Re: [Samba] Samba 4, where is wbinfo 'info' stored?
On 02/14/2012 06:47 AM, Gémes Géza wrote: Hi On 02/13/2012 07:53 PM, Gémes Géza wrote: Hi, See comments/questions below: Hi When I type this: getent passwd steve6 steve6:*:315:316:steve6:/home/CACTUS/steve6:/bin/bash I can see that the info is coming from LDAP by looking at the ldif for cn=steve6 What is your /etc/nsswitch.conf file like? passwd files ldap group files ldap When I type this: wbinfo -i steve6 CACTUS\steve6:*:315:316::/home/CACTUS/steve6:/bin/false Is this on the samba4 box? wbinfo is the samba4 wbinfo or a samba3 one? samba4 box wbinfo = samba4 No s3 installed on this box. Where is the info coming from now? Thanks, Steve Samba4 stores idmap information under an idmap.ldb named ldb file which is NOT exported to AD. So you could modify things by ldbediting it directly. Geza, I'm really struggling with ldbsearch. The doco is almost non existent. As you suggest, the primaryGroupID attribute I'm looking for must be in idmap.ldb as I can't find it using ldapsearch until _after_ I add a user to my posix group using dsa.msc in windows. Afterwards, I see that the primaryGroupID attribute has been added to the user. What i want to do is find out what that primaryGroupID is _before_ I run my posix script so I can add the attribute myself without having to do it from windows. All I can find on ldapsearch is: ldbsearch [-h] [-s base|one|sub] [-b basedn] [-i] [-H LDB-URL] [expression] [attributes] 1. Could you help me with the ldbsearch syntax to have a look inside idmap.ldb? 2. Which database am I consulting when I run ldapsearch? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4, where is wbinfo 'info' stored?
On 14/02/12 10:50, steve wrote: On 02/14/2012 06:47 AM, Gémes Géza wrote: Hi On 02/13/2012 07:53 PM, Gémes Géza wrote: Hi, See comments/questions below: Hi When I type this: getent passwd steve6 steve6:*:315:316:steve6:/home/CACTUS/steve6:/bin/bash I can see that the info is coming from LDAP by looking at the ldif for cn=steve6 What is your /etc/nsswitch.conf file like? passwd files ldap group files ldap When I type this: wbinfo -i steve6 CACTUS\steve6:*:315:316::/home/CACTUS/steve6:/bin/false Is this on the samba4 box? wbinfo is the samba4 wbinfo or a samba3 one? samba4 box wbinfo = samba4 No s3 installed on this box. Where is the info coming from now? Thanks, Steve Samba4 stores idmap information under an idmap.ldb named ldb file which is NOT exported to AD. So you could modify things by ldbediting it directly. Geza, I'm really struggling with ldbsearch. The doco is almost non existent. As you suggest, the primaryGroupID attribute I'm looking for must be in idmap.ldb as I can't find it using ldapsearch until _after_ I add a user to my posix group using dsa.msc in windows. Afterwards, I see that the primaryGroupID attribute has been added to the user. What i want to do is find out what that primaryGroupID is _before_ I run my posix script so I can add the attribute myself without having to do it from windows. All I can find on ldapsearch is: ldbsearch [-h] [-s base|one|sub] [-b basedn] [-i] [-H LDB-URL] [expression] [attributes] 1. Could you help me with the ldbsearch syntax to have a look inside idmap.ldb? 2. Which database am I consulting when I run ldapsearch? Thanks, Steve Hi I got into /usr/local/samba/private/idmap.ldb by rtfm'ing on ldbsearch --help:-) There I and found the group to sid mappings. Turns out we don't need it. Looking at this: samba-tool group add suseusers then wbinfo --group-info=suseusers suseusers:*:328: I then posixify the group and then: wbinfo --gid-to-sid=328 S-1-5-21-2395500911-3560017633-4088823418-1134 Doing a ldbsearch on 'cn=steve6' gives primaryGroupID: 513 Conclusion: to set the primaryGroupID without using windows, I need to replace the 513 with my posix group, 1134 So I chop off the end using cut and ldbmodify it. For some reason, ldbmodify will not let me do that in one stage. I had to separate the writes into 2 stages: 1. add the posix attributes 2. modify the primaryGroupID Annoying. I've automated the script a bit more it ooks like this: cat s4user #!