I have samba 3.0.8, as a member of 2000AD and 2003AD. I would like to get groups and the members in each group. The purpose is to maintain a set of Filtering profiles on squidGuard that are based on AD groups. I will have a script that reads a config file with the groupnames to fetch from Active Directory and a Precedence order to set them in. One of the groups will be designated "a NO Access" group which will get priority over all other groups. The script then based on group priority will only allow a username to occur in the highest priority group the user belongs to. groupfiles in squidguard are src files with Domain/username\n as a line. Are there any utilities to get the list of groups, and the users in each group. Attempting to do wbinfo -r username always fails. wbinfo -g DOMAIN\Groupname DOMAIN\Groupname2 wbinfo -u unable to get domain users wbinfo -t success ntlmauth works both cleartext and encrypted (My browsers are able to authenticate successfully using ntlmauth) I suspect I want some perl utility with LDAP... any hints would be greatly appreciated..as I seem to have hit a roadblock...I would prefer not to have to get to deeply involved in the internals of LDAP if possible...as I seem to remember seeing scripts for this earlier..I just am unable to come up with how I found them to begin with. Michael Wray S4F Technologies, Inc. 2448 S. 81st St. Tulsa, OK 74137 http://www.s4f.com mailto:mwray@s4f.com
On Fri, 19 Nov 2004 16:30:27 -0600, Michael Wray <mwray@aimconnect.com> wrote:> I have samba 3.0.8, as a member of 2000AD and 2003AD. > I would like to get groups and the members in each group. >You can use 'getent group' command. I have a perl script that use, gives the group and name. It is nothing fancy and works for me. -------------------perl script-------------- #!/usr/bin/perl # 03.15.04 sharif islam # Provide a group name this looks for the groupname # in the domain then loops through the list of user ids and gets the full name my $usage_string = "Find who is in a group ---------------------------------------------------- USE: ./group.pl GROUPNAME OUTPUT: group name at the top user1 user2 "; # Check for number of args. if ($#ARGV < 0) { print "$usage_string\n" ; exit 0 ; } # get the group name $group = $ARGV[0]; #example: staff:x:621:username1,username2 $cmd = "getent group|grep -w $group"; $rv = `$cmd` ; if($rv) { @out = split /:/, $rv ; } else { print "There's no such group as $group\n"; exit 0; } print "Group Name: $out[0]\n"; print "----------------------\n"; @names = split /,/, $out[3] ; foreach $netid (@names) { $cmd = "getent passwd|grep -w $netid"; $rv1 = `$cmd`; if($rv1) { @name = split /:/, $rv1 ; } print "$name[4]\n"; } ---------------------script ends-------------------