Attachment #9924 for bug #48992

View | Details | Raw Unified | Return to bug 48992
Collapse All | Expand All




fi

# sign the license
LICENSEKEY=`univentionLicenseCreateSignature -d cn="$CUSTOMER","$LDAPTMP" -k key.privat -p "$( cat passwort.txt )" 2>/dev/null | grep ^univentionLicenseSignatur;`

# add the key
(


if [ "$INTERNAL" == 1 ]; then
	mkdir -p "$INTERNALKEYS";
	echo "$LICENSEKEY" > "$INTERNALKEYS"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
elif [ "$EVALKEY" == 1 ]; then 
	mkdir -p "$EVALUATIONKEYS"/"$CUSTOMER";
	echo "$LICENSEKEY" > "$EVALUATIONKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
else
	mkdir -p "$CUSTOMERKEYS"/"$CUSTOMER";
	echo "$LICENSEKEY" > "$CUSTOMERKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
fi;

# store it to the chosen file;




fi

# sign the license
LICENSEKEY=`univentionLicenseCreateSignature -d cn="$CUSTOMER","$LDAPTMP" -k key.privat -p "$( cat passwort.txt )" 2>/dev/null | grep ^univentionLicenseSignatur;`

# add the key
(


if [ "$INTERNAL" == 1 ]; then
	mkdir -p "$INTERNALKEYS";
	echo "$LICENSEKEY" > "$INTERNALKEYS"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
elif [ "$EVALKEY" == 1 ]; then 
	mkdir -p "$EVALUATIONKEYS"/"$CUSTOMER";
	echo "$LICENSEKEY" > "$EVALUATIONKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
else
	mkdir -p "$CUSTOMERKEYS"/"$CUSTOMER";
	echo "$LICENSEKEY" > "$CUSTOMERKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
fi;

# store it to the chosen file;

Lines 38-44 eval "$(univention-config-registry shell)" Link Here

(-)a/base/univention-quota/debian/univention-quota.postinst (-1 / +1 lines)
38		38
39	univention-config-registry set samba/quota/command?'/usr/sbin/univention-setquota'	39	univention-config-registry set samba/quota/command?'/usr/sbin/univention-setquota'
40		40
41	if [ ! `echo $kernel_modules \| grep quota_v2` ]; then	41	if [ ! "$(echo "$kernel_modules" \| grep quota_v2)" ]; then
42	univention-config-registry set kernel/modules="$kernel_modules;quota_v2"	42	univention-config-registry set kernel/modules="$kernel_modules;quota_v2"
43	fi	43	fi
44		44




JS_SCRIPT_FULLNAME="$(readlink -f "$JS_RUNNING_FILENAME")"
APP="$(echo "$JS_SCRIPT_FULLNAME" | sed 's/.*\/[0-9]\+\(\(.*\)-uninstall\.uinst\|\(.*\)\.u\?inst\)/\2\3/')"
SERVICE="$(univention-app get "$APP" Application:Name --values-only)"
ucr_container_key="$(univention-app get "$APP" ucr_container_key --values-only)"
APP_VERSION="$(univention-app get "$APP" version --values-only)"
CONTAINER=$(ucr get "$ucr_container_key")

joinscript_add_simple_app_system_user () {

	pwdfile="/etc/$APP.secret"
	joinscript_run_in_container touch "$pwdfile"
	joinscript_run_in_container chmod 600 "$pwdfile"
	echo "$password" > "$(joinscript_container_file "$pwdfile")"

	eval "$(ucr shell ldap/base)"



joinscript_container_file_touch () {
	local filename
	filename="$(joinscript_container_file "$1")"
	mkdir -p "$(dirname "$filename")"
	touch "$filename"
	echo "$filename"
}

joinscript_container_file () {
	joinscript_container_is_running 1>/dev/null || die
	docker_dir="$(docker inspect --format='{{.GraphDriver.Data.MergedDir}}' "$CONTAINER")"
	echo "${docker_dir}/${1}"
}





