[Samba] Automating the Samba Install
Todd E Thomas
todd_dsm at ssiresults.com
Fri May 1 17:02:12 GMT 2009
Hey all,
I'm coloring outside the lines a little bit here but I would like to
automate the install of a samba pdc. Within that script to install I
would like to assign rights to a group. Here is an example of a few steps:
# Create Unix group:
groupadd domadmins
# Map unix group to samba groups:
net groupmap add ntgroup="Domain Admins" unixgroup=domadmins rid=512 type=d
# Assign rights to samba group:
net rpc rights grant 'OFFICE\Domain Admins' \
SeMachineAccountPrivilege SeTakeOwnershipPrivilege \
SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege \
SePrintOperatorPrivilege SeAddUsersPrivilege \
SeDiskOperatorPrivilege \
-S smbsrv -U root
Our script does this and a whole lot more, all successful but the above
is where we are having the problem. Creating the Unix group and mapping
unix to samba groups are both successful. We've opted to use expect as
nothing else seems appropriate or works.
We are failing on automating assigning rights. We know that the expect
script is communicating with net command just fine because the 'net rpc
rights list ...' does return information. However, the 'net rpc rights
grant ...' with its quotes and backslashes characters doesn't seem to be
working.
Here's the expect script:
---
#!/usr/bin/expect
set MYPASSWD "mypasswd"
# why doesn't this work?
#spawn /usr/bin/net rpc rights grant \\\"OFFICE\\\Domain Admins\\\"
SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege
SeAddUsersPrivilege SeDiskOperatorPrivilege -S smbsrv -U root
# try evaluating arguments first?
set netargs "rpc rights grant \\\"OFFICE\\\\Domain Admins\\\"
SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege
SeAddUsersPrivilege SeDiskOperatorPrivilege -S smbsrv -U root"
eval spawn /usr/bin/net $netargs
expect -re "(^.*)$"
sleep 10
send "$MYPASSWD\r"
puts "\n\tJust slept and sent password, but don't get response Password:
until after this puts statement\n\tIs the spawn not handling quotes and
backslash correctly?"
expect eof
puts "\nconfirm if rights grant worked, note there are no quotes or
backslash in this rpc rights command\n"
spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
expect -re "(^.*)$"
sleep 2
send "$MYPASSWD\r"
expect eof
---
Save the script as e1.exp, chmod 755 e1.exp, invoke as ./e1.exp. Of
course we are running this as root. Here's example of output:
---
spawn /usr/bin/net rpc rights grant "OFFICE\Domain Admins"
SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege
SeAddUsersPrivilege SeDiskOperatorPrivilege -S smbsrv -U root
Just slept and sent password, but don't get response Password:
until after this puts statement
Is the spawn not handling quotes and backslash correctly?
Password:
confirm if rights grant worked, note there are no quotes or backslash in
this rpc rights command
spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
Password:
BUILTIN\Print Operators
No privileges assigned
BUILTIN\Account Operators
No privileges assigned
BUILTIN\Backup Operators
No privileges assigned
BUILTIN\Server Operators
No privileges assigned
BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
Everyone
No privileges assigned
OFFICE\Domain Admins
No privileges assigned
---
Thank you for the assist.
-T
More information about the samba
mailing list