[Samba] [SOLVE] Batch computer account creation
Thomas Sondag
thomas.sondag at gmail.com
Thu Jul 30 01:42:53 MDT 2009
I found the solution by setting userAccountControl to "4096" ( the
samba net ads join set this value to "69632" and I think that's
incorrect )
If somebody is interested :
#! /usr/bin/perl
use strict;
use Net::LDAP;
use Net::LDAP::Entry;
my $base_dn = "DC=my,DC=domain";
my $computer_name = "host02";
my $computer_branche = "OU=Workstations";
my $computer_dn = "CN=$computer_name,$computer_branche,$base_dn";
my $domain = "my.domain";
my $ldap = Net::LDAP->new( 'ldap://epluxsdc01') or die "$@";
my $mesg = $ldap->bind ("CN=Administrator,CN=Users,$base_dn", password
=> "password");
$mesg->code && die $mesg->error;
my $entry = Net::LDAP::Entry->new;
$entry->dn("$computer_dn");
$entry->add (
objectClass => [ qw(top person organizationalPerson user computer) ],
cn => "$computer_name",
name => $computer_name,
dNSHostName => $computer_name . '.ep.parl.union.eu' ,
sAMAccountName => uc($computer_name) .'$',
objectCategory => "CN=Computer,CN=Schema,CN=Configuration,$base_dn",
operatingSystem => 'EP Linux Desktop LXD',
operatingSystemVersion => '3',
mail => 'ISPcell-SALX at europarl.europa.eu',
userPrincipalName => 'HOST/'. uc($computer_name) .'@'.uc($domain),
servicePrincipalName => [
"HOST/$computer_name.$domain",
"HOST/$computer_name",
"CIFS/$computer_name.$domain",
"CIFS/$computer_name",
"nfs/$computer_name.$domain",
"nfs/$computer_name" ],
userAccountControl => "4096",
);
my $mesg = $entry->update ( $ldap ); # update directory server
$mesg->code && die $mesg->error;
my $mesg = $ldap->search( # perform a search
base => "$base_dn",
filter => "CN=$computer_name"
);
$mesg->code && die $mesg->error;
foreach my $entry ($mesg->entries) {
foreach my $attr ( $entry->attributes) {
if ($attr eq "objectSid" or $attr eq "objectGUID" ) {
print "$attr : ". _sid2string($entry->get_value ($attr))."\n"
} else {
print "$attr : ". $entry->get_value ($attr)."\n";
}
}
}
sub _sid2string {
my $sid = shift;
my (@unpack) = unpack( "H2 H2 n N V*", $sid );
my ( $sid_rev, $num_auths, $id1, $id2, @ids ) = (@unpack);
my $string = join( "-", "S", $sid_rev, ( $id1 << 32 ) + $id2, @ids );
return $string;
}
sub _string2sid {
my $string = shift;
my (@split) = split( m/\-/, $string );
my ( $prefix, $sid_rev, $auth_id, @ids ) = (@split);
if ( $auth_id != scalar(@ids) ) {
die "bad string: $string";
}
my $sid = pack( "C4", "$sid_rev", "$auth_id", 0, 0 );
$sid .= pack( "C4",
( $auth_id & 0xff000000 ) >> 24,
( $auth_id & 0x00ff0000 ) >> 16,
( $auth_id & 0x0000ff00 ) >> 8,
$auth_id & 0x000000ff );
for my $i (@ids) {
$sid .= pack( "I", $i );
}
return $sid;
}
More information about the samba
mailing list