On Mon, 17 Aug 2009, Miguel Medalha wrote:
>
>> Isn't that only for samba-ldap? Can I still use them if I am not running
>> samba? I don't want to install and run Samba for no particular reason..
>
> It can be used to create Posix accounts only.
>
> The documentation resides here:
>
> http://download.gna.org/smbldap-tools/docs/
The samba-ldap tools are great. I don't use their mechanism to store
the highest UID/GID in use. Instead, I use a script like the one
below. It's interactive, but it'd be to modify to take command-line
options for full name, username, etc.
----- %< -----
#!/bin/sh
#
# script for creating a new user account and its corresponding
# group account in Samba+LDAP environment using the smbldap tools
#
======================================================================
#
# let person running this script know what's about to happen
#
cat <<__eom__
You're about to create a new system account that allows general login
and e-mail access. You'll need to know ahead of time the new user's
preferred username and his or her full name. The system will take care
of the rest...
__eom__
#
# figure out the highest UID and GID currently in production, but
# rule out really high numbers (greater than 8000) which are typically
# assigned to pseudo accounts like "nobody."
#
AWKTEST='END { print HUID } { if (($3 > HUID) && ($3 < 8000)) HUID = $3}'
HUID=$(/usr/bin/getent passwd | /bin/gawk -F: "$AWKTEST")
HGID=$(/usr/bin/getent group | /bin/gawk -F: "$AWKTEST")
#
# increment those UID and GID numbers by 1 for use with the new
# account
#
let HUID=$HUID+1
let HGID=$HGID+1
#
# poll for new account holder's username and full name.
#
read -p "Username: " UNAME
read -p "Full name: " FNAME
#
# test to see if username or associated group name is already in use.
# exit now if it is.
#
/usr/bin/getent passwd $UNAME >/dev/null
if test $? -eq 0; then
echo "" >/dev/stderr
echo "Sorry. Username $UNAME is already in use:" >/dev/stderr
/usr/bin/getent passwd $UNAME >/dev/stderr
echo "" >/dev/stderr
echo "Exiting now." >/dev/stderr
exit 1
fi
/usr/bin/getent group $UNAME >/dev/null
if test $? -eq 0; then
echo "" >/dev/stderr
echo "Sorry. Group $UNAME is already in use:" >/dev/stderr
/usr/bin/getent group $UNAME >/dev/stderr
echo "" >/dev/stderr
echo "Exiting now." >/dev/stderr
exit 1
fi
#
# ask the account creator to verify details of the new account. exit
# immediately if things are amiss.
#
echo
echo "Please verify the details of the new account:"
echo "============================================="
echo "Full name : $FNAME"
echo "Username : $UNAME"
echo "UID : $HUID"
echo "Group name: $UNAME"
echo "GID : $HGID"
echo "============================================="
echo
read -p "Do you want to create that account [yes/No]? " ANSWER
case "$ANSWER" in
[yY]es)
echo
echo "OK. Full steam ahead!"
echo
;;
[yY]*)
echo
echo "If you mean 'yes' then you have to type 'yes'"
echo
exit
;;
*)
echo
echo "You're a cautious one. That's cool. Try again later."
echo
exit
;;
esac
#
# use the smbldap tools to create the new group account and then
# the new user account. those tools don't appear to set the Windows
# display-name attibute correctly, however, so use pdbedit for
# that task.
#
echo "Creating new group $UNAME with GID $HGID ..."
/usr/sbin/smbldap-groupadd -a -g $HGID $UNAME
echo "Creating new user $UNAME with UID $HUID ..."
/usr/sbin/smbldap-useradd -a -c "$FNAME" -g $HGID -u $HUID $UNAME
echo "Setting Windows display name for user $UNAME ..."
/usr/bin/pdbedit -f "$FNAME" $UNAME
#
# for now, create a random password for the new account, just
# to make sure account is not accessed accidentally ...
#
echo "Installing temporary random password for user $UNAME ..."
PASSW=$(/usr/bin/openssl rand -base64 12)
echo -e "$PASSW\n$PASSW" | /usr/bin/smbpasswd -s $UNAME
#
# all done!
#
echo
echo "done ... for now ..."
echo
----- %< -----
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