LOG_FILE=/var/log/univention/check_join_status.log

log_error () { # Log error message and exit
	local message="Error: $*"
	echo "$message"
	echo "$message" >>"$LOG_FILE"
	exit 1
}
log_warn () { # Log warning message
	local message="Warning: $*"
	echo "$message"
	echo "$message" >>"$LOG_FILE"
}

echo "Start $0 at $(date)" >>"$LOG_FILE"

Lines 179-185 fi Link Here

(-)a/management/univention-portal/33univention-portal.inst (-1 / +1 lines)
179	if [ $JS_LAST_EXECUTED_VERSION = 0 ]; then	179	if [ $JS_LAST_EXECUTED_VERSION = 0 ]; then
180	ucr search --brief "ucs/web/overview/entries/(admin\|service)/.*/link" \| awk '{print $1}' \| while read k; do	180	ucr search --brief "ucs/web/overview/entries/(admin\|service)/.*/link" \| awk '{print $1}' \| while read k; do
181	key="${k%:}"	181	key="${k%:}"
182	value="$(ucr get $key)"	182	value="$(ucr get "$key")"
183	if [ -n "$value" ]; then	183	if [ -n "$value" ]; then
184	ucr set "$key"="$value"	184	ucr set "$key"="$value"
185	fi	185	fi

Lines 65-71 if [ ! "$pykotadb" ] ;then Link Here

(-)a/services/univention-printquota/debian/univention-printquotadb.postinst (-1 / +1 lines)
65	su - postgres -c "PGOPTIONS='-c client_min_messages=ERROR ' psql -d template1 -f /usr/share/univention-printquotadb/pykota-postgresql.sql" > /dev/null	65	su - postgres -c "PGOPTIONS='-c client_min_messages=ERROR ' psql -d template1 -f /usr/share/univention-printquotadb/pykota-postgresql.sql" > /dev/null
66	fi	66	fi
67		67
68	secret=`cat $cups_quota_secret`	68	secret=`cat "$cups_quota_secret"`
69	su - postgres -c "echo \"ALTER USER pykotaadmin PASSWORD '$secret';\" \|psql -d pykota"	69	su - postgres -c "echo \"ALTER USER pykotaadmin PASSWORD '$secret';\" \|psql -d pykota"
70	#su - postgres -c "echo \"ALTER USER pykotaadmin PASSWORD '';\" \|psql -d pykota"	70	#su - postgres -c "echo \"ALTER USER pykotaadmin PASSWORD '';\" \|psql -d pykota"
71		71

Lines 154-160 if [ -x /etc/init.d/univention-s4-connector ] && [ -f /usr/share/univention-join Link Here

(-)a/services/univention-s4-connector/debian/univention-s4-connector.postinst (-1 / +1 lines)
154	# Bug 43397	154	# Bug 43397
155	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 11.0.6-4 ; then	155	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 11.0.6-4 ; then
156	# cleanup wrong formatted `connector/s4/mapping/dns/ignorelist`	156	# cleanup wrong formatted `connector/s4/mapping/dns/ignorelist`
157	ucr set connector/s4/mapping/dns/ignorelist=$(echo "$connector_s4_mapping_dns_ignorelist" \| sed -e 's/^DC=//i' -e 's/,DC=/,/gi')	157	ucr set connector/s4/mapping/dns/ignorelist="$(echo "$connector_s4_mapping_dns_ignorelist" \| sed -e 's/^DC=//i' -e 's/,DC=/,/gi')"
158	fi	158	fi
159		159
160	# Bug 44333	160	# Bug 44333





if [ -n "$dcaccount" -a -n "$bindpwdfile" ]; then
	samba_account="$dcaccount"
	samba_pwd="$(< "$bindpwdfile")"
else
	if is_ucr_true ad/member; then
		echo "INFO: Cannot run joinscript in memberserver mode without join credentials. Please run:"

# configure profile/home settings
if [ "$samba_role" = "domaincontroller" ]; then
	if [ -n "$samba_netbios_name" ]; then
		tmphostname="$samba_netbios_name"
	elif [ -n "$samba_ha_master" ]; then
		tmphostname="$samba_ha_master"
	else
		tmphostname="$hostname"
	fi
	univention-config-registry set \
		samba/profileserver?"$tmphostname" \
		samba/profilepath?'%U\windows-profiles\%a' \
		samba/homedirserver?"$tmphostname" \
		samba/homedirpath?%U \
		samba/homedirletter?I
fi

