That looks easier
I was working on ldap to convert but I'll try ldb-tools
I was off on a bash mission here is what I had so far it isn't correct
so I'll keep working on it
#!/bin/bash
if [ "$(echo $1|wc -c)" = "41" ];then
hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed
's/^0000000 //'|sed 's/ //g')
echo ${hex}
hex_chunk=$(echo ${hex}|cut -c1-2);
echo ${hex_chunk}
rev=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c3-4)
echo ${hex_chunk}
dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c5-16)
echo ${hex_chunk}
notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c17-24)
echo ${hex_chunk}
issuer1=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c25-32)
echo ${hex_chunk}
issuer2=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c33-40)
echo ${hex_chunk}
issuer3=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c41-48)
echo ${hex_chunk}
issuer4=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c49-57)
uid=$(echo "ibase=16; ${hex_chunk}" | bc)
left=$(echo ${hex}|cut -c58-)
echo "[${left}]"
echo
"S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}"
else
echo $1
echo "not 41 characters like I was expecting"
fi
On Fri, Nov 3, 2017 at 3:14 PM, Rowland Penny <rpenny at samba.org>
wrote:> On Fri, 3 Nov 2017 14:52:45 -0600
> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>
>> On Fri, Nov 3, 2017 at 2:43 PM, Rowland Penny <rpenny at
samba.org>
>> wrote:
>> > On Fri, 3 Nov 2017 13:53:22 -0600
>> > Jeff Sadowski via samba <samba at lists.samba.org> wrote:
>> >
>> >> just get objectsid and use this
>> >>
>> >>
https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253
>> >
>> > Why ???
>> >
>>
>> So that when someone on a linux machine writes to disk and they open
>> it up on a windows machine it will show it was written by the same
>> person. (or vise versa)
>>
>> Anyways it is a bit more complicated as I know objectSid it is in
>> base64 not just hex so I'll have to do a little more work than I
>> though. It is however a fun exercise.
>
> Use ldb-tools ;-)
>
> You get:
>
> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
> ..............
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107
> sAMAccountName: rowland
> uidNumber: 10000
>
>>
>> > From reading the manpage, you need a usermap like this:
>> >
>> > john::S-1-5-21-3141592653-589793238-462643383-1008
>> > mary::S-1-5-21-3141592653-589793238-462643383-1009
>> > :smith:S-1-5-21-3141592653-589793238-462643383-513
>> > ::S-1-5-21-3141592653-589793238-462643383-10000
>> >
>> > Note the third one is obviously wrong, the RID is '513',
so 'smith'
>> > should be 'Domain Users'
>>
>> I don't know about you but I use RFC2307
>> it doesn't matter what the SID is for it to map to my linux
machines.
>
> Well yes, if you use the winbind 'ad' backend it doesn't, but
if you
> use the 'rid' backend it does. However, user rowland will have the
SID
> 'S-1-5-21-1768301897-3342589593-1064908849-1107' on windows, but
will
> get the uidNumber '10000' on Linux. So from my reading of the
ntfs-3g
> manpage, the usermap would need a line like this:
>
> rowland::S-1-5-21-1768301897-3342589593-1064908849-1107
>
> and from this, I understand that both windows and Linux would know who
> 'rowland' is, I could be wrong though, mainly because I haven't
tried
> it.
>
> Rowland
>