[Samba] samba member logon.. question.

Andrey Repin anrdaemon at yandex.ru
Thu Apr 9 09:22:02 MDT 2015 

Greetings, Rowland Penny!

>>>>> Ok, good.
>>>>> Now, how can I get RFC2307 attributes populated automatically upon
>>>>> users or
>>>>> groups creation?
>>>> You can't :-(
>>>> I'm experimenting with
>>>> https://github.com/laotse/SambaPosix
>>>> but it's quite buggy (at least regarding the features I'm trying,
>>>> namely, trying to assign uids the same way as ADUC).
>>>>
>>>>
>>>> Bye
>>> OH yes you can, well I can :-)
>> Can you share how?
>>
>> Bye

> You are using python, which to me is a very big snake, so I bash it :-D

> I just use these two functions in a bash script:

> # Finds the next useable user uidNumber or group gidNumber
> # Input : $1
> # $1 : msSFU30MaxUidNumber or msSFU30MaxGidNumber
> # Output : the first free uidNumber or gidNumber
> _findnext () {
>    ATTR="$1"
>    if [ -z "${ATTR}" ]; then
>        error "No Attribute supplied"
>        error "Cannot continue... Exiting."
>        exit 1
>    fi
>    _NEXTID=$(ldbsearch -H ${LDBDB} -b 
> "CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}"
> -s sub '(objectClass=msSFU30DomainInfo)' ${ATTR} | grep "${ATTR}: " | 
> awk '{print $NF}')
>    if [ -z "$_NEXTID" ] || [ "$_NEXTID" -lt "10000" ]; then
>        _NEXTID="10000"
>    fi
> }

> # UPDATE msSFU30MaxUidNumber/msSFU30MaxGidNumber
> # Input : $1 $2
> # $1: what to update (msSFU30MaxUidNumber or msSFU30MaxGidNumber)
> # $2: Next Number
> #
> # Output : Nothing
> _updatemax () {
>    ATTR="$1"
>    IDNUM="$2"
>    if [ -z "${ATTR}" ] || [ -z "${IDNUM}" ]; then
>        error "Incomplete data supplied."
>        error "Cannot continue... Exiting."
>        exit 1
>    fi
>    echo "Updating ${ATTR}"

>    IDLDIF="dn: 
> CN=${domainNETBios},CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,${domainDN}
> changetype: modify
> replace: ${ATTR}
> ${ATTR}: ${IDNUM}"

>    echo "${IDLDIF}" | ldbmodify -H ${LDBDB}
>    if [ $? != 0 ]; then
>        error "Error updating ${ATTR} in AD."
>        echo "${LDIF}" > /tmp/update.ldif
>        exit 1 # exits here if error
>    fi
>    unset IDLDIF
>    echo "Successfully updated ${ATTR} in AD"
> }

That will only work on a domain controller. I don't want to touch it at all,
if I don't need to blow it apart.
Not to mention, it will not add "objectClass: posixAccount" to the user,
causing all sort of grief in a long run.


-- 
With best regards,
Andrey Repin
Thursday, April 9, 2015 18:13:07

Sorry for my terrible english...

More information about the samba mailing list