[Samba] Samba 4 posixGroup mapping

steve steve at steve-ss.com
Tue Feb 7 08:02:56 MST 2012


Hi Geza, hi everyone
I had a go at the script:
s4user <cn> <uid> <gid> <windows-group>
where <windows-group> is a posiixGroup'ified group from samba-tool group 
add.
cat s4user
#!/bin/sh
echo "Creating s4 posix user "$1
echo "Pls enter pwd for "$1
samba-tool user add $1
echo "dn: cn=$1,cn=Users,dc=hh3,dc=site
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: uidnumber
uidnumber: $2
-
add: gidnumber
gidnumber: $3
-
add:unixhomedirectory
unixhomedirectory: /home/CACTUS/$1
-
add: loginshell
loginshell: /bin/bash" > $1
#ldbmodify -f /some/temporary-file ###can't get the syntax!###
ldapmodify -h 192.168.1.3 -D cn=Administrator,cn=Users,dc=hh3,dc=site -f 
$1 -Y GSSAPI
samba-tool group addmembers $4 $1
mkdir /home/CACTUS/$1
chown $1:$4 /home/CACTUS/$1
rm $1
echo $1 "rfc2307-ified"

and:

./s4user steve6 3000030 2000 suseusers
Creating s4 posix user steve6
Pls enter pwd for steve6
New Password:
User 'steve6' created successfully
SASL/GSSAPI authentication started
SASL username: Administrator at HH3.SITE
SASL SSF: 56
SASL data security layer installed.
modifying entry "cn=steve6,cn=Users,dc=hh3,dc=site"
Added members to group suseusers
steve6 rfc2307-ified
hh3:/home/steve # exit
exit
steve at hh3:~> su steve6
Password:
Warning: Your password will expire in 41 days on Tue 20 Mar 2012 14:52:02
CET
steve6 at hh3:/home/steve> cd ../CACTUS/steve6
steve6 at hh3:~> touch hola
steve6 at hh3:~> ls -la
total 12
drwxr-xr-x  2 steve6 suseusers 4096 Feb  7 14:53 .
drwxr-xr-x 10 root   root      4096 Feb  7 14:52 ..
-rw-r--r--  1 steve6 suseusers    0 Feb  7 14:53 hola
-rw-------  1 steve6 suseusers   48 Feb  7 14:52 .xauthoa0jlX
steve6 at hh3:~>

Yeah!

I need to tidy the script up a bit and particularly look for the nslcd 
pid before continuing.
As usual, a few qns. Sorry.
1. As this ignores winbind, is there any need to use winbind like uid's?
2. I can't get the syntax for ldbmodify:(
3. Is there a cheap way to get the next available uid from ldap? I 
thought of sticking a base id in a file and incrementing it each time 
s4user was called. Then pulling it back from the file when the script 
was called for the next user.

Cheers,
Steve



More information about the samba mailing list