[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#718865: Update and minimize /etc/samba/smbldap-machineadd-gosa



control: tag -1 - moreinfo

Hi Holger,

On Di 06 Aug 2013 22:48:43 CEST Holger Levsen wrote:

control: tags -1 + moreinfo

Hi,

On Dienstag, 6. August 2013, Mike Gabriel wrote:
Because it is the script that gets triggered by Samba whenever new
Windows workstation attempt to join the SKOLELINUX NT-Domain. To make
this attempt a success smbldap-machineadd-gosa adds an object to LDAP
with default settings for a Gosa-Samba-Machine account. Theses
settings then get filled with Samba during the domain join up.

why the fork?

Because smbldap-useradd does not cover the objectClasses / attributeDescriptions required by GOsa² to recognize the SMB-machine object.

See patch below that shows the fork... (patch has been created on a squeeze-TJENER).

Best,
Mike

"""
--- /usr/sbin/smbldap-useradd	2009-10-15 21:34:13.000000000 +0200
+++ /etc/samba/smbldap-machineadd-gosa	2011-08-27 18:21:48.000000000 +0200
@@ -1,5 +1,17 @@
 #!/usr/bin/perl -w

+# This script has been taken von smbldap-tools 0.9.5, its original name
+# is smbldap-useradd. It has been modified so that machine accounts can
+# be created and so that they will be compliant to the pre-requisites of
+# GOsa as in Debian Edu squeeze.
+#
+# This script depends on package smbldap-tools (i.e. on its
+# smbldap_tool.pm).
+#
+# Modifcations have been done by several people, initially by
+#    Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+#
+
 #  This code was developped by Jerome Tournier (jtournier@gmail.com) and
 #  contributors (their names can be found in the CONTRIBUTORS file).

@@ -34,8 +46,42 @@
 use Getopt::Std;
 my %Options;

+# success = add_posix_machine($user, $uid, $gid)
+sub add_posix_machine_gosa {
+    my ( $user, $uid, $gid, $wait ) = @_;
+    if ( !defined $wait ) {
+        $wait = 0;
+    }
+
+    # bind to a directory with dn and password
+    my $add = $smbldap_tools::ldap->add(
+        "uid=$user,$config{computersdn}",
+        attr => [
+
+ 'objectclass' => ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount', 'gotoWorkstation'],
+            #'objectclass' => [ 'top', 'account', 'posixAccount' ],
+            'cn'          => "$user",
+
+            'sn'   => "$user",
+            'uid'           => "$user",
+            'uidNumber'     => "$uid",
+            'gidNumber'     => "$gid",
+            'homeDirectory' => '/dev/null',
+            'loginShell'    => '/bin/false',
+            'description'   => 'Computer',
+            'gecos'         => 'Computer',
+	    'sn'	    => 'Computer',
+        ]
+    );
+
+    $add->code && warn "failed to add entry: ", $add->error;
+    sleep($wait);
+    return 1;
+}
+
+
 my $ok =
- getopts( 'o:abnmwWiPG:u:g:d:s:c:k:t:A:B:C:D:E:F:H:L:M:N:S:T:?', \%Options ); + getopts( 'o:abnmwWiPG:u:g:d:s:c:k:t:A:B:C:D:E:F:H:L:M:N:S:T:Z:?', \%Options );

 if ( ( !$ok ) || ( @ARGV < 1 ) || ( $Options{'?'} ) ) {
     print_banner;
@@ -304,7 +350,7 @@
     }

     if (
-        !add_posix_machine(
+        !add_posix_machine_gosa(
             $userName, $userUidNumber, $userGidNumber, $Options{'t'}
         )
       )
@@ -342,8 +388,9 @@
             changes => [
                 replace => [
                     objectClass =>
-                      [ 'posixAccount', 'account', 'sambaSAMAccount' ]
+ [ 'top', 'posixAccount', 'person', 'organizationalPerson', 'inetOrgPerson', 'gosaAccount', 'sambaSamAccount', 'shadowAccount' ]
                 ],
+                add => [ sn       => 'Computer' ],
                 add => [ sambaLogonTime       => '0' ],
                 add => [ sambaLogoffTime      => '2147483647' ],
                 add => [ sambaKickoffTime     => '2147483647' ],
@@ -367,8 +414,9 @@
             changes => [
                 replace => [
                     objectClass =>
-                      [ 'posixAccount', 'account', 'sambaSAMAccount' ]
+ [ 'top', 'posixAccount', 'person', 'organizationalPerson', 'inetOrgPerson', 'gosaAccount', 'sambaSamAccount', 'shadowAccount' ]
                 ],
+                add => [ sn       => 'Computer' ],
                 add => [ sambaLogonTime       => '0' ],
                 add => [ sambaLogoffTime      => '2147483647' ],
                 add => [ sambaKickoffTime     => '2147483647' ],
"""

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: pgpWCLdxI98Od.pgp
Description: Digitale PGP-Unterschrift


Reply to: