. DOMAIN_ADMIN_PASSWD.sh echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN} echo -n > /etc/ntfs-3g.usermap for DOMAIN_USER in $(wbinfo -u);do RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" !"Failed " ];then SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap fi done for DOMAIN_GROUP in $(wbinfo -g);do RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}" ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" !"Failed " ];then SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap fi done On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Fri, 3 Nov 2017 16:25:57 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> That looks easier >> >> I was working on ldap to convert but I'll try ldb-tools >> >> I was off on a bash mission here is what I had so far it isn't correct >> so I'll keep working on it >> >> #!/bin/bash >> if [ "$(echo $1|wc -c)" = "41" ];then >> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed >> 's/^0000000 //'|sed 's/ //g') >> echo ${hex} >> hex_chunk=$(echo ${hex}|cut -c1-2); >> echo ${hex_chunk} >> rev=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c3-4) >> echo ${hex_chunk} >> dashes=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c5-16) >> echo ${hex_chunk} >> notsure=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c17-24) >> echo ${hex_chunk} >> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c25-32) >> echo ${hex_chunk} >> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c33-40) >> echo ${hex_chunk} >> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c41-48) >> echo ${hex_chunk} >> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc) >> hex_chunk=$(echo ${hex}|cut -c49-57) >> uid=$(echo "ibase=16; ${hex_chunk}" | bc) >> left=$(echo ${hex}|cut -c58-) >> echo "[${left}]" >> echo >> "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}" >> >> else >> echo $1 >> echo "not 41 characters like I was expecting" >> fi >> > > Hmm, you could do this instead: > > #!/bin/bash > > ## Get users object into $1 with ldbsearch > > SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}') > echo "$SID" > > Which would result in something like this: > > S-1-5-21-1768301897-3342589593-1064908849-1107 > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
I decided to continue trying the ldap route as well littlehex2int() { hex=$1 hex_chunk=$(echo ${hex}|cut -c$2-$3) little=$(echo ${hex_chunk}|awk '{print substr($0,7,2)substr($0,5,2)substr($0,3,2)substr($0,1,2)}') echo "ibase=16; ${little}" | bc } base64_to_sid() { OBJECTSID="$1" hex=$(echo ${OBJECTSID}|base64 -d|od -A n -x -w28 --endian=big|sed 's/ //g'|awk '{print toupper($1)}') hex_chunk=$(echo ${hex}|cut -c1-2); rev=$(echo "ibase=16; ${hex_chunk}" | bc) hex_chunk=$(echo ${hex}|cut -c3-4) dashes=$(echo "ibase=16; ${hex_chunk}" | bc) hex_chunk=$(echo ${hex}|cut -c5-16) notsure=$(echo "ibase=16; ${hex_chunk}" | bc) nonuniq=$(littlehex2int ${hex} 17 24) issuer1=$(littlehex2int ${hex} 25 32) issuer2=$(littlehex2int ${hex} 33 40) issuer3=$(littlehex2int ${hex} 41 48) uid=$(littlehex2int ${hex} 49 57) echo "S-${rev}-${dashes}-${nonuniq}-${issuer1}-${issuer2}-${issuer3}-${uid}" } On Sat, Nov 4, 2017 at 4:42 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:> . DOMAIN_ADMIN_PASSWD.sh > echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN} > echo -n > /etc/ntfs-3g.usermap > for DOMAIN_USER in $(wbinfo -u);do > RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" ${DOMAIN}) > if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" !> "Failed " ];then > SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') > echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap > fi > done > for DOMAIN_GROUP in $(wbinfo -g);do > RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}" ${DOMAIN}) > if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" !> "Failed " ];then > SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') > echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap > fi > done > > On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba > <samba at lists.samba.org> wrote: >> On Fri, 3 Nov 2017 16:25:57 -0600 >> Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >> >>> That looks easier >>> >>> I was working on ldap to convert but I'll try ldb-tools >>> >>> I was off on a bash mission here is what I had so far it isn't correct >>> so I'll keep working on it >>> >>> #!/bin/bash >>> if [ "$(echo $1|wc -c)" = "41" ];then >>> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed >>> 's/^0000000 //'|sed 's/ //g') >>> echo ${hex} >>> hex_chunk=$(echo ${hex}|cut -c1-2); >>> echo ${hex_chunk} >>> rev=$(echo "ibase=16; ${hex_chunk}" | bc) >>> hex_chunk=$(echo ${hex}|cut -c3-4) >>> echo ${hex_chunk} >>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc) >>> hex_chunk=$(echo ${hex}|cut -c5-16) >>> echo ${hex_chunk} >>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc) >>> hex_chunk=$(echo ${hex}|cut -c17-24) >>> echo ${hex_chunk} >>> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc) >>> hex_chunk=$(echo ${hex}|cut -c25-32) >>> echo ${hex_chunk} >>> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc) >>> hex_chunk=$(echo ${hex}|cut -c33-40) >>> echo ${hex_chunk} >>> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc) >>> hex_chunk=$(echo ${hex}|cut -c41-48) >>> echo ${hex_chunk} >>> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc) >>> hex_chunk=$(echo ${hex}|cut -c49-57) >>> uid=$(echo "ibase=16; ${hex_chunk}" | bc) >>> left=$(echo ${hex}|cut -c58-) >>> echo "[${left}]" >>> echo >>> "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}" >>> >>> else >>> echo $1 >>> echo "not 41 characters like I was expecting" >>> fi >>> >> >> Hmm, you could do this instead: >> >> #!