thr3ads.net - samba - [Samba] ntfs user mappings? [Nov 2017]

If this information is useful, please help other people find it:
Share via:

Jeff Sadowski

2017-Nov-04 22:42 UTC

[Samba] ntfs user mappings?

. DOMAIN_ADMIN_PASSWD.sh
echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN}
echo -n > /etc/ntfs-3g.usermap
for DOMAIN_USER in $(wbinfo -u);do
 RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" ${DOMAIN})
 if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [
"${RPCLOOKUPID:0:7}" !"Failed " ];then
  SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
  echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap
 fi
done
for DOMAIN_GROUP in $(wbinfo -g);do
 RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}"
${DOMAIN})
 if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [
"${RPCLOOKUPID:0:7}" !"Failed " ];then
  SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
  echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap
 fi
done

On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba
<samba at lists.samba.org> wrote:> On Fri, 3 Nov 2017 16:25:57 -0600
> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>
>> That looks easier
>>
>> I was working on ldap to convert but I'll try ldb-tools
>>
>> I was off on a bash mission here is what I had so far it isn't
correct
>> so I'll keep working on it
>>
>> #!/bin/bash
>> if [ "$(echo $1|wc -c)" = "41" ];then
>> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed
>> 's/^0000000 //'|sed 's/ //g')
>> echo ${hex}
>> hex_chunk=$(echo ${hex}|cut -c1-2);
>> echo ${hex_chunk}
>> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c3-4)
>> echo ${hex_chunk}
>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c5-16)
>> echo ${hex_chunk}
>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c17-24)
>> echo ${hex_chunk}
>> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c25-32)
>> echo ${hex_chunk}
>> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c33-40)
>> echo ${hex_chunk}
>> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c41-48)
>> echo ${hex_chunk}
>> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c49-57)
>> uid=$(echo "ibase=16; ${hex_chunk}" | bc)
>> left=$(echo ${hex}|cut -c58-)
>> echo "[${left}]"
>> echo
>>
"S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}"
>>
>> else
>> echo $1
>> echo "not 41 characters like I was expecting"
>> fi
>>
>
> Hmm, you could do this instead:
>
> #!/bin/bash
>
> ## Get users object into $1 with ldbsearch
>
> SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}')
> echo "$SID"
>
> Which would result in something like this:
>
> S-1-5-21-1768301897-3342589593-1064908849-1107
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Jeff Sadowski

2017-Nov-05 00:42 UTC

head link

[Samba] ntfs user mappings?

I decided to continue trying the ldap route as well

littlehex2int()
{
 hex=$1
 hex_chunk=$(echo ${hex}|cut -c$2-$3)
 little=$(echo ${hex_chunk}|awk '{print
substr($0,7,2)substr($0,5,2)substr($0,3,2)substr($0,1,2)}')
 echo "ibase=16; ${little}" | bc
}

base64_to_sid()
{
OBJECTSID="$1"
hex=$(echo ${OBJECTSID}|base64 -d|od -A n -x -w28 --endian=big|sed 's/
//g'|awk '{print toupper($1)}')
hex_chunk=$(echo ${hex}|cut -c1-2);
rev=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c3-4)
dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
hex_chunk=$(echo ${hex}|cut -c5-16)
notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
nonuniq=$(littlehex2int ${hex} 17 24)
issuer1=$(littlehex2int ${hex} 25 32)
issuer2=$(littlehex2int ${hex} 33 40)
issuer3=$(littlehex2int ${hex} 41 48)
uid=$(littlehex2int ${hex} 49 57)
echo
"S-${rev}-${dashes}-${nonuniq}-${issuer1}-${issuer2}-${issuer3}-${uid}"
}

On Sat, Nov 4, 2017 at 4:42 PM, Jeff Sadowski <jeff.sadowski at gmail.com>
wrote:> . DOMAIN_ADMIN_PASSWD.sh
> echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN}
> echo -n > /etc/ntfs-3g.usermap
> for DOMAIN_USER in $(wbinfo -u);do
>  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}"
${DOMAIN})
>  if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [
"${RPCLOOKUPID:0:7}" !> "Failed " ];then
>   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
>   echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap
>  fi
> done
> for DOMAIN_GROUP in $(wbinfo -g);do
>  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}"
${DOMAIN})
>  if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [
"${RPCLOOKUPID:0:7}" !> "Failed " ];then
>   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
>   echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap
>  fi
> done
>
> On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
>> On Fri, 3 Nov 2017 16:25:57 -0600
>> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>>
>>> That looks easier
>>>
>>> I was working on ldap to convert but I'll try ldb-tools
>>>
>>> I was off on a bash mission here is what I had so far it isn't
correct
>>> so I'll keep working on it
>>>
>>> #!/bin/bash
>>> if [ "$(echo $1|wc -c)" = "41" ];then
>>> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed
>>> 's/^0000000 //'|sed 's/ //g')
>>> echo ${hex}
>>> hex_chunk=$(echo ${hex}|cut -c1-2);
>>> echo ${hex_chunk}
>>> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c3-4)
>>> echo ${hex_chunk}
>>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c5-16)
>>> echo ${hex_chunk}
>>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c17-24)
>>> echo ${hex_chunk}
>>> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c25-32)
>>> echo ${hex_chunk}
>>> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c33-40)
>>> echo ${hex_chunk}
>>> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c41-48)
>>> echo ${hex_chunk}
>>> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> hex_chunk=$(echo ${hex}|cut -c49-57)
>>> uid=$(echo "ibase=16; ${hex_chunk}" | bc)
>>> left=$(echo ${hex}|cut -c58-)
>>> echo "[${left}]"
>>> echo
>>>
"S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}"
>>>
>>> else
>>> echo $1
>>> echo "not 41 characters like I was expecting"
>>> fi
>>>
>>
>> Hmm, you could do this instead:
>>
>> #!/bin/bash
>>
>> ## Get users object into $1 with ldbsearch
>>
>> SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}')
>> echo "$SID"
>>
>> Which would result in something like this:
>>
>> S-1-5-21-1768301897-3342589593-1064908849-1107
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

