[Samba] Automating the Samba Install
Cameron Laird
claird.visiprise at gmail.com
Fri May 1 22:38:43 GMT 2009
Expect is simply indispensable for much network and system management <URL:
http://www.ibm.com/developerworks/aix/library/au-expect/ >. It's easy to
misapply, though; briefly, your Expect script has far better intentions than
implementation.
Where you have
spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
expect -re "(^.*)$"
sleep 2
send "$MYPASSWD\r"
expect eof
for example, my first recommendation would be
log_user 0
spawn net rpc rights list accounts -S smbsrv -U root
expect assword:
send $MYPASSWD\r
expect eof
puts $expect_out(buffer)
While I'm not certain of your requirements for this script, my version
should get you farther, and will be more reliable.
Let me know if you want me to rewrite the first half, too.
On Fri, May 1, 2009 at 12:02 PM, Todd E Thomas <todd_dsm at ssiresults.com>wrote:
> Hey all,
>
> I'm coloring outside the lines a little bit here but I would like to
> automate the install of a samba pdc. Within that script to install I would
> like to assign rights to a group. Here is an example of a few steps:
>
> # Create Unix group:
> groupadd domadmins
>
> # Map unix group to samba groups:
> net groupmap add ntgroup="Domain Admins" unixgroup=domadmins rid=512 type=d
>
> # Assign rights to samba group:
> net rpc rights grant 'OFFICE\Domain Admins' \
> SeMachineAccountPrivilege SeTakeOwnershipPrivilege \
> SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege \
> SePrintOperatorPrivilege SeAddUsersPrivilege \
> SeDiskOperatorPrivilege \
> -S smbsrv -U root
>
> Our script does this and a whole lot more, all successful but the above is
> where we are having the problem. Creating the Unix group and mapping unix to
> samba groups are both successful. We've opted to use expect as nothing else
> seems appropriate or works.
>
> We are failing on automating assigning rights. We know that the expect
> script is communicating with net command just fine because the 'net rpc
> rights list ...' does return information. However, the 'net rpc rights grant
> ...' with its quotes and backslashes characters doesn't seem to be working.
>
> Here's the expect script:
> ---
> #!/usr/bin/expect
>
> set MYPASSWD "mypasswd"
>
> # why doesn't this work?
> #spawn /usr/bin/net rpc rights grant \\\"OFFICE\\\Domain Admins\\\"
> SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
> SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege
> SeAddUsersPrivilege SeDiskOperatorPrivilege -S smbsrv -U root
>
> # try evaluating arguments first?
>
> set netargs "rpc rights grant \\\"OFFICE\\\\Domain Admins\\\"
> SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
> SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege
> SeAddUsersPrivilege SeDiskOperatorPrivilege -S smbsrv -U root"
> eval spawn /usr/bin/net $netargs
>
> expect -re "(^.*)$"
> sleep 10
> send "$MYPASSWD\r"
> puts "\n\tJust slept and sent password, but don't get response Password:
> until after this puts statement\n\tIs the spawn not handling quotes and
> backslash correctly?"
> expect eof
>
> puts "\nconfirm if rights grant worked, note there are no quotes or
> backslash in this rpc rights command\n"
> spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
> expect -re "(^.*)$"
> sleep 2
> send "$MYPASSWD\r"
> expect eof
> ---
>
> Save the script as e1.exp, chmod 755 e1.exp, invoke as ./e1.exp. Of course
> we are running this as root. Here's example of output:
> ---
> spawn /usr/bin/net rpc rights grant "OFFICE\Domain Admins"
> SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
> SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege
> SeAddUsersPrivilege SeDiskOperatorPrivilege -S smbsrv -U root
>
> Just slept and sent password, but don't get response Password: until
> after this puts statement
> Is the spawn not handling quotes and backslash correctly?
> Password:
>
> confirm if rights grant worked, note there are no quotes or backslash in
> this rpc rights command
>
> spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
> Password:
> BUILTIN\Print Operators
> No privileges assigned
>
> BUILTIN\Account Operators
> No privileges assigned
>
> BUILTIN\Backup Operators
> No privileges assigned
>
> BUILTIN\Server Operators
> No privileges assigned
>
> BUILTIN\Administrators
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
>
> Everyone
> No privileges assigned
>
> OFFICE\Domain Admins
> No privileges assigned
> ---
>
> Thank you for the assist.
>
> -T
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Cameron Laird
+1 817 280 1145 Building 27, Q2/#35
+1 281 648 9889
More information about the samba
mailing list