Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] A small question on Winbind

0 views
Skip to first unread message

Phibee NOC

unread,
Mar 29, 2005, 2:30:16 AM3/29/05
to
Hi

it's possible with wbinfo that get a information:

1- Get all users of one Active Directory Group
2- Get all groups of one username ?


(i want create a small perl script for add automatiquely user into
Squidguard, other user say me that Squidguard can't directly
get the Active DIrectory Group (only use username)

Thanks for your help

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Hamish

unread,
Mar 29, 2005, 6:20:08 AM3/29/05
to
On Tuesday 29 March 2005 08:29, Phibee NOC wrote:
> Hi
> it's possible with wbinfo that get a information:
>
> 1- Get all users of one Active Directory Group
this can be done with getent passwd {groupname} - not sure how to do it with
wbinfo

> 2- Get all groups of one username ?
Not 100% sure about this, but a start might be getent group | grep {username}
- im sure a bit of sed would neaten the results

Hope that helps,
H

Daniel Amthor

unread,
Mar 29, 2005, 6:50:09 AM3/29/05
to
Am Dienstag 29 März 2005 13:12 schrieb Hamish:
> >     2- Get all groups of one username ?
Maybe I'm oversimplifying, but (given nsswitch and all is in place):
# id username
?
HTH
Dan

--
Daniel Amthor Linux LPI Level 2 Administrator
Im Brühl 10 t: +49-06173-935960
61476 Kronberg e: d...@lonx.net ICQ: 196700332

alas...@havertys.com

unread,
Mar 30, 2005, 2:20:12 PM3/30/05
to

samba-bounces+alaslavic=havert...@lists.samba.org wrote on 03/29/2005
02:29:37 AM:

> Hi
>
> it's possible with wbinfo that get a information:
>
> 1- Get all users of one Active Directory Group
> 2- Get all groups of one username ?
>
>
> (i want create a small perl script for add automatiquely user into
> Squidguard, other user say me that Squidguard can't directly
> get the Active DIrectory Group (only use username)
>
> Thanks for your help

I have the same setup going, so I'll show you how I am doing it.

Please excuse, its kind of a hack, but it has worked flawlessly for a long
time, so I never cleaned it up.

The script below dumps an alphabetical list of users contained in a group.
It mostly uses "getent group", with some regular expressions to pull out
only the usernames.
-----------ntgroup.pl--------------
#!/usr/bin/perl
#useage: ntgroup.pl <windows group>

$group = shift(@ARGV);

$groupstring = `/usr/bin/getent group | /usr/bin/grep -e "^$group:"`;
$groupstring=~s/^.*:x:[0-9].*://;

@list = split /,/,$groupstring;
@sortlist = sort @list;
for (@sortlist) {
chomp($_);
print "$_\n";
}
exit
------------end of ntgroup.pl----------

You are correct that squidguard can't access Active Directory, it has to
read from a file containing a list of usernames. What I did at this point
is created a "proxyUsers" domain group. I then ran the script above,
"ntgroup.pl proxyUsers > /var/squidguard/proxyUser.list". I then put in a
cron job that peroidically checked to see if the list had changed, and if
it had, added the new users, and reloaded squidguard to put the new users
in effect.

This is getting OT now, so if you have any more squidguard related
questions, you can contact me off-list.

~alex

0 new messages