My apologies...
Here is a working copy as an attachment. I will also fix the blog post I
have up about it.
Keep in mind it does require a couple of tools installed to function
properly.
i.e.
wbinfo
ldapsearch
ldapmodify
Also a note on how it works. It uses wbinfo to detect any account in
active directory which does not have the unix extension properties for
the uid,gid,default shell, homedir, as well as any DN attribute which
uses first name last name, (DN=first last,CN=Users) which seems to cause
problems with the UID 2 SID verification process, and modifies only
those accounts.
Using 'wizard' mode will allow you to test it on one account and once
that works you can specify a OU within Active Directory and this will
perform the operations on any account which fails the UID 2 SID
verification.
Let me know if you experience any problems with it.
On 07/27/10 02:29, Danilo Godec wrote:
While my situation is a bit different (no AD server, Samba is PDC for
the domain, using OpenLDAP for users, groups, ...), I tried running your
Perl script in 'Wizard' mode, but it fails (using perl 5.8.3):
# ./UID2SID.pl
syntax error at ./UID2SID.pl line 204, near "= ;"
syntax error at ./UID2SID.pl line 239, near "= ;"
syntax error at ./UID2SID.pl line 380, near "= ;"
syntax error at ./UID2SID.pl line 404, near "= ) "
syntax error at ./UID2SID.pl line 410, near "}"
Execution of ./UID2SID.pl aborted due to compilation errors.
Regards, Danilo
On 26. 07. 2010 15:54, Jason Gerfen wrote:
Here is a document and perl script I developed to resolve UID to SID
mappings in Samba Active Directory authentication.
http://zerointeger.tumblr.com/post/589762841/samba-and-active-directory
Let me know if that helps any.
On 07/26/10 07:01, Danilo Godec wrote:
Got a problem after upgrading Samba from 3.0 to 3.5 - have a bunch of
users and groups in LDAP and things work for the most part.
However, when people try to change permissions from within Windows, some
usernames or groupnames are shown properly, but other are not - they see
the SID.
Following up I noticed, that I can get a list of all users with 'wbinfo
-u' and that I can get a SID for every user with 'wbinfo -n $USER'.
However, for about 70% of all SIDs listed a 'reverse lookup' with 'wbinf
-s $SID' doesn't work:
S-1-5-21-239950015-4237961228-1280988766-3060 Could not lookup sid
S-1-5-21-239950015-4237961228-1280988766-3060
It works for some and it turns out that this relates to what usernames
are visible in Windows...
I checked my LDAP and compared some of the users that work to some of
those that don't, but there are no apparent differences.
Any ideas?
Regards, Danilo
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