/bin/sh echo Creating s4 posix user $1 echo Pls enter pwd for $1 samba-tool user add $1 sleep 2 #get the uid struid=$(wbinfo -i $1) uid=$(echo $struid | cut -d : -f 3) #get the gid strgid=$(wbinfo --group-info=$2) gid=$(echo $strgid | cut -d : -f 3) get the group from the sid strsid=$(wbinfo --gid-to-sid=$gid) primarygid=$(echo $strsid | cut -d - -f 8) strwg=$(echo $struid | cut -d \\ -f 1) #add the posix attributes to the user echo dn: CN=$1,CN=Users,DC=hh3,DC=site changetype: modify add: objectclass objectclass: posixaccount - add: uidnumber uidnumber: $uid - add: gidnumber gidnumber: $gid - add:unixhomedirectory unixhomedirectory: /home/CACTUS/$1 - add: loginshell loginshell: /bin/bash /tmp/$1 ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site /tmp/$1 samba-tool group addmembers $2 $1 #set the user to the posix group echo dn: CN=$1,CN=Users,DC=hh3,DC=site changetype: modify replace: primarygroupid primarygroupid: $primarygid /tmp/$1 sleep 5 ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site /tmp/$1 mkdir /home/$strwg/$1 chown $1:$2 /home/$strwg/$1 rm /tmp/$1 echo $1 rfc2307-ified It's still a bit of a mess, no error checking, no user friendly stuff etc. Any suggestions for tidying up the script? Any ideas why ldbmodify will not take the add and replace in one go? My slow laptop? Cheers and thanks again for your help. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4, where is wbinfo 'info' stored?
Hi When I type this: getent passwd steve6 steve6:*:315:316:steve6:/home/CACTUS/steve6:/bin/bash I can see that the info is coming from LDAP by looking at the ldif for cn=steve6 When I type this: wbinfo -i steve6 CACTUS\steve6:*:315:316::/home/CACTUS/steve6:/bin/false Where is the info coming from now? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4, where is wbinfo 'info' stored?
Hi, See comments/questions below: Hi When I type this: getent passwd steve6 steve6:*:315:316:steve6:/home/CACTUS/steve6:/bin/bash I can see that the info is coming from LDAP by looking at the ldif for cn=steve6 What is your /etc/nsswitch.conf file like? When I type this: wbinfo -i steve6 CACTUS\steve6:*:315:316::/home/CACTUS/steve6:/bin/false Is this on the samba4 box? wbinfo is the samba4 wbinfo or a samba3 one? Where is the info coming from now? Thanks, Steve Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4, where is wbinfo 'info' stored?
On 02/13/2012 07:53 PM, Gémes Géza wrote: Hi, See comments/questions below: Hi When I type this: getent passwd steve6 steve6:*:315:316:steve6:/home/CACTUS/steve6:/bin/bash I can see that the info is coming from LDAP by looking at the ldif for cn=steve6 What is your /etc/nsswitch.conf file like? passwd files ldap group files ldap When I type this: wbinfo -i steve6 CACTUS\steve6:*:315:316::/home/CACTUS/steve6:/bin/false Is this on the samba4 box? wbinfo is the samba4 wbinfo or a samba3 one? samba4 box wbinfo = samba4 No s3 installed on this box. Where is the info coming from now? Thanks, Steve Regards Geza Everything is OK. Login and uid:gid mapping are fine on both Linux and win7 clients. I'm just trying to script all this from the Linux side without having to tie up a win7 box to do it. The other thread explains why I know there must be a difference between wbinfo and getent: Re: [Samba] samba-tool set default group Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4, where is wbinfo 'info' stored?
