[Samba] Automating the Samba Install

Todd E Thomas todd_dsm at ssiresults.com
Sun May 3 19:25:46 GMT 2009 

Cameron,

I've discovered the beauty of autoexpect to help me learn different 
command syntax for expect. I now have something that works that I can 
play with and parameterize things like passwords and prompts too. Please 
ignore my last email request for help. I'm on my way to a new world of 
exploring expect. Thank you for your help and guidance.

-T

BTW, this is the working expect script:
----
#!/usr/bin/expect -f
#
# This script lists accounts on a samba server, then grants different 
rights to "OFFICE\Domain Admins",
#       then lists accounts rights again to see that rights were granted 
successfully.
#
# This Expect script was generated by autoexpect and then modified to 
parameterize variables.
# Expect and autoexpect were both written by Don Libes, NIST.
#

# this script assumes root's prompt ends with pound sign followed by a space
set PROMPT "# "
set USER "root"
set PASSWD "myrootpassword"
set SAMBASERVER "smbsrv"

set timeout -1
spawn $env(SHELL)
match_max 100000

expect -re ".*$PROMPT"
send -- "net rpc rights list accounts -S $SAMBASERVER -U $USER\r"
expect ssword:
send -- "$PASSWD\r"

expect -re ".*$PROMPT"
send -- "/usr/bin/net rpc rights grant \"OFFICE\\Domain Admins\" 
SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege 
SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege 
SeAddUsersPrivilege SeDiskOperatorPrivilege -S $SAMBASERVER -U $USER\r"
expect ssword:
send -- "$PASSWD\r"

expect -re "\r
Successfully granted rights.\r
.*$PROMPT"
send -- "net rpc rights list accounts -S $SAMBASERVER -U $USER\r"
expect ssword:
send -- "$PASSWD\r"

expect -re ".*$PROMPT"
send -- "exit\r"

expect eof
----

Cameron Laird wrote:
> Expect is simply indispensable for much network and system management 
> <URL: http://www.ibm.com/developerworks/aix/library/au-expect/ >.  It's 
> easy to misapply, though; briefly, your Expect script has far better 
> intentions than implementation.
> Where you have
>     spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
>     expect -re "(^.*)$"
>     sleep 2
>     send "$MYPASSWD\r"
>     expect eof
> for example, my first recommendation would be
>     log_user 0
>     spawn net rpc rights list accounts -S smbsrv -U root
>     expect assword:
>     send $MYPASSWD\r
>     expect eof
>     puts $expect_out(buffer)
> While I'm not certain of your requirements for this script, my version 
> should get you farther, and will be more reliable.
> Let me know if you want me to rewrite the first half, too.
> On Fri, May 1, 2009 at 12:02 PM, Todd E Thomas <todd_dsm at ssiresults.com 
> <mailto:todd_dsm at ssiresults.com>> wrote:
> 
>     Hey all,
> 
>     I'm coloring outside the lines a little bit here but I would like to
>     automate the install of a samba pdc. Within that script to install I
>     would like to assign rights to a group. Here is an example of a few
>     steps:
> 
>     # Create Unix group:
>     groupadd domadmins
> 
>     # Map unix group to samba groups:
>     net groupmap add ntgroup="Domain Admins" unixgroup=domadmins rid=512
>     type=d
> 
>     # Assign rights to samba group:
>     net rpc rights grant 'OFFICE\Domain Admins' \
>            SeMachineAccountPrivilege SeTakeOwnershipPrivilege \
>            SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege \
>            SePrintOperatorPrivilege SeAddUsersPrivilege \
>            SeDiskOperatorPrivilege \
>            -S smbsrv -U root
> 
>     Our script does this and a whole lot more, all successful but the
>     above is where we are having the problem. Creating the Unix group
>     and mapping unix to samba groups are both successful. We've opted to
>     use expect as nothing else seems appropriate or works.
> 
>     We are failing on automating assigning rights. We know that the
>     expect script is communicating with net command just fine because
>     the 'net rpc rights list ...' does return information. However, the
>     'net rpc rights grant ...' with its quotes and backslashes
>     characters doesn't seem to be working.
> 
>     Here's the expect script:
>     ---
>     #!/usr/bin/expect
> 
>     set MYPASSWD "mypasswd"
> 
>     # why doesn't this work?
>     #spawn /usr/bin/net rpc rights grant \\\"OFFICE\\\Domain Admins\\\"
>     SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
>     SeRestorePrivilege SeRemoteShutdownPrivilege
>     SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege
>     -S smbsrv -U root
> 
>     # try evaluating arguments first?
> 
>     set netargs "rpc rights grant \\\"OFFICE\\\\Domain Admins\\\"
>     SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
>     SeRestorePrivilege SeRemoteShutdownPrivilege
>     SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege
>     -S smbsrv -U root"
>     eval spawn /usr/bin/net $netargs
> 
>     expect -re "(^.*)$"
>     sleep 10
>     send "$MYPASSWD\r"
>     puts "\n\tJust slept and sent password, but don't get response
>     Password: until after this puts statement\n\tIs the spawn not
>     handling quotes and backslash correctly?"
>     expect eof
> 
>     puts "\nconfirm if rights grant worked, note there are no quotes or
>     backslash in this rpc rights command\n"
>     spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
>     expect -re "(^.*)$"
>     sleep 2
>     send "$MYPASSWD\r"
>     expect eof
>     ---
> 
>     Save the script as e1.exp, chmod 755 e1.exp, invoke as ./e1.exp. Of
>     course we are running this as root. Here's example of output:
>     ---
>     spawn /usr/bin/net rpc rights grant "OFFICE\Domain Admins"
>     SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
>     SeRestorePrivilege SeRemoteShutdownPrivilege
>     SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege
>     -S smbsrv -U root
> 
>            Just slept and sent password, but don't get response
>     Password: until after this puts statement
>            Is the spawn not handling quotes and backslash correctly?
>     Password:
> 
>     confirm if rights grant worked, note there are no quotes or
>     backslash in this rpc rights command
> 
>     spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
>     Password:
>     BUILTIN\Print Operators
>     No privileges assigned
> 
>     BUILTIN\Account Operators
>     No privileges assigned
> 
>     BUILTIN\Backup Operators
>     No privileges assigned
> 
>     BUILTIN\Server Operators
>     No privileges assigned
> 
>     BUILTIN\Administrators
>     SeMachineAccountPrivilege
>     SeTakeOwnershipPrivilege
>     SeBackupPrivilege
>     SeRestorePrivilege
>     SeRemoteShutdownPrivilege
>     SePrintOperatorPrivilege
>     SeAddUsersPrivilege
>     SeDiskOperatorPrivilege
> 
>     Everyone
>     No privileges assigned
> 
>     OFFICE\Domain Admins
>     No privileges assigned
>     ---
> 
>     Thank you for the assist.
> 
>     -T
> 
> 
> 
> 
> 
> 
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> 
> 
> -- 
> 
> Cameron Laird
> +1 817 280 1145  Building 27, Q2/#35
> +1 281 648 9889

More information about the samba mailing list