[Samba] samba member logon.. question.

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 9 08:36:47 MDT 2015


On 09/04/15 15:32, Luca Olivetti wrote:
> El 09/04/15 a les 16:20, Rowland Penny ha escrit:
>> On 09/04/15 14:58, Luca Olivetti wrote:
>>> El 09/04/15 a les 14:57, Andrey Repin ha escrit:
>>>>> Using the RFC2307 attributes, you will get the same ID number on every
>>>>> Unix machine, whereas if you use the 'rid' backend, whilst you should
>>>>> get the same ID on each Unix machine, you will never get the same ID on
>>>>> an AD DC, in fact without intervention, you will get a different ID on
>>>>> different DCs
>>>> Ok, good.
>>>> Now, how can I get RFC2307 attributes populated automatically upon
>>>> users or
>>>> groups creation?
>>> You can't :-(
>>> I'm experimenting with
>>> https://github.com/laotse/SambaPosix
>>> but it's quite buggy (at least regarding the features I'm trying,
>>> namely, trying to assign uids the same way as ADUC).
>>>
>>>
>>> Bye
>> OH yes you can, well I can :-)
> Can you share how?
>
> Bye

You are using python, which to me is a very big snake, so I bash it :-D

I just use these two functions in a bash script:

# Finds the next useable user uidNumber or group gidNumber
# Input : $1
# $1 : msSFU30MaxUidNumber or msSFU30MaxGidNumber
# Output : the first free uidNumber or gidNumber
_findnext () {
   ATTR="$1"
   if [ -z "${ATTR}" ]; then
       error "No Attribute supplied"
       error "Cannot continue... Exiting."
       exit 1
   fi
   _NEXTID=$(ldbsearch -H ${LDBDB} -b 
"CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}" 
-s sub '(objectClass=msSFU30DomainInfo)' ${ATTR} | grep "${ATTR}: " | 
awk '{print $NF}')
   if [ -z "$_NEXTID" ] || [ "$_NEXTID" -lt "10000" ]; then
       _NEXTID="10000"
   fi
}

# UPDATE msSFU30MaxUidNumber/msSFU30MaxGidNumber
# Input : $1 $2
# $1: what to update (msSFU30MaxUidNumber or msSFU30MaxGidNumber)
# $2: Next Number
#
# Output : Nothing
_updatemax () {
   ATTR="$1"
   IDNUM="$2"
   if [ -z "${ATTR}" ] || [ -z "${IDNUM}" ]; then
       error "Incomplete data supplied."
       error "Cannot continue... Exiting."
       exit 1
   fi
   echo "Updating ${ATTR}"

   IDLDIF="dn: 
CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}
changetype: modify
replace: ${ATTR}
${ATTR}: ${IDNUM}"

   echo "${IDLDIF}" | ldbmodify -H ${LDBDB}
   if [ $? != 0 ]; then
       error "Error updating ${ATTR} in AD."
       echo "${LDIF}" > /tmp/update.ldif
       exit 1 # exits here if error
   fi
   unset IDLDIF
   echo "Successfully updated ${ATTR} in AD"
}

Rowland


More information about the samba mailing list