That looks easier I was working on ldap to convert but I'll try ldb-tools I was off on a bash mission here is what I had so far it isn't correct so I'll keep working on it #!/bin/bash if [ "$(echo $1|wc -c)" = "41" ];then hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed 's/^0000000 //'|sed 's/ //g') echo ${hex} hex_chunk=$(echo ${hex}|cut -c1-2); echo ${hex_chunk} rev=$(echo "ibase=16; ${hex_chunk}" | bc) hex_chunk=$(echo ${hex}|cut -c3-4) echo ${hex_chunk} dashes=$(echo "ibase=16; ${hex_chunk}" | bc) hex_chunk=$(echo ${hex}|cut -c5-16) echo ${hex_chunk} notsure=$(echo "ibase=16; ${hex_chunk}" | bc) hex_chunk=$(echo ${hex}|cut -c17-24) echo ${hex_chunk} issuer1=$(echo "ibase=16; ${hex_chunk}" | bc) hex_chunk=$(echo ${hex}|cut -c25-32) echo ${hex_chunk} issuer2=$(echo "ibase=16; ${hex_chunk}" | bc) hex_chunk=$(echo ${hex}|cut -c33-40) echo ${hex_chunk} issuer3=$(echo "ibase=16; ${hex_chunk}" | bc) hex_chunk=$(echo ${hex}|cut -c41-48) echo ${hex_chunk} issuer4=$(echo "ibase=16; ${hex_chunk}" | bc) hex_chunk=$(echo ${hex}|cut -c49-57) uid=$(echo "ibase=16; ${hex_chunk}" | bc) left=$(echo ${hex}|cut -c58-) echo "[${left}]" echo "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}" else echo $1 echo "not 41 characters like I was expecting" fi On Fri, Nov 3, 2017 at 3:14 PM, Rowland Penny <rpenny at samba.org> wrote:> On Fri, 3 Nov 2017 14:52:45 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> On Fri, Nov 3, 2017 at 2:43 PM, Rowland Penny <rpenny at samba.org> >> wrote: >> > On Fri, 3 Nov 2017 13:53:22 -0600 >> > Jeff Sadowski via samba <samba at lists.samba.org> wrote: >> > >> >> just get objectsid and use this >> >> >> >> https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253 >> > >> > Why ??? >> > >> >> So that when someone on a linux machine writes to disk and they open >> it up on a windows machine it will show it was written by the same >> person. (or vise versa) >> >> Anyways it is a bit more complicated as I know objectSid it is in >> base64 not just hex so I'll have to do a little more work than I >> though. It is however a fun exercise. > > Use ldb-tools ;-) > > You get: > > dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com > .............. > objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107 > sAMAccountName: rowland > uidNumber: 10000 > >> >> > From reading the manpage, you need a usermap like this: >> > >> > john::S-1-5-21-3141592653-589793238-462643383-1008 >> > mary::S-1-5-21-3141592653-589793238-462643383-1009 >> > :smith:S-1-5-21-3141592653-589793238-462643383-513 >> > ::S-1-5-21-3141592653-589793238-462643383-10000 >> > >> > Note the third one is obviously wrong, the RID is '513', so 'smith' >> > should be 'Domain Users' >> >> I don't know about you but I use RFC2307 >> it doesn't matter what the SID is for it to map to my linux machines. > > Well yes, if you use the winbind 'ad' backend it doesn't, but if you > use the 'rid' backend it does. However, user rowland will have the SID > 'S-1-5-21-1768301897-3342589593-1064908849-1107' on windows, but will > get the uidNumber '10000' on Linux. So from my reading of the ntfs-3g > manpage, the usermap would need a line like this: > > rowland::S-1-5-21-1768301897-3342589593-1064908849-1107 > > and from this, I understand that both windows and Linux would know who > 'rowland' is, I could be wrong though, mainly because I haven't tried > it. > > Rowland >
On Fri, 3 Nov 2017 16:25:57 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote:> That looks easier > > I was working on ldap to convert but I'll try ldb-tools > > I was off on a bash mission here is what I had so far it isn't correct > so I'll keep working on it > > #!/bin/bash > if [ "$(echo $1|wc -c)" = "41" ];then > hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed > 's/^0000000 //'|sed 's/ //g') > echo ${hex} > hex_chunk=$(echo ${hex}|cut -c1-2); > echo ${hex_chunk} > rev=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c3-4) > echo ${hex_chunk} > dashes=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c5-16) > echo ${hex_chunk} > notsure=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c17-24) > echo ${hex_chunk} > issuer1=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c25-32) > echo ${hex_chunk} > issuer2=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c33-40) > echo ${hex_chunk} > issuer3=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c41-48) > echo ${hex_chunk} > issuer4=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c49-57) > uid=$(echo "ibase=16; ${hex_chunk}" | bc) > left=$(echo ${hex}|cut -c58-) > echo "[${left}]" > echo > "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}" > > else > echo $1 > echo "not 41 characters like I was expecting" > fi >Hmm, you could do this instead: #!/bin/bash ## Get users object into $1 with ldbsearch SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}') echo "$SID" Which would result in something like this: S-1-5-21-1768301897-3342589593-1064908849-1107 Rowland
. DOMAIN_ADMIN_PASSWD.sh echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN} echo -n > /etc/ntfs-3g.usermap for DOMAIN_USER in $(wbinfo -u);do RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" !"Failed " ];then SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap fi done for DOMAIN_GROUP in $(wbinfo -g);do RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}" ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" !"Failed " ];then SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap fi done On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Fri, 3 Nov 2017 16:25:57 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> That looks easier >> >> I was working on ldap to convert but I'll try ldb-tools >> >> I was off on a bash mission here is what I had so far it isn't correct >> so I'll keep working on it >> >> #!/bin/bash >> if [ "$(echo $1|wc -c)" = "41" ];then >> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed >> 's/^0000000 //'|sed 's/ //g') >> echo ${hex} >> hex_chunk=$(echo ${hex}|cut -c1-2); >> echo ${hex_chunk} >> rev=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c3-4) >> echo ${hex_chunk} >> dashes=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c5-16) >> echo ${hex_chunk} >> notsure=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c17-24) >> echo ${hex_chunk} >> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c25-32) >> echo ${hex_chunk} >> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c33-40) >> echo ${hex_chunk} >> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c41-48) >> echo ${hex_chunk} >> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c49-57) >> uid=$(echo "ibase=16; ${hex_chunk}" | bc) >> left=$(echo ${hex}|cut -c58-) >> echo "[${left}]" >> echo >> "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}" >> >> else >> echo $1 >> echo "not 41 characters like I was expecting" >> fi >> > > Hmm, you could do this instead: > > #!/bin/bash > > ## Get users object into $1 with ldbsearch > > SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}') > echo "$SID" > > Which would result in something like this: > > S-1-5-21-1768301897-3342589593-1064908849-1107 > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba