diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50groups mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50groups --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50groups 2008-04-21 16:15:45.000000000 +0200 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50groups 2008-04-16 15:53:18.000000000 +0200 @@ -7,12 +7,12 @@ next unless ($group_info->{$group}); my ($name, $passwd, $gid, $members) = @{$group_info->{$group}}; - + $OUT .= "dn: cn=$group,ou=Groups,$ldapBase\n"; if ($mapping{$group}) { - my ($dname, $rid) = @{$mapping{$group}}; + my ($dname, $sid) = @{$mapping{$group}}; $OUT .= utf8("objectClass: posixGroup\n"); $OUT .= utf8("objectClass: sambaGroupMapping\n"); @@ -21,12 +21,17 @@ $OUT .= utf8("gidNumber: $gid\n"); foreach (split(/,/, $members || "")) { - $OUT .= utf8("memberUid: $_\n"); + $OUT .= utf8("memberUid: $_\n"); + } + if ($name eq 'nobody'){ + foreach(@machines){ + $OUT .= utf8("memberUid: $_\n"); + } } $OUT .= utf8("description: Local Unix group\n"); $OUT .= utf8("displayName: $dname\n"); $OUT .= utf8("sambaGroupType: 2\n"); - $OUT .= utf8("sambaSID: $local_sid" . "-" . "$rid\n\n"); + $OUT .= utf8("sambaSID: $sid\n\n"); } else { @@ -36,9 +41,10 @@ $OUT .= utf8("gidNumber: $gid\n"); foreach (split(/,/, $members || "")) { - $OUT .= utf8("memberUid: $_\n"); + $OUT .= utf8("memberUid: $_\n"); } $OUT .= "\n"; } } } + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50machines mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50machines --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50machines 1970-01-01 01:00:00.000000000 +0100 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50machines 2008-04-21 16:14:40.000000000 +0200 @@ -0,0 +1,49 @@ +{ + my $passwd_info = parse_file("/etc/passwd", @machines); + + foreach my $machine (@machines) + { + # Skip machine in db but not in /etc/passwd. + next unless ($passwd_info->{$machine}); + + my ($name, undef, $uid, $gid, $comment, $home, $shell) + = @{$passwd_info->{$machine}}; + + my $smbpasswd_info = parse_file("/etc/smbpasswd", uc($machine)); + + my (undef, undef, $sambaLMPassword, $sambaNTPassword, $sambaAcctFlags, undef) + = @{$smbpasswd_info->{uc($machine)}}; + + my $sambaSID = `/usr/bin/net sam show $name -s /etc/samba/smb-pre-ldap.conf`; + $sambaSID =~ s/(.*) is a (.*) with SID (.+)/$3/; + chomp($sambaSID); + + $OUT .= utf8("dn: uid=$name,ou=Computers,$ldapBase\n"); + $OUT .= utf8("objectClass: account\n"); + $OUT .= utf8("objectClass: posixAccount\n"); + $OUT .= utf8("objectClass: shadowAccount\n"); + $OUT .= utf8("objectClass: sambaSamAccount\n") if ($sambaSID ne ''); + $OUT .= utf8("objectClass: top\n"); + $OUT .= utf8("cn: $name\n"); + $OUT .= utf8("uid: $name\n"); + $OUT .= utf8("gecos: " . ($comment || "Hostname account for $name") . "\n"); + $OUT .= utf8("uidNumber: $uid\n"); + $OUT .= utf8("gidNumber: $gid\n"); + $OUT .= utf8("userPassword: {crypt}" . ($passwd || "*") . "\n"); + $OUT .= utf8("homeDirectory: " . ($home || '/noexistingpath') . "\n"); + $OUT .= utf8("loginShell: " . ($shell || "/bin/false") . "\n"); + $OUT .= utf8("shadowLastChange: " . ($lastchange || int(time / (24 * 3600))) . "\n"); + $OUT .= utf8("shadowMin: " . ($min || "-1") . "\n"); + $OUT .= utf8("shadowMax: " . ($max || "99999") . "\n"); + $OUT .= utf8("shadowWarning: " . ($warning || "7") . "\n"); + $OUT .= utf8("shadowInactive: " . ($inactive || "-1") . "\n"); + $OUT .= utf8("shadowExpire: " . ($expire || "-1") . "\n"); + $OUT .= utf8("sambaSID: $sambaSID\n") if ($sambaSID ne ''); + $OUT .= utf8("sambaLMPassword: $sambaLMPassword\n") if $sambaLMPassword; + $OUT .= utf8("sambaNTPassword: $sambaNTPassword\n") if $sambaNTPassword; + $OUT .= utf8("sambaPwdLastSet: 1207907915\n") if ($sambaLMPassword && $sambaNTPassword); # sambaPwdLastSet needs to be not null + $OUT .= utf8("sambaAcctFlags: $sambaAcctFlags\n") if $sambaAcctFlags; + $OUT .= utf8("shadowFlag: " . ($flag || "-1") . "\n\n"); + } +} + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50users mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50users --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50users 2008-04-21 16:15:45.000000000 +0200 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50users 2008-04-21 16:14:25.000000000 +0200 @@ -1,21 +1,32 @@ { my $passwd_info = parse_file("/etc/passwd", @users); my $shadow_info = parse_file("/etc/shadow", @users); - + my $smbpasswd_info = parse_file("/etc/smbpasswd", @users); + foreach my $user (@users) { # Skip users in db but not in /etc/passwd. - next unless ($passwd_info->{$user}); + next unless ($passwd_info->{$user}); my ($name, undef, $uid, $gid, $comment, $home, $shell) = @{$passwd_info->{$user}}; my (undef, $passwd, $lastchange, $min, $max, $warning, $inactive, $expire, $flag) = @{$shadow_info->{$user}}; + # Import the sambaSID of the user + my $sambaSID = `/usr/bin/net sam show $user -s /etc/samba/smb-pre-ldap.conf 2> /dev/null`; + $sambaSID =~ s/(.*)\\$user is a (.*) with SID (.+)/$3/; + chomp($sambaSID); + + # Import smb passwords (NT and LM) from smbpasswd + my (undef, undef, $sambaLMPassword, $sambaNTPassword, $sambaAcctFlags, undef) + = @{$smbpasswd_info->{$user}} if ($sambaSID ne ''); + $OUT .= utf8("dn: uid=$user,ou=Users,$ldapBase\n"); $OUT .= utf8("objectClass: account\n"); $OUT .= utf8("objectClass: posixAccount\n"); $OUT .= utf8("objectClass: shadowAccount\n"); + $OUT .= utf8("objectClass: sambaSamAccount\n") if ($sambaSID ne ''); $OUT .= utf8("objectClass: top\n"); $OUT .= utf8("cn: $name\n"); $OUT .= utf8("uid: $name\n"); @@ -31,6 +42,11 @@ $OUT .= utf8("shadowWarning: " . ($warning || "7") . "\n"); $OUT .= utf8("shadowInactive: " . ($inactive || "-1") . "\n"); $OUT .= utf8("shadowExpire: " . ($expire || "-1") . "\n"); + $OUT .= utf8("sambaSID: $sambaSID\n") if ($sambaSID ne ''); + $OUT .= utf8("sambaLMPassword: $sambaLMPassword\n") if $sambaLMPassword; + $OUT .= utf8("sambaNTPassword: $sambaNTPassword\n") if $sambaNTPassword; + $OUT .= utf8("sambaPwdLastSet: 1207907915\n") if ($sambaLMPassword && $sambaNTPassword); # sambaPwdLastSet needs to be not null + $OUT .= utf8("sambaAcctFlags: $sambaAcctFlags\n") if $sambaAcctFlags; $OUT .= utf8("shadowFlag: " . ($flag || "-1") . "\n\n"); } } diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 2008-04-21 16:15:45.000000000 +0200 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 2008-04-21 16:13:59.000000000 +0200 @@ -5,28 +5,45 @@ $a = esmith::AccountsDB->open_ro; $c = esmith::ConfigDB->open_ro; + + # Create a minimal config file for migration + $domain_master = $smb{DomainMaster} || "no"; + $workgroup = $smb{Workgroup}; + + open(PRELDAPCONF,">/etc/samba/smb-pre-ldap.conf"); + print PRELDAPCONF "domain logons = $smb{DomainMaster}\nworkgroup = $smb{Workgroup}"; + close(PRELDAPCONF); + $ldapBase = esmith::util::ldapBase ($DomainName); - $local_sid = `/usr/bin/net getlocalsid -s /dev/null -n $smb{ServerName}`; + $local_sid = `/usr/bin/net getlocalsid -s /etc/samba/smb-pre-ldap.conf -n $smb{ServerName}`; $local_sid =~ s/SID.*is: (.+)/$1/; chomp($local_sid); sub utf8 { - my $t = shift; - utf8::encode($t); - return $t; + my $t = shift; + utf8::encode($t); + return $t; } # Basic entries to init. - @ous = ("Groups", "People", "Users"); # ous for Organizational Units. + @ous = ("Groups", "People", "Users", "Computers"); # ous for Organizational Units. @users = ("root", "ntp", "www", "admin", "public"); @groups = ("shared", "slocate", "nobody", @users); + @machines = (); + + # Create list of group to map + my @groupmap = `/usr/bin/net groupmap list -s /etc/samba/smb-pre-ldap.conf`; + %mapping = (); - # Groups to map with samba, their names and their rids. - %mapping = - ( - 'admin' => ['Domain Admins', "512"], - 'shared' => ['Domain Users', "513"], - 'nobody' => ['Domain Guests', "514"] - ); + foreach (@groupmap) + { + chomp($_); + my $g = $_; + $g =~ /(.+) \((.+)\) -> (.+)/; + my $dname = $1; + my $sid = $2; + my $name = $3; + $mapping{$name} = ["$dname","$sid"]; + } # Add users and groups from db. foreach my $account ($a->users, $a->groups) @@ -34,17 +51,22 @@ @users = (@users, $account->key); @groups = (@groups, $account->key); } - + + #Add machines + foreach ($a->get_all_by_prop('type'=>'machine')){ + @machines = (@machines,$_->key); + } + # Parse a file with fields separated by ':' (ie /etc/{group,passwd,shadow}). sub parse_file { - # We are only interested in @keep accounts. + # We are only interested in @keep accounts. my ($file, @keep) = @_; - + my %result = (); - + open(FILE, $file) or die("open: $!"); - + my @line; while() { @@ -56,7 +78,7 @@ if ($line[0] eq $_); } } - + return \%result; } $OUT = "";