[Samba] id mapping on a dc+file server
Rowland penny
rpenny at samba.org
Fri Aug 9 10:49:30 UTC 2019
On 09/08/2019 10:33, Pisch Tamás via samba wrote:
>> You have to give any users you require visible on Unix a uidNumber attribute
> Ok, I can do it with samba-tool user edit...
>> You have to give 'Domain Users' a gidNumber attribute.
>> You have to give any group you require to be visible a gidNumber
> I know that I can set gidNumber when I create a group, but how can I
> edit the group properties?
>
Try the attached script, ( you will need to make it executable), you
will need the ldb-tools package installed and it must be run on a Samba
AD DC
Rowland
-------------- next part --------------
#!/bin/bash
# ldbaddgidtogroup : adds a gidNumber to a group in AD
# Version 1.0 09/08/19
# Copyright (C) 2019 Rowland Penny
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage : $0 <groupname> <gidNumber>"
exit 1
fi
if [ "$#" -ne 2 ]; then
echo "Usage : $0 <groupname> <gidNumber>"
exit 1
fi
_GROUP="$1"
G_GID="$2"
P_DIR=$(samba -b | grep 'PRIVATE_DIR' | awk '{print $NF}')
SAM="${P_DIR}/sam.ldb"
SUFFIX=$(echo "dc=$(hostname -d)" | sed 's/\./,dc=/g')
# Find groupname : $_GROUP must exist in AD !
_RESULT=$(ldbsearch -H ${SAM} -b "$SUFFIX" -s sub "(&(objectClass=group)(sAMAccountName=$_GROUP))" "*")
# Get Groups DN
_ENTRY=$(echo "$_RESULT" | grep "dn: ")
if [ -z "$_ENTRY" ]; then
echo "Group $_GROUP not found in AD"
exit 1
fi
# Check for gidNumber : $1 must not have one !
_GID=$(echo "$_RESULT" | grep "gidNumber: " | sed "s|gidNumber: ||")
if [ -n "$_GID" ]; then
echo "Group $1 already has a gidNumber!"
exit 1
fi
# Create LDIF
tmp_group="$_ENTRY
changetype: modify
add: gidNumber
gidNumber: $G_GID
-
"
# Modify group entry
echo "$tmp_group" | ldbmodify -H ${SAM} > /dev/null 2>&1
if [ $? != 0 ]; then
echo "Error adding gidNumber to group $1"
exit 1
fi
unset tmp_group
echo "Successfully added gidNumber to group $1"
exit 0
More information about the samba
mailing list