/bin/bash >> >> ## Get users object into $1 with ldbsearch >> >> SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}') >> echo "$SID" >> >> Which would result in something like this: >> >> S-1-5-21-1768301897-3342589593-1064908849-1107 >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba
On Sat, 4 Nov 2017 18:42:36 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote:> I decided to continue trying the ldap route as well > > littlehex2int() > { > hex=$1 > hex_chunk=$(echo ${hex}|cut -c$2-$3) > little=$(echo ${hex_chunk}|awk '{print > substr($0,7,2)substr($0,5,2)substr($0,3,2)substr($0,1,2)}') > echo "ibase=16; ${little}" | bc > } > > base64_to_sid() > { > OBJECTSID="$1" > hex=$(echo ${OBJECTSID}|base64 -d|od -A n -x -w28 --endian=big|sed 's/ > //g'|awk '{print toupper($1)}') > hex_chunk=$(echo ${hex}|cut -c1-2); > rev=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c3-4) > dashes=$(echo "ibase=16; ${hex_chunk}" | bc) > hex_chunk=$(echo ${hex}|cut -c5-16) > notsure=$(echo "ibase=16; ${hex_chunk}" | bc) > nonuniq=$(littlehex2int ${hex} 17 24) > issuer1=$(littlehex2int ${hex} 25 32) > issuer2=$(littlehex2int ${hex} 33 40) > issuer3=$(littlehex2int ${hex} 41 48) > uid=$(littlehex2int ${hex} 49 57) > echo > "S-${rev}-${dashes}-${nonuniq}-${issuer1}-${issuer2}-${issuer3}-${uid}" } > > On Sat, Nov 4, 2017 at 4:42 PM, Jeff Sadowski > <jeff.sadowski at gmail.com> wrote: > > . DOMAIN_ADMIN_PASSWD.sh > > echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN} > > echo -n > /etc/ntfs-3g.usermap > > for DOMAIN_USER in $(wbinfo -u);do > > RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" > > ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && > > [ "${RPCLOOKUPID:0:7}" != "Failed " ];then > > SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') > > echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap > > fi > > done > > for DOMAIN_GROUP in $(wbinfo -g);do > > RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}" > > ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && > > [ "${RPCLOOKUPID:0:7}" != "Failed " ];then > > SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') > > echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap > > fi > > done > > > > On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba > > <samba at lists.samba.org> wrote: > >> On Fri, 3 Nov 2017 16:25:57 -0600 > >> Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> > >>> That looks easier > >>> > >>> I was working on ldap to convert but I'll try ldb-tools > >>> > >>> I was off on a bash mission here is what I had so far it isn't > >>> correct so I'll keep working on it > >>> > >>> #!/bin/bash > >>> if [ "$(echo $1|wc -c)" = "41" ];then > >>> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed > >>> 's/^0000000 //'|sed 's/ //g') > >>> echo ${hex} > >>> hex_chunk=$(echo ${hex}|cut -c1-2); > >>> echo ${hex_chunk} > >>> rev=$(echo "ibase=16; ${hex_chunk}" | bc) > >>> hex_chunk=$(echo ${hex}|cut -c3-4) > >>> echo ${hex_chunk} > >>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc) > >>> hex_chunk=$(echo ${hex}|cut -c5-16) > >>> echo ${hex_chunk} > >>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc) > >>> hex_chunk=$(echo ${hex}|cut -c17-24) > >>> echo ${hex_chunk} > >>> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc) > >>> hex_chunk=$(echo ${hex}|cut -c25-32) > >>> echo ${hex_chunk} > >>> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc) > >>> hex_chunk=$(echo ${hex}|cut -c33-40) > >>> echo ${hex_chunk} > >>> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc) > >>> hex_chunk=$(echo ${hex}|cut -c41-48) > >>> echo ${hex_chunk} > >>> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc) > >>> hex_chunk=$(echo ${hex}|cut -c49-57) > >>> uid=$(echo "ibase=16; ${hex_chunk}" | bc) > >>> left=$(echo ${hex}|cut -c58-) > >>> echo "[${left}]" > >>> echo > >>> "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}" > >>> > >>> else > >>> echo $1 > >>> echo "not 41 characters like I was expecting" > >>> fi > >>> > >> > >> Hmm, you could do this instead: > >> > >> #!/bin/bash > >> > >> ## Get users object into $1 with ldbsearch > >> > >> SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}') > >> echo "$SID" > >> > >> Which would result in something like this: > >> > >> S-1-5-21-1768301897-3342589593-1064908849-1107 > >> > >> Rowland > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/sambaHow about my version (attached) ? Rowland