-
-
Save sjorge/588bf24788ebb4e2291d6d6dc93c2629 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# This use smbencrypt from freeradius | |
# | |
# read all accounts from ldap | |
ldapload() { | |
local acc_uid= | |
local acc_name= | |
local acc_pass= | |
ldapsearch -LLL -x -Z -H ldapi:/// -W \ | |
-D cn=admin,dc=acheron,dc=be \ | |
-b ou=accounts,dc=acheron,dc=be \ | |
-s one objectClass=posixAccount \ | |
uid uidNumber userPassword | while read line; do | |
if [[ -z "$line" && -n "$acc_pass" && -n "$acc_uid" && -n "$acc_name" ]]; then | |
acc2smbpasswd "$acc_name" "$acc_uid" "$acc_pass" | |
fi | |
if [[ "$line" =~ ^dn: ]]; then | |
acc_uid= | |
acc_name= | |
acc_pass= | |
fi | |
if [[ "$line" =~ ^uid: ]]; then | |
acc_name="$(echo $line | awk -F ': ' '{ print $2 }')" | |
fi | |
if [[ "$line" =~ ^uidNumber: ]]; then | |
acc_uid="$(echo $line | awk -F ': ' '{ print $2 }')" | |
fi | |
if [[ "$line" =~ ^userPassword:: ]]; then | |
acc_pass="$(echo $line | awk -F ':: ' '{ print $2 }' | base64 -d)" | |
fi | |
done | |
} | |
# convert ldap info to smbpasswd entry | |
acc2smbpasswd() { | |
local account="${1:-}" | |
local uid="${2:-}" | |
local password="${3:-}" | |
local nthash="$(smbencrypt "$password" 2>&1 | tail -n 1 | awk '{ print $2 }')" | |
local rnthash= | |
for s in $(seq 0 2 $((${#nthash} - 2))); do | |
rnthash="${rnthash}$(echo ${nthash:${s}:2} | rev)" | |
done | |
echo "$account:$uid::$rnthash" | |
} | |
## main | |
tmp_smbpasswd="$(mktemp)" | |
ldapload >> $tmp_smbpasswd | |
chown root:sys $tmp_smbpasswd | |
chmod 0400 $tmp_smbpasswd | |
[ ! -e "$tmp_smbpasswd" ] || mv "$tmp_smbpasswd" /var/smb/smbpasswd |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment