[Samba] ntfs user mappings?

Jeff Sadowski jeff.sadowski at gmail.com
Sun Nov 5 00:42:36 UTC 2017


I decided to continue trying the ldap route as well

littlehex2int()
{
 hex=$1
 hex_chunk=$(echo ${hex}|cut -c$2-$3)
 little=$(echo ${hex_chunk}|awk '{print
substr($0,7,2)substr($0,5,2)substr($0,3,2)substr($0,1,2)}')
 echo "ibase=16; ${little}" | bc
}

base64_to_sid()
{
OBJECTSID="$1"
hex=$(echo ${OBJECTSID}|base64 -d|od -A n -x -w28 --endian=big|sed 's/
//g'|awk '{print toupper($1)}')
hex_chunk=$(echo ${hex}|cut -c1-2);
rev=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c3-4)
dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c5-16)
notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
nonuniq=$(littlehex2int ${hex} 17 24)
issuer1=$(littlehex2int ${hex} 25 32)
issuer2=$(littlehex2int ${hex} 33 40)
issuer3=$(littlehex2int ${hex} 41 48)
uid=$(littlehex2int ${hex} 49 57)
echo "S-${rev}-${dashes}-${nonuniq}-${issuer1}-${issuer2}-${issuer3}-${uid}"
}

On Sat, Nov 4, 2017 at 4:42 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> . DOMAIN_ADMIN_PASSWD.sh
> echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN}
> echo -n > /etc/ntfs-3g.usermap
> for DOMAIN_USER in $(wbinfo -u);do
>  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" ${DOMAIN})
>  if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" !=
> "Failed " ];then
>   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
>   echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap
>  fi
> done
> for DOMAIN_GROUP in $(wbinfo -g);do
>  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}" ${DOMAIN})
>  if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" !=
> "Failed " ];then
>   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
>   echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap
>  fi
> done
>
> On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
>> On Fri, 3 Nov 2017 16:25:57 -0600
>> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>>
>>> That looks easier
>>>
>>> I was working on ldap to convert but I'll try ldb-tools
>>>
>>> I was off on a bash mission here is what I had so far it isn't correct
>>> so I'll keep working on it
>>>
>>> #!/bin/bash
>>> if [ "$(echo $1|wc -c)" = "41" ];then
>>> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed
>>> 's/^0000000 //'|sed 's/ //g')
>>> echo ${hex}
>>> hex_chunk=$(echo ${hex}|cut -c1-2);
>>> echo ${hex_chunk}
>>> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c3-4)
>>> echo ${hex_chunk}
>>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c5-16)
>>> echo ${hex_chunk}
>>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c17-24)
>>> echo ${hex_chunk}
>>> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c25-32)
>>> echo ${hex_chunk}
>>> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c33-40)
>>> echo ${hex_chunk}
>>> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c41-48)
>>> echo ${hex_chunk}
>>> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c49-57)
>>> uid=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> left=$(echo ${hex}|cut -c58-)
>>> echo "[${left}]"
>>> echo
>>> "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}"
>>>
>>> else
>>> echo $1
>>> echo "not 41 characters like I was expecting"
>>> fi
>>>
>>
>> Hmm, you could do this instead:
>>
>> #!/bin/bash
>>
>> ## Get users object into $1 with ldbsearch
>>
>> SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}')
>> echo "$SID"
>>
>> Which would result in something like this:
>>
>> S-1-5-21-1768301897-3342589593-1064908849-1107
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list