Lines 500-506 remove_dc_ntds_guid_records_from_dns() { Link Here

(-)a/services/univention-samba4/96univention-samba4.inst (-1 / +1 lines)
500		500
501	univention-directory-manager dns/alias list "$@" \	501	univention-directory-manager dns/alias list "$@" \
502	--superordinate "$zoneDN" \	502	--superordinate "$zoneDN" \
503	--filter "(&(cname="$hostname.$domainname.")(name=*._msdcs))" \	503	--filter "(&(cname=$hostname.$domainname.)(name=*._msdcs))" \
504	\| sed -n 's/^DN: //p' \| while read recordDN; do	504	\| sed -n 's/^DN: //p' \| while read recordDN; do
505		505
506	univention-directory-manager dns/alias delete "$@" \	506	univention-directory-manager dns/alias delete "$@" \

Lines 72-78 if [ "$server_role" == "domaincontroller_master" ]; then Link Here

(-)a/services/univention-samba4/98univention-samba4-saml-kerberos.inst (-1 / +1 lines)
72	done	72	done
73		73
74	if [ -n "$spn_account_dn" ] && [ -n "$previous_spn_secrets_password" ]; then	74	if [ -n "$spn_account_dn" ] && [ -n "$previous_spn_secrets_password" ]; then
75	test_output=$(ldbsearch -k no -H ldap://$(hostname -f) -U"$spn_account_name" \	75	test_output=$(ldbsearch -k no -H ldap://"$(hostname -f)" -U"$spn_account_name" \
76	--password="$previous_spn_secrets_password" -b "$spn_account_dn" -s base dn 2>/dev/null \	76	--password="$previous_spn_secrets_password" -b "$spn_account_dn" -s base dn 2>/dev/null \
77	\| sed -n 's/^dn: //p')	77	\| sed -n 's/^dn: //p')
78	if [ -n "$test_output" ]; then	78	if [ -n "$test_output" ]; then

Lines 312-318 if [ "$1" = "configure" ]; then Link Here

(-)a/services/univention-samba4/debian/univention-samba4.postinst (-1 / +1 lines)
312	## https://forge.univention.org/bugzilla/show_bug.cgi?id=26641	312	## https://forge.univention.org/bugzilla/show_bug.cgi?id=26641
313		313
314	# get the secret from ldb	314	# get the secret from ldb
315	secret="$(ldbsearch -H /var/lib/samba/private/secrets.ldb flatname=$windows_domain secret \| sed -ne 's\|secret: \|\|p')"	315	secret="$(ldbsearch -H /var/lib/samba/private/secrets.ldb flatname="$windows_domain" secret \| sed -ne 's\|secret: \|\|p')"
316	# get the host dn	316	# get the host dn
317	dn="$(ldbsearch -H /var/lib/samba/private/sam.ldb "(&(cn=$hostname)(objectClass=computer))" dn \| ldapsearch-wrapper \| sed -ne 's\|^dn: \|\|p')"	317	dn="$(ldbsearch -H /var/lib/samba/private/sam.ldb "(&(cn=$hostname)(objectClass=computer))" dn \| ldapsearch-wrapper \| sed -ne 's\|^dn: \|\|p')"
318	if [ -n "$dn" -a -n "$secret" ]; then	318	if [ -n "$dn" -a -n "$secret" ]; then

Lines 34-40 Link Here

(-)a/services/univention-samba4/sysvol-sync-scripts/sysvol-sync.sh (-3 / +3 lines)
34		34
35	log() {	35	log() {
36	local msg="${2//$'\r'/}"	36	local msg="${2//$'\r'/}"
37	builtin echo $(date +"%F %T") "$1" "${msg//$'\n'/}" 1>&2	37	builtin echo "$(date +"%F %T")" "$1" "${msg//$'\n'/}" 1>&2
38	}	38	}
39		39
40	stderr_log_error() {	40	stderr_log_error() {
Lines 282-289 fix_gpt_ini () { Link Here
282	# multiple gpt.ini's found, delete first element of list (newest gpt.ini) and remove the rest	282	# multiple gpt.ini's found, delete first element of list (newest gpt.ini) and remove the rest
283	gpts=("${gpts[@]:1}")	283	gpts=("${gpts[@]:1}")
284	for gpt in "${gpts[@]}"; do	284	for gpt in "${gpts[@]}"; do
285	local file=${gpt#* }	285	local file="${gpt#* }"
286	test -f $file && rm $file	286	test -f "$file" && rm "$file"
287	done	287	done
288	fi	288	fi
289	done < <(find "$poldir" -maxdepth 1 -type d -name '{*}')	289	done < <(find "$poldir" -maxdepth 1 -type d -name '{*}')




udm shares/share create --position "cn=shares,$ldap_base" --set name="testshare" \
	--set host="$(hostname -f)" --set path="/home/testshare"
udm shares/printer create --position "cn=printers,$ldap_base" --set name="printer1" \
	--set spoolHost="$(hostname -f)" --set uri="cups-pdf:/" --set model="cups-pdf/CUPS-PDF.ppd"
sleep 15

# Login als Domänen-Administrator am Windows-Client

# * Dateirechte aus Homeshare prüfen:
#  ** Windows: Rechte Maustaste, Eigenschaften..
#  ** Server: getfacl
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-admin.txt \
	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator
stat /home/Administrator/test-admin.txt
getfacl /home/Administrator/test-admin.txt | grep "Domain.*Admin"
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \
	--username 'newuser01' --userpwd "Univention.99" --share newuser01
stat /home/newuser01/test-newuser01.txt
getfacl /home/newuser01/test-newuser01.txt | grep "Domain.*Users"
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-admin.txt \
	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share testshare
stat /home/testshare/test-admin.txt

# this should fail
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \
	--username 'newuser01' --userpwd "Univention.99" --share testshare --debug 2>&1 | grep 'denied.'
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \
	--username 'newuser01' --userpwd "Univention.99" --share Administrator --debug 2>&1 | grep 'denied.'

# check windows acl's
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename test-newuser01.txt \
	--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug | grep "Group.*Domain Users"
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename test-admin.txt \
	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug | grep "Group.*Domain Admins"
su newuser01 -c "touch /home/newuser01/newfile.txt"
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename newfile.txt \
	--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug | grep "Group.*Domain Users"

# create files on samba and check share
su Administrator -c "touch /home/Administrator/newfile.txt"
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename newfile.txt \
	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug | grep "Group.*Domain Admins"

# * GPO's

    	--set password=$password --set lastname=$user --set username=$user
	udm users/user modify \
		--dn "$(univention-ldapsearch -LLL uid=$user dn |  sed -n 's/^dn: //p')" \
		--set password="$password" --set overridePWHistory=1
done
sleep 10
for client in $clients; do
	for user in $users; do
		smbclient //"$client"/IPC\$ -U "$user"%"$password" -c exit
	done
done
# password change via windows

# check password
for user in $users; do
	for client in $clients; do
		smbclient //"$client"/IPC\$ -U "$user"%"$password" -c exit
	done
	echo "$password" > /tmp/.usertest
	kinit --password-file=/tmp/.usertest "$user"
done
# check sid uid wbinfo
for user in $USERS; do
	uidNumber="$(univention-ldapsearch -LLL uid=$user uidNumber |  sed -n 's/^uidNumber: //p')"
	sid="$(univention-ldapsearch -LLL uid=$user sambaSID |  sed -n 's/^sambaSID: //p')"
	test "$uidNumber" = "$(wbinfo -S "$sid")"
	test "$sid" = "$(wbinfo -U "$uidNumber")"
	wbinfo -i "$windows_domain+$user"
done



Return to bug 48992

Lines 336-342 if [ -n "$LDAPSERVER" ]; then Link Here

(-)a/base/univention-licence/internal-tools/make_license_v2.sh (-4 / +4 lines)
336	fi	336	fi
337		337
338	# sign the license	338	# sign the license
339	LICENSEKEY=`univentionLicenseCreateSignature -d cn="$CUSTOMER","$LDAPTMP" -k key.privat -p $( cat passwort.txt ) 2>/dev/null \| grep ^univentionLicenseSignatur;`	339	LICENSEKEY=`univentionLicenseCreateSignature -d cn="$CUSTOMER","$LDAPTMP" -k key.privat -p "$( cat passwort.txt )" 2>/dev/null \| grep ^univentionLicenseSignatur;`
340		340
341	# add the key	341	# add the key
342	(	342	(
Lines 390-402 LICENSEKEY=$( Link Here
390		390
391	if [ "$INTERNAL" == 1 ]; then	391	if [ "$INTERNAL" == 1 ]; then
392	mkdir -p "$INTERNALKEYS";	392	mkdir -p "$INTERNALKEYS";
393	echo "$LICENSEKEY" > "$INTERNALKEYS"/"$CUSTOMER"-$( date +%y%m%d-%H%M%S ).ldif	393	echo "$LICENSEKEY" > "$INTERNALKEYS"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
394	elif [ "$EVALKEY" == 1 ]; then	394	elif [ "$EVALKEY" == 1 ]; then
395	mkdir -p "$EVALUATIONKEYS"/"$CUSTOMER";	395	mkdir -p "$EVALUATIONKEYS"/"$CUSTOMER";
396	echo "$LICENSEKEY" > "$EVALUATIONKEYS"/"$CUSTOMER"/"$CUSTOMER"-$( date +%y%m%d-%H%M%S ).ldif	396	echo "$LICENSEKEY" > "$EVALUATIONKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
397	else	397	else
398	mkdir -p "$CUSTOMERKEYS"/"$CUSTOMER";	398	mkdir -p "$CUSTOMERKEYS"/"$CUSTOMER";
399	echo "$LICENSEKEY" > "$CUSTOMERKEYS"/"$CUSTOMER"/"$CUSTOMER"-$( date +%y%m%d-%H%M%S ).ldif	399	echo "$LICENSEKEY" > "$CUSTOMERKEYS"/"$CUSTOMER"/"$CUSTOMER"-"$( date +%y%m%d-%H%M%S )".ldif
400	fi;	400	fi;
401		401
402	# store it to the chosen file;	402	# store it to the chosen file;

Lines 33-40 Link Here

(-)a/management/univention-appcenter/scripts/joinscripthelper.sh (-6 / +6 lines)
33	JS_SCRIPT_FULLNAME="$(readlink -f "$JS_RUNNING_FILENAME")"	33	JS_SCRIPT_FULLNAME="$(readlink -f "$JS_RUNNING_FILENAME")"
34	APP="$(echo "$JS_SCRIPT_FULLNAME" \| sed 's/.\/[0-9]\+\(\(.\)-uninstall\.uinst\\|\(.*\)\.u\?inst\)/\2\3/')"	34	APP="$(echo "$JS_SCRIPT_FULLNAME" \| sed 's/.\/[0-9]\+\(\(.\)-uninstall\.uinst\\|\(.*\)\.u\?inst\)/\2\3/')"
35	SERVICE="$(univention-app get "$APP" Application:Name --values-only)"	35	SERVICE="$(univention-app get "$APP" Application:Name --values-only)"
36	ucr_container_key="$(univention-app get $APP ucr_container_key --values-only)"	36	ucr_container_key="$(univention-app get "$APP" ucr_container_key --values-only)"
37	APP_VERSION="$(univention-app get $APP version --values-only)"	37	APP_VERSION="$(univention-app get "$APP" version --values-only)"
38	CONTAINER=$(ucr get "$ucr_container_key")	38	CONTAINER=$(ucr get "$ucr_container_key")
39		39
40	joinscript_add_simple_app_system_user () {	40	joinscript_add_simple_app_system_user () {
Lines 45-51 joinscript_add_simple_app_system_user () { Link Here
45	pwdfile="/etc/$APP.secret"	45	pwdfile="/etc/$APP.secret"
46	joinscript_run_in_container touch "$pwdfile"	46	joinscript_run_in_container touch "$pwdfile"
47	joinscript_run_in_container chmod 600 "$pwdfile"	47	joinscript_run_in_container chmod 600 "$pwdfile"
48	echo "$password" > $(joinscript_container_file "$pwdfile")	48	echo "$password" > "$(joinscript_container_file "$pwdfile")"
49		49
50	eval "$(ucr shell ldap/base)"	50	eval "$(ucr shell ldap/base)"
51		51
Lines 75-89 joinscript_run_in_container () { Link Here
75		75
76	joinscript_container_file_touch () {	76	joinscript_container_file_touch () {
77	local filename	77	local filename
78	filename="$(joinscript_container_file $1)"	78	filename="$(joinscript_container_file "$1")"
79	mkdir -p "$(dirname $filename)"	79	mkdir -p "$(dirname "$filename")"
80	touch "$filename"	80	touch "$filename"
81	echo "$filename"	81	echo "$filename"
82	}	82	}
83		83
84	joinscript_container_file () {	84	joinscript_container_file () {
85	joinscript_container_is_running 1>/dev/null \|\| die	85	joinscript_container_is_running 1>/dev/null \|\| die
86	docker_dir="$(docker inspect --format={{.GraphDriver.Data.MergedDir}} $CONTAINER)"	86	docker_dir="$(docker inspect --format='{{.GraphDriver.Data.MergedDir}}' "$CONTAINER")"
87	echo "${docker_dir}/${1}"	87	echo "${docker_dir}/${1}"
88	}	88	}
89		89

