Lines 40-46
udm users/user create --position "cn=users,$ldap_base" --set username="newuser01
|
Link Here
|
---|
|
40 |
udm shares/share create --position "cn=shares,$ldap_base" --set name="testshare" \ |
40 |
udm shares/share create --position "cn=shares,$ldap_base" --set name="testshare" \ |
41 |
--set host="$(hostname -f)" --set path="/home/testshare" |
41 |
--set host="$(hostname -f)" --set path="/home/testshare" |
42 |
udm shares/printer create --position "cn=printers,$ldap_base" --set name="printer1" \ |
42 |
udm shares/printer create --position "cn=printers,$ldap_base" --set name="printer1" \ |
43 |
--set spoolHost=$(hostname -f) --set uri="cups-pdf:/" --set model="cups-pdf/CUPS-PDF.ppd" |
43 |
--set spoolHost="$(hostname -f)" --set uri="cups-pdf:/" --set model="cups-pdf/CUPS-PDF.ppd" |
44 |
sleep 15 |
44 |
sleep 15 |
45 |
|
45 |
|
46 |
# Login als Domänen-Administrator am Windows-Client |
46 |
# Login als Domänen-Administrator am Windows-Client |
Lines 54-89
python shared-utils/ucs-winrm.py domain-user-validate-password --domainuser "new
|
Link Here
|
---|
|
54 |
# * Dateirechte aus Homeshare prüfen: |
54 |
# * Dateirechte aus Homeshare prüfen: |
55 |
# ** Windows: Rechte Maustaste, Eigenschaften.. |
55 |
# ** Windows: Rechte Maustaste, Eigenschaften.. |
56 |
# ** Server: getfacl |
56 |
# ** Server: getfacl |
57 |
python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-admin.txt \ |
57 |
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-admin.txt \ |
58 |
--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator |
58 |
--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator |
59 |
stat /home/Administrator/test-admin.txt |
59 |
stat /home/Administrator/test-admin.txt |
60 |
getfacl /home/Administrator/test-admin.txt | grep "Domain.*Admin" |
60 |
getfacl /home/Administrator/test-admin.txt | grep "Domain.*Admin" |
61 |
python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-newuser01.txt \ |
61 |
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \ |
62 |
--username 'newuser01' --userpwd "Univention.99" --share newuser01 |
62 |
--username 'newuser01' --userpwd "Univention.99" --share newuser01 |
63 |
stat /home/newuser01/test-newuser01.txt |
63 |
stat /home/newuser01/test-newuser01.txt |
64 |
getfacl /home/newuser01/test-newuser01.txt | grep "Domain.*Users" |
64 |
getfacl /home/newuser01/test-newuser01.txt | grep "Domain.*Users" |
65 |
python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-admin.txt \ |
65 |
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-admin.txt \ |
66 |
--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share testshare |
66 |
--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share testshare |
67 |
stat /home/testshare/test-admin.txt |
67 |
stat /home/testshare/test-admin.txt |
68 |
|
68 |
|
69 |
# this should fail |
69 |
# this should fail |
70 |
python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-newuser01.txt \ |
70 |
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \ |
71 |
--username 'newuser01' --userpwd "Univention.99" --share testshare --debug 2>&1 | grep 'denied.' |
71 |
--username 'newuser01' --userpwd "Univention.99" --share testshare --debug 2>&1 | grep 'denied.' |
72 |
python shared-utils/ucs-winrm.py create-share-file --server $UCS --filename test-newuser01.txt \ |
72 |
python shared-utils/ucs-winrm.py create-share-file --server "$UCS" --filename test-newuser01.txt \ |
73 |
--username 'newuser01' --userpwd "Univention.99" --share Administrator --debug 2>&1 | grep 'denied.' |
73 |
--username 'newuser01' --userpwd "Univention.99" --share Administrator --debug 2>&1 | grep 'denied.' |
74 |
|
74 |
|
75 |
# check windows acl's |
75 |
# check windows acl's |
76 |
python shared-utils/ucs-winrm.py get-acl-for-share-file --server $UCS --filename test-newuser01.txt \ |
76 |
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename test-newuser01.txt \ |
77 |
--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug | grep "Group.*Domain Users" |
77 |
--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug | grep "Group.*Domain Users" |
78 |
python shared-utils/ucs-winrm.py get-acl-for-share-file --server $UCS --filename test-admin.txt \ |
78 |
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename test-admin.txt \ |
79 |
--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug | grep "Group.*Domain Admins" |
79 |
--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug | grep "Group.*Domain Admins" |
80 |
su newuser01 -c "touch /home/newuser01/newfile.txt" |
80 |
su newuser01 -c "touch /home/newuser01/newfile.txt" |
81 |
python shared-utils/ucs-winrm.py get-acl-for-share-file --server $UCS --filename newfile.txt \ |
81 |
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename newfile.txt \ |
82 |
--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug | grep "Group.*Domain Users" |
82 |
--username 'newuser01' --userpwd "Univention.99" --share newuser01 --debug | grep "Group.*Domain Users" |
83 |
|
83 |
|
84 |
# create files on samba and check share |
84 |
# create files on samba and check share |
85 |
su Administrator -c "touch /home/Administrator/newfile.txt" |
85 |
su Administrator -c "touch /home/Administrator/newfile.txt" |
86 |
python shared-utils/ucs-winrm.py get-acl-for-share-file --server $UCS --filename newfile.txt \ |
86 |
python shared-utils/ucs-winrm.py get-acl-for-share-file --server "$UCS" --filename newfile.txt \ |
87 |
--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug | grep "Group.*Domain Admins" |
87 |
--username 'Administrator' --userpwd "$ADMIN_PASSWORD" --share Administrator --debug | grep "Group.*Domain Admins" |
88 |
|
88 |
|
89 |
# * GPO's |
89 |
# * GPO's |
Lines 128-139
for user in $users; do
|
Link Here
|
---|
|
128 |
--set password=$password --set lastname=$user --set username=$user |
128 |
--set password=$password --set lastname=$user --set username=$user |
129 |
udm users/user modify \ |
129 |
udm users/user modify \ |
130 |
--dn "$(univention-ldapsearch -LLL uid=$user dn | sed -n 's/^dn: //p')" \ |
130 |
--dn "$(univention-ldapsearch -LLL uid=$user dn | sed -n 's/^dn: //p')" \ |
131 |
--set password=$password --set overridePWHistory=1 |
131 |
--set password="$password" --set overridePWHistory=1 |
132 |
done |
132 |
done |
133 |
sleep 10 |
133 |
sleep 10 |
134 |
for client in $clients; do |
134 |
for client in $clients; do |
135 |
for user in $users; do |
135 |
for user in $users; do |
136 |
smbclient //$client/IPC\$ -U "$user"%"$password" -c exit |
136 |
smbclient //"$client"/IPC\$ -U "$user"%"$password" -c exit |
137 |
done |
137 |
done |
138 |
done |
138 |
done |
139 |
# password change via windows |
139 |
# password change via windows |
|
145 |
# check password |
145 |
# check password |
146 |
for user in $users; do |
146 |
for user in $users; do |
147 |
for client in $clients; do |
147 |
for client in $clients; do |
148 |
smbclient //$client/IPC\$ -U "$user"%"$password" -c exit |
148 |
smbclient //"$client"/IPC\$ -U "$user"%"$password" -c exit |
149 |
done |
149 |
done |
150 |
echo $password > /tmp/.usertest |
150 |
echo "$password" > /tmp/.usertest |
151 |
kinit --password-file=/tmp/.usertest $user |
151 |
kinit --password-file=/tmp/.usertest "$user" |
152 |
done |
152 |
done |
153 |
# check sid uid wbinfo |
153 |
# check sid uid wbinfo |
154 |
for user in $USERS; do |
154 |
for user in $USERS; do |
155 |
uidNumber="$(univention-ldapsearch -LLL uid=$user uidNumber | sed -n 's/^uidNumber: //p')" |
155 |
uidNumber="$(univention-ldapsearch -LLL uid=$user uidNumber | sed -n 's/^uidNumber: //p')" |
156 |
sid="$(univention-ldapsearch -LLL uid=$user sambaSID | sed -n 's/^sambaSID: //p')" |
156 |
sid="$(univention-ldapsearch -LLL uid=$user sambaSID | sed -n 's/^sambaSID: //p')" |
157 |
test $uidNumber = $(wbinfo -S $sid) |
157 |
test "$uidNumber" = "$(wbinfo -S "$sid")" |
158 |
test $sid = $(wbinfo -U $uidNumber) |
158 |
test "$sid" = "$(wbinfo -U "$uidNumber")" |
159 |
wbinfo -i $windows_domain+$user |
159 |
wbinfo -i "$windows_domain+$user" |
160 |
done |
160 |
done |
161 |
|
161 |
|
162 |
|
162 |
|