Excellent Rowland, this work, with this from the client we can make a
script to guest ldap (via memberof property) and do gvfs-mount.
Is it possible to pass to ldapsearch the kerberos ticket (or user id/pass)
to guest the ldap samba built-in ?
ldapsearch -D "cn=userid,cn=Users,dc=midominio,dc=prueba,dc=ar" -w
"P at ssword"
-h 192.168.0.165 -p 389 -b
"cn=$1,cn=Users,dc=midominio,dc=prueba,dc=ar" -s
sub "memberof=*" memberof | grep "memberOf" | sed -e
"s/^memberOf: CN=//"
-e "s/,CN=Users,DC=midominio,DC=prueba,DC=ar//"
So we can guest the ldap without a prefix user, need to extract the user
property "memberof" from ldap samba built-in, authenticating via ldap
search with the kerberos data or similar.
Regards.
El mi?, 13 ene 2021 a las 11:28, Rowland penny via samba (<
samba at lists.samba.org>) escribi?:
> On 13/01/2021 07:51, jmpatagonia via samba wrote:
> > Hello Rowland thanks for the answers.
> >
> > It is a very more complex implementation, we have a samba DC 4 AD, and
> > logon users on domain (kerberos ticket to).
> >
> > We try to use pam_mount.conf.xml but it is a problem, this file is not
> > dynamic, if a share change/delete/or add new shares pam_mount does not
> > contemplate this.
> >
> > Our users do not have access to this file to edit, and also they do
not
> > know how to edit this file, and also do not shell commands.
> >
> > So we need to update this file on the client on every logon on the
domain
> > to be updated, with a copy from the file server.
> >
> > Another solution that was implemented, on logon time, a script that
uses
> > ldapsearch+memberOf property, find the users groups and finally mount
> > shares with gvfs-mount, but the same problem is not dynamic, need to
be
> > updated.
> >
> > So we need help to update a file (pam_mount.xml or a shell script) on
the
> > client from the file server, on logon time but accessing the file
server
> > without interacting with users.We think may be is a solution in a
command
> > line way, or smbclient command.
> >
>
> So, what you are looking for, is a current list of shares on a given
> Samba fileserver. Try this:
>
> smbclient -L <fileserver_short_hostname> -N -g | awk -F '|'
'{print $2}'
> | grep -v 'IPC\$'
>
> That will get you a list of shares on a Samba fileserver without a password
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>