Samba Tool Entwurf
Benutzer erstellen
samba-tool user create user1 Test1234 --given-name=Benutzer --surname=Eins --profile-path='\\dc\profiles\paul.schmidt' --script-path='\\dc\netlogon\logon.cmd' >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: User 'user1' created successfully
Benutzer erstellen, der schon existiert
samba-tool user create user1 Test1234 --given-name=Benutzer --surname=Eins --profile-path='\\dc\profiles\paul.schmidt' --script-path='\\dc\netlogon\logon.cmd' >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
255
ERROR: ERROR(ldb): Failed to add user 'user1': - samldb: Account name (sAMAccountName) 'user1' already in use!
STDOUT:
Alle Benutzer auflisten
samba-tool user list >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Administrator user1 krbtgt Guest
Vorhandenen Benutzer löschen
samba-tool user delete user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Deleted user user1
Benutzer löschen, den es nicht gibt
samba-tool user delete user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
255
ERROR: ERROR(exception): Failed to remove user "user1" - Unable to find user "user1" File "/usr/lib/python2.7/dist-packages/samba/netcmd/user.py", line 259, in run samdb.deleteuser(username) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 474, in deleteuser raise Exception('Unable to find user "%s"' % username)
STDOUT:
Benutzer deaktivieren, den es nicht gibt
samba-tool user disable user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
255
ERROR: ERROR: Failed to disable user 'user1': Unable to find account where '(&(objectClass=user)(sAMAccountName=user1))'
STDOUT:
Benutzer deaktivieren
samba-tool user disable user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT:
Benutzer deaktivieren, der bereits deaktiviert ist
samba-tool user disable user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT:
Benutzer aktivieren
samba-tool user enable user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Enabled user 'user1'
Benutzer aktivieren, der bereits aktiviert ist
samba-tool user enable user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Enabled user 'user1'
Benutzer aktivieren, den es nicht gibt
samba-tool user enable user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
255
ERROR: ERROR: Failed to enable user 'user1': Unable to find account where '(&(objectClass=user)(sAMAccountName=user1))'
STDOUT:
Neues Passwort eines Benutzer setzen
samba-tool user setpassword user1 --newpassword=Test5678 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Changed password OK
Neues Passwort eines Benutzer setzen, den es nicht gibt
samba-tool user setpassword user1 --newpassword=Test5678 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
255
ERROR: ERROR: Failed to set password for user 'user1': Unable to find user "user1"
STDOUT:
Noexpire für Passwort eines Benutzer aufheben
samba-tool user setexpiry --noexpiry user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Expiry for user 'user1' disabled.
Noexpire für Passwort eines Benutzer auf 20 Tage setzen
samba-tool user setexpiry --days=20 user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Expiry for user 'user1' set to 20 days.
Noexpire für Passwort eines Benutzer aufheben, den es nicht gibt
samba-tool user setexpiry --noexpiry user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
255
ERROR: ERROR: Failed to set expiry for user 'user1': Unable to find user "(&(objectClass=user)(sAMAccountName=user1))"
STDOUT:
Gruppe bubu erstellen
samba-tool group add bubu >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Added group bubu
Gruppe bubu erstellen, die schon existiert
samba-tool group add bubu >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
255
ERROR: ERROR(ldb): Failed to create group "bubu" - samldb: Account name (sAMAccountName) 'bubu' already in use!
STDOUT:
Alle Gruppen auflisten
samba-tool group list >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Allowed RODC Password Replication Group Enterprise Read-Only Domain Controllers Denied RODC Password Replication Group Pre-Windows 2000 Compatible Access Windows Authorization Access Group Certificate Service DCOM Access Network Configuration Operators Terminal Server License Servers Incoming Forest Trust Builders Read-Only Domain Controllers Group Policy Creator Owners Performance Monitor Users Cryptographic Operators Distributed COM Users Performance Log Users Remote Desktop Users Account Operators Event Log Readers RAS and IAS Servers Backup Operators Domain Controllers Server Operators Enterprise Admins Print Operators Administrators Domain Computers Cert Publishers DnsUpdateProxy Domain Admins Domain Guests Schema Admins Domain Users Replicator IIS_IUSRS DnsAdmins Guests Users bubu
Mitglieder der Gruppe Administrators auflisten
samba-tool group listmembers Administrators >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Domain Admins Enterprise Admins Administrator
Mitglieder der leeren Gruppe bubu auflisten
samba-tool group listmembers bubu >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT:
Benutzer user1 der Gruppe bubu hinzufügen
samba-tool group addmembers bubu user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Added members to group bubu
Benutzer user1 aus der Gruppe bubu entfernen
(ählich wie bei enable, disable user. Es wird nicht geprüft, ob der benutzer in der gruppe vorhanden ist)
samba-tool group removemembers bubu user1 >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Removed members from group bubu
Gruppe bubu löschen
samba-tool group delete bubu >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
0
ERROR:
STDOUT: Deleted group bubu
Gruppe bubu löschen, die es nicht gibt
samba-tool group delete bubu >/tmp/stdout.log 2>/tmp/stderr.log; echo $?; (echo ERROR: $([ -f /tmp/stderr.log ] && cat /tmp/stderr.log)); (echo STDOUT: $([ -f /tmp/stdout.log ] && cat /tmp/stdout.log)); rm -f /tmp/std{out,err}.log
255
ERROR: ERROR(exception): Failed to remove group "bubu" - Unable to find group "bubu" File "/usr/lib/python2.7/dist-packages/samba/netcmd/group.py", line 176, in run samdb.deletegroup(groupname) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 231, in deletegroup raise Exception('Unable to find group "%s"' % groupname)
STDOUT:
Optionen zum erstellen eines Benutzers
--must-change-at-next-login
Force password to be changed on next login
--random-password Generate random password
--use-username-as-cn Force use of username as user's CN
--userou=USEROU DN of alternative location (without domainDN
counterpart) to default CN=Users in which new user
object will be created. E. g. 'OU=<OU name>'
--surname=SURNAME User's surname
--given-name=GIVEN_NAME
User's given name
--initials=INITIALS User's initials
--profile-path=PROFILE_PATH
User's profile path
--script-path=SCRIPT_PATH
User's logon script path
--home-drive=HOME_DRIVE
User's home drive letter
--home-directory=HOME_DIRECTORY
User's home directory path
--job-title=JOB_TITLE
User's job title
--department=DEPARTMENT
User's department
--company=COMPANY User's company
--description=DESCRIPTION
User's description
--mail-address=MAIL_ADDRESS
User's email address
--internet-address=INTERNET_ADDRESS
User's home page
--telephone-number=TELEPHONE_NUMBER
User's phone number
--physical-delivery-office=PHYSICAL_DELIVERY_OFFICE
User's office location
--rfc2307-from-nss Copy Unix user attributes from NSS (will be overridden
by explicit UID/GID/GECOS/shell)
--nis-domain=NIS_DOMAIN
User's Unix/RFC2307 NIS domain
--unix-home=UNIX_HOME
User's Unix/RFC2307 home directory
--uid=UID User's Unix/RFC2307 username
--uid-number=UID_NUMBER
User's Unix/RFC2307 numeric UID
--gid-number=GID_NUMBER
User's Unix/RFC2307 primary GID number
--gecos=GECOS User's Unix/RFC2307 GECOS field
--login-shell=LOGIN_SHELL
User's Unix/RFC2307 login shell
Prüft die lokale AD Datenbank nach Fehlern
samba-tool dbcheck
Checking 267 objects
Checked 267 objects (0 errors)