running.
> I run wbinfo -a userXYZ%pass and it succeeds
> 
> Now I want to know if userXYZ is in group "monkeys", but I dont want
> to have to have to map anything. Is this possible? Is there a way to
> just say "give me the windows group names that userXYZ is in?" or "is
> userXYZ in windows group name 'monkeys'?"
> 
>   Thanks!
>  - Jeremiah
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


This works for me, listing the groups a user is in.  You could modify it
to do the reverse.  Be careful, Outlook tends to trash scripts I mail
with extra newlines, etc.


-----------------CUT
HERE-------------------------------------------------------
#!/bin/bash
#############################################################
# domain_groups
# enumerate the domain groups a Domain user is in.
# wbinfo -r returns numeric gids, and "groups (user)" will
# usually just return "Domain Users"
# This script chains together several wbinfo commands to
# return the human readable group names a domain user is in.
# Depends of course on Samba & Winbind installed and working.
# James Zuelow // City and Borough of Juneau
# 02 May 2006
###############################################################
if [[ -z $1 ]]
then
	dsep=`wbinfo --separator`
	echo "useage: domain_groups (user_name)"
	echo "        You may need to supply the domain if winbind does
not use default domain."
	echo "        i.e. domain_groups NT_DOMAIN${dsep}user_name"
	exit 1
fi

dgroupgids=`wbinfo -r $1`
#echo ${dgroupgids}
for gid in $dgroupgids
	do
	dgroupsid=`wbinfo -G ${gid}`
	dgroupnam=`wbinfo -s ${dgroupsid} |rev | cut -c 3- | rev`
	echo " ${dgroupnam}"
done 

------------------CUT
HERE--------------------------------------------------------


James Zuelow....................CBJ MIS (907)586-0236
Network Specialist...Registered Linux User No. 186591

More information about the samba mailing list