25.2.12

Escape those Backslashes

Headlines
Make a note of the date. Today I did something that was on my todo list. Here is the list:
- Clean floors
- Write a Samba4 user script
- Shopping
- Go to the bar

Samba4 script writing  make cleaning tasks seem decidedly attractive. Only joking. Here, we got one step further to automating Active Directory on Linux. Using just Linux that is.

Aim
It is a real pain to have to tie up a Windows machine just for AD administration. What would be nice is if we could do it all from a Samba4 DC. We've got to the stage where we have taken a lot of the pain out of creating a domain user who can work on both Linux and Windows clients. We now have one command to add these attributes:
uidNumber
gidNumber
unixHomeDirectory
loginShell
primaryGroupID
profilePath
homeDirectory
homeDrive
and these objects
posixAccount (for the user)
posixGroup (for the group)
to create a user who can logon to both Linux and Windows clients.

In the superb new Samba4 , this takes the pain out of creating users and groups who can work transparently on both Linux and Windows LAN clients.

Here is the user script
We imaginatively call s4user
#!/bin/bash
echo "Creating s4 posix user "$1
echo "Pls enter pwd for "$1
samba-tool user add $1
sleep 2
#get the uid
struid=$(wbinfo -i $1)
uid=$(echo $struid | cut -d ":" -f 3)
#get the gid
strgid=$(wbinfo --group-info=$2)
gid=$(echo $strgid | cut -d ":" -f 3)
#get the group from the sid
strsid=$(wbinfo --gid-to-sid=$gid)
primarygid=$(echo $strsid | cut -d "-" -f 8)
strwg=$(echo $struid | cut -d "\\" -f 1)
#add the posix attributes to the user
echo "dn: CN=$1,CN=Users,DC=hh3,DC=site
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: uidnumber
uidnumber: $uid
-
add: gidnumber
gidnumber: $gid
-
add:unixhomedirectory
unixhomedirectory: /home/$strwg/$1
-
add: loginshell
loginshell: /bin/bash" > /tmp/$1
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site /tmp/$1
samba-tool group addmembers $2 $1
#set the user to the posix group
echo "dn: CN=$1,CN=Users,DC=hh3,DC=site
changetype: modify
replace: primarygroupid
primarygroupid: $primarygid" > /tmp/$1
echo "sleeping. . ."
sleep 5
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site /tmp/$1
mkdir /home/$strwg/$1
chown -R $1:$2 /home/$strwg/$1
rm /tmp/$1
hostname=$(hostname -s)
echo "dn: CN=$1,CN=Users,DC=hh3,DC=site
changetype: modify
add: profilePath
profilePath: \\\\$hostname\\profiles\\$1
-
add: homeDrive
homeDrive: Z:
-
add: homeDirectory
homeDirectory: \\\\$hostname\\home\\$1" > /tmp/$1
echo "sleeping. . ."
sleep 5
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site /tmp/$1
echo "New user: "  $1 "POSIX-ified as follows:"
echo "uid " $uid
echo "gid " $gid
echo "primaryGroupID " $primarygid " :$2"
echo "getent passwd $1"
echo $(getent passwd $1)
echo "sid " $(wbinfo --gid-to-sid=$gid)
db=/usr/local/samba/private/sam.ldb
ldbsearch --url=$db cn=$1 | grep \\\\$hostname
ldbsearch --url=$db cn=$1 | grep homeDrive
rm /tmp/$1

Here is the output
s4user steve8 suseusers
Creating s4 posix user steve8
Pls enter pwd for steve8
New Password: 
User 'steve8' created successfully
Modified 1 records with 0 failures
Added members to group suseusers
sleeping. . .
Modified 1 records with 0 failures
sleeping. . .
Modified 1 records with 0 failures
New user:  steve8 POSIX-ified as follows:
uid  3000033
gid  3000020
primaryGroupID  1118  :suseusers
getent passwd steve8
steve8:*:3000032:3000020:steve8:/home/CACTUS/steve8:/bin/bash
sid  S-1-5-21-443838659-2890314986-1722269781-1118
profilePath: \\hh3\profiles\steve8
homeDirectory: \\hh3\home\steve8
homeDrive: Z:

And here are the results
10 seconds to do what used to take a the best head scratching part of an hour.
Our Windows AD Admin in disbelief

steve8 with the (very nice) KDE plasma
Back to the 1990's. steve8 with (the not very nice) Windows 7 monotony 
Deep breath. Can he open it?