Lines 33-47 Link Here

(-)a/management/univention-join/check_join_status.sh (-6 / +6 lines)
33	LOG_FILE=/var/log/univention/check_join_status.log	33	LOG_FILE=/var/log/univention/check_join_status.log
34		34
35	log_error () { # Log error message and exit	35	log_error () { # Log error message and exit
36	local message="Error: $@"	36	local message="Error: $*"
37	echo $message	37	echo "$message"
38	echo $message >>"$LOG_FILE"	38	echo "$message" >>"$LOG_FILE"
39	exit 1	39	exit 1
40	}	40	}
41	log_warn () { # Log warning message	41	log_warn () { # Log warning message
42	local message="Warning: $@"	42	local message="Warning: $*"
43	echo $message	43	echo "$message"
44	echo $message >>"$LOG_FILE"	44	echo "$message" >>"$LOG_FILE"
45	}	45	}
46		46
47	echo "Start $0 at $(date)" >>"$LOG_FILE"	47	echo "Start $0 at $(date)" >>"$LOG_FILE"

Lines 155-161 extract_bind_credentials "$@" Link Here

(-)a/services/univention-samba/26univention-samba.inst (-4 / +4 lines)
155		155
156	if [ -n "$dcaccount" -a -n "$bindpwdfile" ]; then	156	if [ -n "$dcaccount" -a -n "$bindpwdfile" ]; then
157	samba_account="$dcaccount"	157	samba_account="$dcaccount"
158	samba_pwd="$(< $bindpwdfile)"	158	samba_pwd="$(< "$bindpwdfile")"
159	else	159	else
160	if is_ucr_true ad/member; then	160	if is_ucr_true ad/member; then
161	echo "INFO: Cannot run joinscript in memberserver mode without join credentials. Please run:"	161	echo "INFO: Cannot run joinscript in memberserver mode without join credentials. Please run:"
Lines 174-189 configure_samba_role Link Here
174	# configure profile/home settings	174	# configure profile/home settings
175	if [ "$samba_role" = "domaincontroller" ]; then	175	if [ "$samba_role" = "domaincontroller" ]; then
176	if [ -n "$samba_netbios_name" ]; then	176	if [ -n "$samba_netbios_name" ]; then
177	tmphostname=$samba_netbios_name	177	tmphostname="$samba_netbios_name"
178	elif [ -n "$samba_ha_master" ]; then	178	elif [ -n "$samba_ha_master" ]; then
179	tmphostname="$samba_ha_master"	179	tmphostname="$samba_ha_master"
180	else	180	else
181	tmphostname="$hostname"	181	tmphostname="$hostname"
182	fi	182	fi
183	univention-config-registry set \	183	univention-config-registry set \
184	samba/profileserver?$tmphostname \	184	samba/profileserver?"$tmphostname" \
185	samba/profilepath?'%U\windows-profiles\%a' \	185	samba/profilepath?'%U\windows-profiles\%a' \
186	samba/homedirserver?$tmphostname \	186	samba/homedirserver?"$tmphostname" \
187	samba/homedirpath?%U \	187	samba/homedirpath?%U \
188	samba/homedirletter?I	188	samba/homedirletter?I
189	fi	189	fi

Lines 40-46 udm users/user create --position "cn=users,$ldap_base" --set username="newuser01 Link Here

(-)a/test/product-tests/samba/single-server.sh (-18 / +18 lines)
40	udm shares/share create --position "cn=shares,$ldap_base" --set name="testshare" \	40	udm shares/share create --position "cn=shares,$ldap_base" --set name="testshare" \
41	--set host="$(hostname -f)" --set path="/home/testshare"	41	--set host="$(hostname -f)" --set path="/home/testshare"
42	udm shares/printer create --position "cn=printers,$ldap_base" --set name="printer1" \	42	udm shares/printer create --position "cn=printers,$ldap_base" --set name="printer1" \
43	--set spoolHost=$(hostname -f) --set uri="cups-pdf:/" --set model="cups-pdf/CUPS-PDF.ppd"	43	--set spoolHost="$(hostname -f)" --set uri="cups-pdf:/" --set model="cups-pdf/CUPS-PDF.ppd"
44	sleep 15	44	sleep 15
45		45
46	# Login als Domänen-Administrator am Windows-Client	46	# Login als Domänen-Administrator am Windows-Client
Lines 54-89 python shared-utils/ucs-winrm.py domain-user-validate-password --domainuser "new Link Here
54	# * Dateirechte aus Homeshare prüfen:	54	# * Dateirechte aus Homeshare prüfen:
55	# ** Windows: Rechte Maustaste, Eigenschaften..	55	# ** Windows: Rechte Maustaste, Eigenschaften..
56	# ** Server: getfacl	56	# ** Server: getfacl
57	python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-admin.txt \	57	python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-admin.txt \
58	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator	58	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator
59	stat /home/Administrator/test-admin.txt	59	stat /home/Administrator/test-admin.txt
60	getfacl /home/Administrator/test-admin.txt \| grep "Domain.*Admin"	60	getfacl /home/Administrator/test-admin.txt \| grep "Domain.*Admin"
61	python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-newuser01.txt \	61	python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \
62	--username 'newuser01' --userpwd "Univention.99" --share newuser01	62	--username 'newuser01' --userpwd "Univention.99" --share newuser01
63	stat /home/newuser01/test-newuser01.txt	63	stat /home/newuser01/test-newuser01.txt
64	getfacl /home/newuser01/test-newuser01.txt \| grep "Domain.*Users"	64	getfacl /home/newuser01/test-newuser01.txt \| grep "Domain.*Users"
65	python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-admin.txt \	65	python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-admin.txt \
66	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share testshare	66	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share testshare
67	stat /home/testshare/test-admin.txt	67	stat /home/testshare/test-admin.txt
68		68
69	# this should fail	69	# this should fail
70	python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-newuser01.txt \	70	python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \
71	--username 'newuser01' --userpwd "Univention.99" --share testshare --debug 2>&1 \| grep 'denied.'	71	--username 'newuser01' --userpwd "Univention.99" --share testshare --debug 2>&1 \| grep 'denied.'
72	python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-newuser01.txt \	72	python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \
73	--username 'newuser01' --userpwd "Univention.99" --share Administrator --debug 2>&1 \| grep 'denied.'	73	--username 'newuser01' --userpwd "Univention.99" --share Administrator --debug 2>&1 \| grep 'denied.'
74		74
75	# check windows acl's	75	# check windows acl's
76	python shared-utils/ucs-winrm.py get-acl-for-share-file --server $UCS --filename test-newuser01.txt \	76	python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename test-newuser01.txt \
