Web lists-archives.com

Re: [Samba] ntfs user mappings?




On Sat, 4 Nov 2017 18:42:36 -0600
Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:

> I decided to continue trying the ldap route as well
> 
> littlehex2int()
> {
>  hex=$1
>  hex_chunk=$(echo ${hex}|cut -c$2-$3)
>  little=$(echo ${hex_chunk}|awk '{print
> substr($0,7,2)substr($0,5,2)substr($0,3,2)substr($0,1,2)}')
>  echo "ibase=16; ${little}" | bc
> }
> 
> base64_to_sid()
> {
> OBJECTSID="$1"
> hex=$(echo ${OBJECTSID}|base64 -d|od -A n -x -w28 --endian=big|sed 's/
> //g'|awk '{print toupper($1)}')
> hex_chunk=$(echo ${hex}|cut -c1-2);
> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
> hex_chunk=$(echo ${hex}|cut -c3-4)
> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
> hex_chunk=$(echo ${hex}|cut -c5-16)
> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
> nonuniq=$(littlehex2int ${hex} 17 24)
> issuer1=$(littlehex2int ${hex} 25 32)
> issuer2=$(littlehex2int ${hex} 33 40)
> issuer3=$(littlehex2int ${hex} 41 48)
> uid=$(littlehex2int ${hex} 49 57)
> echo
> "S-${rev}-${dashes}-${nonuniq}-${issuer1}-${issuer2}-${issuer3}-${uid}" }
> 
> On Sat, Nov 4, 2017 at 4:42 PM, Jeff Sadowski
> <jeff.sadowski@xxxxxxxxx> wrote:
> > . DOMAIN_ADMIN_PASSWD.sh
> > echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN}
> > echo -n > /etc/ntfs-3g.usermap
> > for DOMAIN_USER in $(wbinfo -u);do
> >  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}"
> > ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] &&
> > [ "${RPCLOOKUPID:0:7}" != "Failed " ];then
> >   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
> >   echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap
> >  fi
> > done
> > for DOMAIN_GROUP in $(wbinfo -g);do
> >  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}"
> > ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] &&
> > [ "${RPCLOOKUPID:0:7}" != "Failed " ];then
> >   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
> >   echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap
> >  fi
> > done
> >
> > On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba
> > <samba@xxxxxxxxxxxxxxx> wrote:
> >> On Fri, 3 Nov 2017 16:25:57 -0600
> >> Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:
> >>
> >>> That looks easier
> >>>
> >>> I was working on ldap to convert but I'll try ldb-tools
> >>>
> >>> I was off on a bash mission here is what I had so far it isn't
> >>> correct so I'll keep working on it
> >>>
> >>> #!/bin/bash
> >>> if [ "$(echo $1|wc -c)" = "41" ];then
> >>> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed
> >>> 's/^0000000 //'|sed 's/ //g')
> >>> echo ${hex}
> >>> hex_chunk=$(echo ${hex}|cut -c1-2);
> >>> echo ${hex_chunk}
> >>> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c3-4)
> >>> echo ${hex_chunk}
> >>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c5-16)
> >>> echo ${hex_chunk}
> >>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c17-24)
> >>> echo ${hex_chunk}
> >>> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c25-32)
> >>> echo ${hex_chunk}
> >>> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c33-40)
> >>> echo ${hex_chunk}
> >>> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c41-48)
> >>> echo ${hex_chunk}
> >>> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c49-57)
> >>> uid=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> left=$(echo ${hex}|cut -c58-)
> >>> echo "[${left}]"
> >>> echo
> >>> "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}"
> >>>
> >>> else
> >>> echo $1
> >>> echo "not 41 characters like I was expecting"
> >>> fi
> >>>
> >>
> >> Hmm, you could do this instead:
> >>
> >> #!/bin/bash
> >>
> >> ## Get users object into $1 with ldbsearch
> >>
> >> SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}')
> >> echo "$SID"
> >>
> >> Which would result in something like this:
> >>
> >> S-1-5-21-1768301897-3342589593-1064908849-1107
> >>
> >> Rowland
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba

How about my version (attached) ?

Rowland
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba