samba - Jun 2006 - See if authenticated user is in group XYZ

I have winbindd running.
I run wbinfo -a userXYZ%pass and it succeeds

Now I want to know if userXYZ is in group "monkeys", but I dont want
to have to have to map anything. Is this possible? Is there a way to
just say "give me the windows group names that userXYZ is in?" or
"is
userXYZ in windows group name 'monkeys'?"

  Thanks!
 - Jeremiah

> -----Original Message-----
> From: 
> samba-bounces+james_zuelow=ci.juneau.ak.us@lists.samba.org 
> [mailto:samba-bounces+james_zuelow=ci.juneau.ak.us@lists.samba
> .org] On Behalf Of Jeremiah Martell
> Sent: Wednesday, June 07, 2006 9:05 AM
> To: samba@lists.samba.org
> Subject: [Samba] See if authenticated user is in group XYZ
> 
> I have winbindd running.
> I run wbinfo -a userXYZ%pass and it succeeds
> 
> Now I want to know if userXYZ is in group "monkeys", but I dont
want
> to have to have to map anything. Is this possible? Is there a way to
> just say "give me the windows group names that userXYZ is in?" or
"is
> userXYZ in windows group name 'monkeys'?"
> 
>   Thanks!
>  - Jeremiah
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

This works for me, listing the groups a user is in.  You could modify it
to do the reverse.  Be careful, Outlook tends to trash scripts I mail
with extra newlines, etc.


-----------------CUT
HERE-------------------------------------------------------
#!/bin/bash
#############################################################
# domain_groups
# enumerate the domain groups a Domain user is in.
# wbinfo -r returns numeric gids, and "groups (user)" will
# usually just return "Domain Users"
# This script chains together several wbinfo commands to
# return the human readable group names a domain user is in.
# Depends of course on Samba & Winbind installed and working.
# James Zuelow // City and Borough of Juneau
# 02 May 2006
###############################################################
if [[ -z $1 ]]
then
	dsep=`wbinfo --separator`
	echo "useage: domain_groups (user_name)"
	echo "        You may need to supply the domain if winbind does
not use default domain."
	echo "        i.e. domain_groups NT_DOMAIN${dsep}user_name"
	exit 1
fi

dgroupgids=`wbinfo -r $1`
#echo ${dgroupgids}
for gid in $dgroupgids
	do
	dgroupsid=`wbinfo -G ${gid}`
	dgroupnam=`wbinfo -s ${dgroupsid} |rev | cut -c 3- | rev`
	echo " ${dgroupnam}"
done 

------------------CUT
HERE--------------------------------------------------------


James Zuelow....................CBJ MIS (907)586-0236
Network Specialist...Registered Linux User No. 186591

On Wed, Jun 07, 2006 at 01:05:26PM -0400, Jeremiah Martell
wrote:
> I have winbindd running.
> I run wbinfo -a userXYZ%pass and it succeeds
> 
> Now I want to know if userXYZ is in group "monkeys", but I dont
want
> to have to have to map anything. Is this possible? Is there a way to
> just say "give me the windows group names that userXYZ is in?" or
"is
> userXYZ in windows group name 'monkeys'?"
wbinfo --user-sids might help here.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20060607/ebb983df/attachment.bin