Rowland Penny

2017-Nov-05 19:31 UTC

head link

[Samba] ntfs user mappings?

On Sat, 4 Nov 2017 18:42:36 -0600
Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> I decided to continue trying the ldap route as well
> 
> littlehex2int()
> {
>  hex=$1
>  hex_chunk=$(echo ${hex}|cut -c$2-$3)
>  little=$(echo ${hex_chunk}|awk '{print
> substr($0,7,2)substr($0,5,2)substr($0,3,2)substr($0,1,2)}')
>  echo "ibase=16; ${little}" | bc
> }
> 
> base64_to_sid()
> {
> OBJECTSID="$1"
> hex=$(echo ${OBJECTSID}|base64 -d|od -A n -x -w28 --endian=big|sed 's/
> //g'|awk '{print toupper($1)}')
> hex_chunk=$(echo ${hex}|cut -c1-2);
> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
> hex_chunk=$(echo ${hex}|cut -c3-4)
> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
> hex_chunk=$(echo ${hex}|cut -c5-16)
> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
> nonuniq=$(littlehex2int ${hex} 17 24)
> issuer1=$(littlehex2int ${hex} 25 32)
> issuer2=$(littlehex2int ${hex} 33 40)
> issuer3=$(littlehex2int ${hex} 41 48)
> uid=$(littlehex2int ${hex} 49 57)
> echo
>
"S-${rev}-${dashes}-${nonuniq}-${issuer1}-${issuer2}-${issuer3}-${uid}"
}
> 
> On Sat, Nov 4, 2017 at 4:42 PM, Jeff Sadowski
> <jeff.sadowski at gmail.com> wrote:
> > . DOMAIN_ADMIN_PASSWD.sh
> > echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN}
> > echo -n > /etc/ntfs-3g.usermap
> > for DOMAIN_USER in $(wbinfo -u);do
> >  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}"
> > ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: "
] &&
> > [ "${RPCLOOKUPID:0:7}" != "Failed " ];then
> >   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
> >   echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap
> >  fi
> > done
> > for DOMAIN_GROUP in $(wbinfo -g);do
> >  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}"
> > ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: "
] &&
> > [ "${RPCLOOKUPID:0:7}" != "Failed " ];then
> >   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
> >   echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap
> >  fi
> > done
> >
> > On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba
> > <samba at lists.samba.org> wrote:
> >> On Fri, 3 Nov 2017 16:25:57 -0600
> >> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> >>
> >>> That looks easier
> >>>
> >>> I was working on ldap to convert but I'll try ldb-tools
> >>>
> >>> I was off on a bash mission here is what I had so far it
isn't
> >>> correct so I'll keep working on it
> >>>
> >>> #!/bin/bash
> >>> if [ "$(echo $1|wc -c)" = "41" ];then
> >>> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed
> >>> 's/^0000000 //'|sed 's/ //g')
> >>> echo ${hex}
> >>> hex_chunk=$(echo ${hex}|cut -c1-2);
> >>> echo ${hex_chunk}
> >>> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c3-4)
> >>> echo ${hex_chunk}
> >>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c5-16)
> >>> echo ${hex_chunk}
> >>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c17-24)
> >>> echo ${hex_chunk}
> >>> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c25-32)
> >>> echo ${hex_chunk}
> >>> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c33-40)
> >>> echo ${hex_chunk}
> >>> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c41-48)
> >>> echo ${hex_chunk}
> >>> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> hex_chunk=$(echo ${hex}|cut -c49-57)
> >>> uid=$(echo "ibase=16; ${hex_chunk}" | bc)
> >>> left=$(echo ${hex}|cut -c58-)
> >>> echo "[${left}]"
> >>> echo
> >>>
"S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}"
> >>>
> >>> else
> >>> echo $1
> >>> echo "not 41 characters like I was expecting"
> >>> fi
> >>>
> >>
> >> Hmm, you could do this instead:
> >>
> >> #!/bin/bash
> >>
> >> ## Get users object into $1 with ldbsearch
> >>
> >> SID=$(echo $1 | grep 'objectSid:' | awk '{print
$NF}')
> >> echo "$SID"
> >>
> >> Which would result in something like this:
> >>
> >> S-1-5-21-1768301897-3342589593-1064908849-1107
> >>
> >> Rowland
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
How about my version (attached) ?

Rowland

Possibly Parallel Threads

Search for more maybe matching threads

samba - Nov 2017 - ntfs user mappings?

[Samba] ntfs user mappings?

[Samba] ntfs user mappings?

[Samba] ntfs user mappings?

Possibly Parallel Threads