77	--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug \| grep "Group.*Domain Users"	77	--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug \| grep "Group.*Domain Users"
78	python shared-utils/ucs-winrm.py get-acl-for-share-file --server $UCS --filename test-admin.txt \	78	python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename test-admin.txt \
79	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug \| grep "Group.*Domain Admins"	79	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug \| grep "Group.*Domain Admins"
80	su newuser01 -c "touch /home/newuser01/newfile.txt"	80	su newuser01 -c "touch /home/newuser01/newfile.txt"
81	python shared-utils/ucs-winrm.py get-acl-for-share-file --server $UCS --filename newfile.txt \	81	python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename newfile.txt \
82	--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug \| grep "Group.*Domain Users"	82	--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug \| grep "Group.*Domain Users"
83		83
84	# create files on samba and check share	84	# create files on samba and check share
85	su Administrator -c "touch /home/Administrator/newfile.txt"	85	su Administrator -c "touch /home/Administrator/newfile.txt"
86	python shared-utils/ucs-winrm.py get-acl-for-share-file --server $UCS --filename newfile.txt \	86	python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename newfile.txt \
87	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug \| grep "Group.*Domain Admins"	87	--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug \| grep "Group.*Domain Admins"
88		88
89	# * GPO's	89	# * GPO's
Lines 128-139 for user in $users; do Link Here
128	--set password=$password --set lastname=$user --set username=$user	128	--set password=$password --set lastname=$user --set username=$user
129	udm users/user modify \	129	udm users/user modify \
130	--dn "$(univention-ldapsearch -LLL uid=$user dn \| sed -n 's/^dn: //p')" \	130	--dn "$(univention-ldapsearch -LLL uid=$user dn \| sed -n 's/^dn: //p')" \
131	--set password=$password --set overridePWHistory=1	131	--set password="$password" --set overridePWHistory=1
132	done	132	done
133	sleep 10	133	sleep 10
134	for client in $clients; do	134	for client in $clients; do
135	for user in $users; do	135	for user in $users; do
136	smbclient //$client/IPC\$ -U "$user"%"$password" -c exit	136	smbclient //"$client"/IPC\$ -U "$user"%"$password" -c exit
137	done	137	done
138	done	138	done
139	# password change via windows	139	# password change via windows
Lines 145-162 sleep 10 Link Here
145	# check password	145	# check password
146	for user in $users; do	146	for user in $users; do
147	for client in $clients; do	147	for client in $clients; do
148	smbclient //$client/IPC\$ -U "$user"%"$password" -c exit	148	smbclient //"$client"/IPC\$ -U "$user"%"$password" -c exit
149	done	149	done
150	echo $password > /tmp/.usertest	150	echo "$password" > /tmp/.usertest
151	kinit --password-file=/tmp/.usertest $user	151	kinit --password-file=/tmp/.usertest "$user"
152	done	152	done
153	# check sid uid wbinfo	153	# check sid uid wbinfo
154	for user in $USERS; do	154	for user in $USERS; do
155	uidNumber="$(univention-ldapsearch -LLL uid=$user uidNumber \| sed -n 's/^uidNumber: //p')"	155	uidNumber="$(univention-ldapsearch -LLL uid=$user uidNumber \| sed -n 's/^uidNumber: //p')"
156	sid="$(univention-ldapsearch -LLL uid=$user sambaSID \| sed -n 's/^sambaSID: //p')"	156	sid="$(univention-ldapsearch -LLL uid=$user sambaSID \| sed -n 's/^sambaSID: //p')"
157	test $uidNumber = $(wbinfo -S $sid)	157	test "$uidNumber" = "$(wbinfo -S "$sid")"
158	test $sid = $(wbinfo -U $uidNumber)	158	test "$sid" = "$(wbinfo -U "$uidNumber")"
159	wbinfo -i $windows_domain+$user	159	wbinfo -i "$windows_domain+$user"
160	done	160	done
161		161
162		162