That looks easier
I was working on ldap to convert but I'll try ldb-tools
I was off on a bash mission here is what I had so far it isn't correct
so I'll keep working on it
#!/bin/bash
if [ "$(echo $1|wc -c)" = "41" ];then
hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed
's/^0000000 //'|sed 's/ //g')
echo ${hex}
hex_chunk=$(echo ${hex}|cut -c1-2);
echo ${hex_chunk}
rev=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c3-4)
echo ${hex_chunk}
dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c5-16)
echo ${hex_chunk}
notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c17-24)
echo ${hex_chunk}
issuer1=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c25-32)
echo ${hex_chunk}
issuer2=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c33-40)
echo ${hex_chunk}
issuer3=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c41-48)
echo ${hex_chunk}
issuer4=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c49-57)
uid=$(echo "ibase=16; ${hex_chunk}" | bc)
left=$(echo ${hex}|cut -c58-)
echo "[${left}]"
echo
"S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}"
else
echo $1
echo "not 41 characters like I was expecting"
fi
On Fri, Nov 3, 2017 at 3:14 PM, Rowland Penny <rpenny at samba.org>
wrote:> On Fri, 3 Nov 2017 14:52:45 -0600
> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>
>> On Fri, Nov 3, 2017 at 2:43 PM, Rowland Penny <rpenny at
samba.org>
>> wrote:
>> > On Fri, 3 Nov 2017 13:53:22 -0600
>> > Jeff Sadowski via samba <samba at lists.samba.org> wrote:
>> >
>> >> just get objectsid and use this
>> >>
>> >>
https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253
>> >
>> > Why ???
>> >
>>
>> So that when someone on a linux machine writes to disk and they open
>> it up on a windows machine it will show it was written by the same
>> person. (or vise versa)
>>
>> Anyways it is a bit more complicated as I know objectSid it is in
>> base64 not just hex so I'll have to do a little more work than I
>> though. It is however a fun exercise.
>
> Use ldb-tools ;-)
>
> You get:
>
> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
> ..............
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107
> sAMAccountName: rowland
> uidNumber: 10000
>
>>
>> > From reading the manpage, you need a usermap like this:
>> >
>> > john::S-1-5-21-3141592653-589793238-462643383-1008
>> > mary::S-1-5-21-3141592653-589793238-462643383-1009
>> > :smith:S-1-5-21-3141592653-589793238-462643383-513
>> > ::S-1-5-21-3141592653-589793238-462643383-10000
>> >
>> > Note the third one is obviously wrong, the RID is '513',
so 'smith'
>> > should be 'Domain Users'
>>
>> I don't know about you but I use RFC2307
>> it doesn't matter what the SID is for it to map to my linux
machines.
>
> Well yes, if you use the winbind 'ad' backend it doesn't, but
if you
> use the 'rid' backend it does. However, user rowland will have the
SID
> 'S-1-5-21-1768301897-3342589593-1064908849-1107' on windows, but
will
> get the uidNumber '10000' on Linux. So from my reading of the
ntfs-3g
> manpage, the usermap would need a line like this:
>
> rowland::S-1-5-21-1768301897-3342589593-1064908849-1107
>
> and from this, I understand that both windows and Linux would know who
> 'rowland' is, I could be wrong though, mainly because I haven't
tried
> it.
>
> Rowland
>
On Fri, 3 Nov 2017 16:25:57 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote:> That looks easier > > I was working on ldap to convert but I'll try ldb-tools > > I was off on a bash mission here is what I had so far it isn't correct > so I'll keep working on it > > #!/bin/bash > if [ "$(echo $1|wc -c)" = "41" ];then > hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed > 's/^0000000 //'|sed 's/ //g') > echo ${hex} > hex_chunk=$(echo ${hex}|cut -c1-2); > echo ${hex_chunk} > rev=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c3-4) > echo ${hex_chunk} > dashes=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c5-16) > echo ${hex_chunk} > notsure=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c17-24) > echo ${hex_chunk} > issuer1=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c25-32) > echo ${hex_chunk} > issuer2=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c33-40) > echo ${hex_chunk} > issuer3=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c41-48) > echo ${hex_chunk} > issuer4=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c49-57) > uid=$(echo "ibase=16; ${hex_chunk}" | bc) > left=$(echo ${hex}|cut -c58-) > echo "[${left}]" > echo > "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}" > > else > echo $1 > echo "not 41 characters like I was expecting" > fi >Hmm, you could do this instead: #!/bin/bash ## Get users object into $1 with ldbsearch SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}') echo "$SID" Which would result in something like this: S-1-5-21-1768301897-3342589593-1064908849-1107 Rowland
. DOMAIN_ADMIN_PASSWD.sh
echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN}
echo -n > /etc/ntfs-3g.usermap
for DOMAIN_USER in $(wbinfo -u);do
RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" ${DOMAIN})
if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [
"${RPCLOOKUPID:0:7}" !"Failed " ];then
SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap
fi
done
for DOMAIN_GROUP in $(wbinfo -g);do
RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}"
${DOMAIN})
if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [
"${RPCLOOKUPID:0:7}" !"Failed " ];then
SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap
fi
done
On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba
<samba at lists.samba.org> wrote:> On Fri, 3 Nov 2017 16:25:57 -0600
> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>
>> That looks easier
>>
>> I was working on ldap to convert but I'll try ldb-tools
>>
>> I was off on a bash mission here is what I had so far it isn't
correct
>> so I'll keep working on it
>>
>> #!/bin/bash
>> if [ "$(echo $1|wc -c)" = "41" ];then
>> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed
>> 's/^0000000 //'|sed 's/ //g')
>> echo ${hex}
>> hex_chunk=$(echo ${hex}|cut -c1-2);
>> echo ${hex_chunk}
>> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c3-4)
>> echo ${hex_chunk}
>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c5-16)
>> echo ${hex_chunk}
>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c17-24)
>> echo ${hex_chunk}
>> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c25-32)
>> echo ${hex_chunk}
>> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c33-40)
>> echo ${hex_chunk}
>> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c41-48)
>> echo ${hex_chunk}
>> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c49-57)
>> uid=$(echo "ibase=16; ${hex_chunk}" | bc)
>> left=$(echo ${hex}|cut -c58-)
>> echo "[${left}]"
>> echo
>>
"S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}"
>>
>> else
>> echo $1
>> echo "not 41 characters like I was expecting"
>> fi
>>
>
> Hmm, you could do this instead:
>
> #!/bin/bash
>
> ## Get users object into $1 with ldbsearch
>
> SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}')
> echo "$SID"
>
> Which would result in something like this:
>
> S-1-5-21-1768301897-3342589593-1064908849-1107
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba