Updates for Samba 4.6+

Fmstrat · May 12, 2023 · ed0529e · ed0529e
1 parent 5a504e3
commit ed0529e
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 16 deletions.
diff --git a/domain.sh b/domain.sh
@@ -48,11 +48,11 @@ case "${1}" in
 		echo ""
 		echo "Info"
 		echo "----"
-		wbinfo --group-info ${2}
+		wbinfo --group-info "${2}"
 		echo ""
 		echo "Members"
 		echo "-------"
-		samba-tool group listmembers ${2}
+		samba-tool group listmembers "${2}"
 		echo ""
 		;;
 	users)
@@ -63,36 +63,36 @@ case "${1}" in
 		echo ""
 		echo "User:"
 		echo "-----"
-		wbinfo -i ${2}
+		wbinfo -i "${2}"
 		echo ""
 		echo "Groups:"
 		echo "-----"
-		GL=$(wbinfo -r ${2} | sed 's/\r//g')
+		GL=$(wbinfo -r "${2}" | sed 's/\r//g')
 		for G in ${GL}; do
-			wbinfo --gid-info ${G}
+			wbinfo --gid-info "${G}"
 		done
 		echo ""
 		;;
 	create-group)
-		samba-tool group add ${2}
+		samba-tool group add "${2}"
 		;;
 	delete-group)
-		samba-tool group delete ${2}
+		samba-tool group delete "${2}"
 		;;
 	create-user)
 		echo -n "Firstname: "
 		read F
 		echo -n "Lastname: "
 		read L
 		E="${2}@${DOMAIN_EMAIL}"
-		samba-tool user create ${2} --surname ${L} --given-name ${F} --mail-address ${E}
-		samba-tool user setexpiry ${2} --noexpiry
+		samba-tool user create "${2}" --surname "${L}" --given-name "${F}" --mail-address "${E}"
+		samba-tool user setexpiry "${2}" --noexpiry
 		;;
 	delete-user)
-		samba-tool user delete ${2}
+		samba-tool user delete "${2}"
 		;;
 	change-password)
-		samba-tool user setpassword ${2}
+		samba-tool user setpassword "${2}"
 		;;
 	add-user-to-group)
 		samba-tool group addmembers "${3}" "${2}"

diff --git a/init.sh b/init.sh
@@ -62,10 +62,12 @@ appSetup () {
 			\\\tidmap_ldb:use rfc2307 = yes\\n\
 			wins support = yes\\n\
 			template shell = /bin/bash\\n\
-			winbind nss info = rfc2307\\n\
-			idmap config ${URDOMAIN}: range = 10000-20000\\n\
-			idmap config ${URDOMAIN}: backend = ad\
+			template homedir = /home/%U\\n\
+			idmap config ${URDOMAIN} : schema_mode = rfc2307\\n\
+			idmap config ${URDOMAIN} : unix_nss_info = yes\\n\
+			idmap config ${URDOMAIN} : backend = ad\
 			" /etc/samba/smb.conf
+		sed -i "s/LOCALDC/${URDOMAIN}DC/g" /etc/samba/smb.conf
 		if [[ $DNSFORWARDER != "NONE" ]]; then
 			sed -i "/\[global\]/a \
 				\\\tdns forwarder = ${DNSFORWARDER}\
@@ -114,11 +116,33 @@ appSetup () {
 	echo "restrict 2.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery" >> /etc/ntpd.conf
 	echo "tinker panic 0" >> /etc/ntpd.conf
 
-	appStart
+	appStart check
+}
+
+fixDomainUsersGroup () {
+	GIDNUMBER=$(ldbedit -H /var/lib/samba/private/sam.ldb -e cat "samaccountname=domain users" | { grep ^gidNumber: || true; })
+	if [ -z "${GIDNUMBER}" ]; then
+		echo "dn: CN=Domain Users,CN=Users,DC=corp,DC=example,DC=com
+changetype: modify
+add: gidNumber
+gidNumber: 3000000" | ldbmodify -H /var/lib/samba/private/sam.ldb
+		net cache flush
+	fi
 }
 
 appStart () {
-	/usr/bin/supervisord
+	/usr/bin/supervisord > /var/log/supervisor/supervisor.log 2>&1 &
+	if [ "${1}" = "check" ]; then
+		echo "Sleeping 10 before checking on Domain Users of gid 3000000"
+		sleep 10
+		fixDomainUsersGroup
+	fi
+	while [ ! -f /var/log/supervisor/supervisor.log ]; do
+		echo "Waiting for log files..."
+		sleep 1
+	done
+	sleep 3
+	tail -F /var/log/supervisor/*.log
 }
 
 case "$1" in