On 15/02/12 14:35, Andrew Bartlett wrote:
On Tue, 2012-02-14 at 16:56 +0100, steve wrote:
Hi everyone
samba --version
Version 4.0.0alpha18-GIT-bfc7481
openSUSE 12.1
If I do this:
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site
dn: CN=steve6,CN=Users,DC=hh3,DC=site
changetype: modify
add: objectclass
objectclass: posixaccount
-
replace: primarygroupid
primarygroupid: 1134
I get an error something like: ERR: (Unwilling to perform) error 53
If however I do the ldbmodify in 2 stages:
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site
dn: CN=steve6,CN=Users,DC=hh3,DC=site
changetype: modify
add: objectclass
objectclass: posixaccount
and then:
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site
dn: CN=steve6,CN=Users,DC=hh3,DC=site
changetype: modify
replace: primarygroupid
primarygroupid: 1134
It works.
primaryGroupID is special, but you may have found a bug in the handler
for it. We have to confirm that the value being selected does not
conflict with the existing group memberships.
Andrew Bartlett
Hi Andrew
I chopped the 1134 from the end of the group SID:
samba-tool group add suseusers
wbinfo --group-info=suseusers
suseusers:*:3000028:
wbinfo --gid-to-sid 3000028
S-1-5-21-2395500911-3560017633-4088823418-1134
Previous to this it was 513 (Domain Users I think)
Here is the script we made to POSIX-ify the group:
e.g. ./s4group suseusers
#!/bin/sh
echo "Creating s4 posix group "$1
samba-tool group add $1
strgid=$(wbinfo --group-info=$1)
gid=$(echo $strgid | cut -d ":" -f 3)
echo "dn: cn=$1,cn=Users,dc=hh3,dc=site
changetype: modify
add: objectclass
objectclass: posixaccount
-
add:objectclass
objectclass: posixGroup
-
add: gidnumber
gidnumber: $gid" > /tmp/$1
ldapmodify -h 192.168.1.3 -D cn=Administrator,cn=Users,dc=hh3,dc=site -f
/tmp/$1 -Y GSSAPI
rm /tmp/$1
echo $1 "rfc2307-ified"
and here is the script to POSIX-ify the user and add him to the group:
e.g. ./s4user steve6 suseusers
#!/bin/sh
echo "Creating s4 posix user "$1
echo "Pls enter pwd for "$1
samba-tool user add $1
sleep 2
#get the uid
struid=$(wbinfo -i $1)
uid=$(echo $struid | cut -d ":" -f 3)
#get the gid
strgid=$(wbinfo --group-info=$2)
gid=$(echo $strgid | cut -d ":" -f 3)
#get the group from the sid
strsid=$(wbinfo --gid-to-sid=$gid)
primarygid=$(echo $strsid | cut -d "-" -f 8)
strwg=$(echo $struid | cut -d "\\" -f 1)
#add the posix attributes to the user
echo "dn: CN=$1,CN=Users,DC=hh3,DC=site
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: uidnumber
uidnumber: $uid
-
add: gidnumber
gidnumber: $gid
-
add:unixhomedirectory
unixhomedirectory: /home/CACTUS/$1
-
add: loginshell
loginshell: /bin/bash" > /tmp/$1
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site /tmp/$1
samba-tool group addmembers $2 $1
#set the user to the posix group
echo "dn: CN=$1,CN=Users,DC=hh3,DC=site
changetype: modify
replace: primarygroupid
primarygroupid: $primarygid" > /tmp/$1
echo "sleeping. . ."
sleep 5
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site /tmp/$1
mkdir /home/$strwg/$1
chown -R $1:$2 /home/$strwg/$1
rm /tmp/$1
echo "New user: " $1 "POSIX-ified"
It works OK. The users have SSO to Linux (nss-pam-ldapd/kerberized NFS4)
and Windows.
It's difficult to find documentation for ldbmodify. I worked this out
from ldbmodify --help. I just wondered why we had to do the ldbmodify in
2 stages. In particular, why we have to 'sleep 5' before going ahead
with the primaryGroupID. BTW, it doesn't matter which way round you do
it. You can do the primaryGroupID first if you like, but you still then
have to wait to add the POSIX stuff.
If the scripts may be in anyway useful, I could try to idiot proof them
up a bit.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