On 02/13/2012 08:03 PM, steve wrote: On 02/13/2012 07:53 PM, Gémes Géza wrote: Hi, See comments/questions below: Hi When I type this: getent passwd steve6 steve6:*:315:316:steve6:/home/CACTUS/steve6:/bin/bash I can see that the info is coming from LDAP by looking at the ldif for cn=steve6 What is your /etc/nsswitch.conf file like? passwd files ldap group files ldap When I type this: wbinfo -i steve6 CACTUS\steve6:*:315:316::/home/CACTUS/steve6:/bin/false Is this on the samba4 box? wbinfo is the samba4 wbinfo or a samba3 one? samba4 box wbinfo = samba4 No s3 installed on this box. Where is the info coming from now? Thanks, Steve Regards Geza Everything is OK. Login and uid:gid mapping are fine on both Linux and win7 clients. I'm just trying to script all this from the Linux side without having to tie up a win7 box to do it. The other thread explains why I know there must be a difference between wbinfo and getent: Re: [Samba] samba-tool set default group Cheers, BTW here are the posix scripts based on Geza's idea. Saves a helluva lot of fiddling: _But_ I need primaryGroupID to complete the user script. Hence this thread. cat s4group #!/bin/sh echo Creating s4 posix group $1 samba-tool group add $1 strgid=$(wbinfo --group-info=$1) gid=$(echo $strgid | cut -d : -f 3) echo dn: cn=$1,cn=Users,dc=hh3,dc=sit changetype: modify add: objectclass objectclass: posixaccount - add:objectclass objectclass: posixGroup - add: gidnumber gidnumber: $gid /tmp/$1 ldapmodify -h 192.168.1.3 -D cn=Administrator,cn=Users,dc=hh3,dc=site -f /tmp/$1 -Y GSSAPI rm /tmp/$1 echo $1 posix-ified e.g. ./s4group suseusers cat s4user (needs the primaryGroupID adding to it) #!/bin/sh echo Creating s4 posix user $1 echo Pls enter pwd for $1 samba-tool user add $1 struid=$(wbinfo -i $1) uid=$(echo $struid | cut -d : -f 3) strgid=$(wbinfo --group-info=$2) gid=$(echo $strgid | cut -d : -f 3) echo dn: cn=$1,cn=Users,dc=hh3,dc=site changetype: modify add: objectclass objectclass: posixaccount - add: uidnumber uidnumber: $uid - add: gidnumber gidnumber: $gid - add:unixhomedirectory unixhomedirectory: /home/CACTUS/$1 - add: loginshell loginshell: /bin/bash /tmp/$1 ldapmodify -h 192.168.1.3 -D cn=Administrator,cn=Users,dc=hh3,dc=site -f /tmp/$1 -Y GSSAPI samba-tool group addmembers $2 $1 mkdir /home/CACTUS/$1 chown $1:$2 /home/CACTUS/$1 rm /tmp/$1 echo $1 posix-ified e.g. ./s4user steve6 suseusers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4, where is wbinfo 'info' stored?
Hi On 02/13/2012 07:53 PM, Gémes Géza wrote: Hi, See comments/questions below: Hi When I type this: getent passwd steve6 steve6:*:315:316:steve6:/home/CACTUS/steve6:/bin/bash I can see that the info is coming from LDAP by looking at the ldif for cn=steve6 What is your /etc/nsswitch.conf file like? passwd files ldap group files ldap When I type this: wbinfo -i steve6 CACTUS\steve6:*:315:316::/home/CACTUS/steve6:/bin/false Is this on the samba4 box? wbinfo is the samba4 wbinfo or a samba3 one? samba4 box wbinfo = samba4 No s3 installed on this box. Where is the info coming from now? Thanks, Steve Samba4 stores idmap information under an idmap.ldb named ldb file which is NOT exported to AD. So you could modify things by ldbediting it directly. Regards Geza Everything is OK. Login and uid:gid mapping are fine on both Linux and win7 clients. I'm just trying to script all this from the Linux side without having to tie up a win7 box to do it. The other thread explains why I know there must be a difference between wbinfo and getent: Re: [Samba] samba-tool set default group Cheers, Steve Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba