Cameron,
I've discovered the beauty of autoexpect to help me learn different
command syntax for expect. I now have something that works that I can
play with and parameterize things like passwords and prompts too. Please
ignore my last email request for help. I'm on my way to a new world of
exploring expect. Thank you for your help and guidance.
-T
BTW, this is the working expect script:
----
#!/usr/bin/expect -f
#
# This script lists accounts on a samba server, then grants different
rights to "OFFICE\Domain Admins",
# then lists accounts rights again to see that rights were granted
successfully.
#
# This Expect script was generated by autoexpect and then modified to
parameterize variables.
# Expect and autoexpect were both written by Don Libes, NIST.
#
# this script assumes root's prompt ends with pound sign followed by a space
set PROMPT "# "
set USER "root"
set PASSWD "myrootpassword"
set SAMBASERVER "smbsrv"
set timeout -1
spawn $env(SHELL)
match_max 100000
expect -re ".*$PROMPT"
send -- "net rpc rights list accounts -S $SAMBASERVER -U $USER\r"
expect ssword:
send -- "$PASSWD\r"
expect -re ".*$PROMPT"
send -- "/usr/bin/net rpc rights grant \"OFFICE\\Domain Admins\"
SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege
SeAddUsersPrivilege SeDiskOperatorPrivilege -S $SAMBASERVER -U $USER\r"
expect ssword:
send -- "$PASSWD\r"
expect -re "\r
Successfully granted rights.\r
.*$PROMPT"
send -- "net rpc rights list accounts -S $SAMBASERVER -U $USER\r"
expect ssword:
send -- "$PASSWD\r"
expect -re ".*$PROMPT"
send -- "exit\r"
expect eof
----
Cameron Laird wrote:
Expect is simply indispensable for much network and system management
<URL: http://www.ibm.com/developerworks/aix/library/au-expect/ >. It's
easy to misapply, though; briefly, your Expect script has far better
intentions than implementation.
Where you have
spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
expect -re "(^.*)$"
sleep 2
send "$MYPASSWD\r"
expect eof
for example, my first recommendation would be
log_user 0
spawn net rpc rights list accounts -S smbsrv -U root
expect assword:
send $MYPASSWD\r
expect eof
puts $expect_out(buffer)
While I'm not certain of your requirements for this script, my version
should get you farther, and will be more reliable.
Let me know if you want me to rewrite the first half, too.
On Fri, May 1, 2009 at 12:02 PM, Todd E Thomas <[email protected]
<mailto:[email protected]>> wrote:
Hey all,
I'm coloring outside the lines a little bit here but I would like to
automate the install of a samba pdc. Within that script to install I
would like to assign rights to a group. Here is an example of a few
steps:
# Create Unix group:
groupadd domadmins
# Map unix group to samba groups:
net groupmap add ntgroup="Domain Admins" unixgroup=domadmins rid=512
type=d
# Assign rights to samba group:
net rpc rights grant 'OFFICE\Domain Admins' \
SeMachineAccountPrivilege SeTakeOwnershipPrivilege \
SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege \
SePrintOperatorPrivilege SeAddUsersPrivilege \
SeDiskOperatorPrivilege \
-S smbsrv -U root
Our script does this and a whole lot more, all successful but the
above is where we are having the problem. Creating the Unix group
and mapping unix to samba groups are both successful. We've opted to
use expect as nothing else seems appropriate or works.
We are failing on automating assigning rights. We know that the
expect script is communicating with net command just fine because
the 'net rpc rights list ...' does return information. However, the
'net rpc rights grant ...' with its quotes and backslashes
characters doesn't seem to be working.
Here's the expect script:
---
#!/usr/bin/expect
set MYPASSWD "mypasswd"
# why doesn't this work?
#spawn /usr/bin/net rpc rights grant \\\"OFFICE\\\Domain Admins\\\"
SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
SeRestorePrivilege SeRemoteShutdownPrivilege
SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege
-S smbsrv -U root
# try evaluating arguments first?
set netargs "rpc rights grant \\\"OFFICE\\\\Domain Admins\\\"
SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
SeRestorePrivilege SeRemoteShutdownPrivilege
SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege
-S smbsrv -U root"
eval spawn /usr/bin/net $netargs
expect -re "(^.*)$"
sleep 10
send "$MYPASSWD\r"
puts "\n\tJust slept and sent password, but don't get response
Password: until after this puts statement\n\tIs the spawn not
handling quotes and backslash correctly?"
expect eof
puts "\nconfirm if rights grant worked, note there are no quotes or
backslash in this rpc rights command\n"
spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
expect -re "(^.*)$"
sleep 2
send "$MYPASSWD\r"
expect eof
---
Save the script as e1.exp, chmod 755 e1.exp, invoke as ./e1.exp. Of
course we are running this as root. Here's example of output:
---
spawn /usr/bin/net rpc rights grant "OFFICE\Domain Admins"
SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege
SeRestorePrivilege SeRemoteShutdownPrivilege
SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege
-S smbsrv -U root
Just slept and sent password, but don't get response
Password: until after this puts statement
Is the spawn not handling quotes and backslash correctly?
Password:
confirm if rights grant worked, note there are no quotes or
backslash in this rpc rights command
spawn /usr/bin/net rpc rights list accounts -S smbsrv -U root
Password:
BUILTIN\Print Operators
No privileges assigned
BUILTIN\Account Operators
No privileges assigned
BUILTIN\Backup Operators
No privileges assigned
BUILTIN\Server Operators
No privileges assigned
BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
Everyone
No privileges assigned
OFFICE\Domain Admins
No privileges assigned
---
Thank you for the assist.
-T
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Cameron Laird
+1 817 280 1145 Building 27, Q2/#35
+1 281 648 9889
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
