Create Linux and Samba accounts
Top  Previous  Next


This script creates Linux and Samba user accounts on a Linux server configured with OpenLDAP. After the script has been executed, users can log on with the same user name and password, either from a Linux client with LDAP authorization, or from a Windows client belonging to the Samba domain.

Batch section

·Logon to LDAP server  
·Logon to SSH server  
·Create group that accounts will be members of  
·For each row in [Data] section  
·Create Linux and Samba account  
·Add account to group  
·Create home directory  
·Set access permissions on home directory  

Undo section

·Logon to LDAP server  
·Logon to SSH server  
·For each row in [Data] section  
·Delete Linux and Samba accounts  
·Delete home directory  
·Delete group  

Requirements

·OpenLDAP 2.0 or higher, configured to accept SSL connections on port 636.  
·A locally installed SSL certificate.  
·Full LDAP administrative privileges, superuser "rootdn" enabled in slapd.conf, user name and password in LDAdminAccount and LDAdminPW variables in [Settings].  
·OpenSSH SSH daemon, configured to accept SSH2 connections on port 22.  
·Full SSH administrative privileges, root user name and password in SSHAdminAccount and SSHAdminPW variables in [Settings].  
·Samba 3.0 (script can easily be modified for Samba 2.2.x by replacing properties, see tables with common Samba properties for Lin.DS.Op.SetProperty).  


Script
[Settings_Begin]
BatchSettings.Delimiter=TAB
BatchSettings.MarkerCol=5

// LDAP server, SSL must be enabled on port 636, a SSL certificate must be installed locally
SET LDServer=ldap4.my-domain.com
SET LDAdminAccount=%LDDomainPath%/cn=ldapman
SET LDAdminPW=password

// SSH server same as LDAP server
SET SSHserver=%LDServer%
SET SSHAdminAccount=root
SET SSHAdminPW=password

SET LDDomainPath=dc=com/dc=my-domain
SET LDOU=People
SET LDOUPath=%LDDomainPath%/ou=%LDOU%
SET LDGroup=MyGroup
SET LDGroupPath=%LDOUPath%/cn=%LDGroup%

SET FirstName=%col1%
SET LastName=%col2%
SET FullName=%col1% %col2%
SET AccountName=%col3%
SET Password=%col4%
SET LDAccountPath=%LDOUPath%/uid=%AccountName%

SET HomeRoot=/home
SET HomeDirectory=%HomeRoot%/%AccountName%

SET SambaServerName=\\SAMBAPDC
SET SambaHomeDir=%SambaServerName%\home\%AccountName%
SET SambaHomeDrive=H:
SET SambaScriptPath=MyScript.cmd
SET SambaProfilePath=%SambaServerName%\profiles\profile.pds

SET MailSuffix=mydomain.com
[Settings_End]

[Sub_InitGid_Begin]
// This $c subroutine makes sure that gidNumber is initialized even if script is interrupted in the middle and restarted   
//  gidNumber used by Lin.DS.Op & Chown   
If %gidNumber%= Then   
 SET gidNumber=LDValue (%LDGroupPath%, gidNumber)   
EndIf   
[Sub_InitGid_End]

[Sub_InitUid_Begin]
// This $c subroutine makes sure that uidNumber is initialized even if script is interrupted in the middle and restarted   
//  uidNumber used by Chown command   
SET uidNumber=LDValue (%LDAccountPath%, uidNumber)   
[Sub_InitUid_End]

[Batch_Begin]   
// Log on to LDAP and SSH   
Lin.DS.Logon %LDServer%, %LDAdminAccount%, %LDAdminPW%   
Lin.SSH.Logon %SSHserver%, %SSHAdminAccount%, %SSHAdminPW%   
// Create Group   
Lin.DS.Group.Create %LDGroupPath%   
Data.Loop   
 // Create account   
 Lin.DS.Op.Init Create, %LDAccountPath%   
 Lin.DS.Op.SetProperty objectClass, inetOrgPerson§posixAccount§sambaSamAccount§   
 // inetOrgPerson attrs   
 Lin.DS.Op.SetProperty givenName, %FirstName%   
 Lin.DS.Op.SetProperty sn, %LastName%   
 Lin.DS.Op.SetProperty mail, %AccountName%@%MailSuffix%   
 // posixAccount attrs   
 Lin.DS.Op.SetProperty uid, %AccountName%   
 Lin.DS.Op.SetProperty cn, %FullName%   
 Lin.DS.Op.SetProperty userPassword, %Password%   
 $c InitGid Lin.DS.Op.SetProperty gidNumber, %gidNumber%   
 Lin.DS.Op.SetProperty uidNumber, Auto   
 Lin.DS.Op.SetProperty homeDirectory, %HomeDirectory%   
 Lin.DS.Op.SetProperty loginShell, /bin/bash      
 Lin.DS.Op.SetProperty gecos, %FullName%   
 // sambaAccount attrs   
 Lin.DS.Op.SetProperty sambaSID, Auto   
 Lin.DS.Op.SetProperty sambaNTPassword, %Password%   
 // Ignore LMpassword - only NT clients or higher will log on   
 // Lin.DS.Op.SetProperty sambaLMPassword, %Password%   
 Lin.DS.Op.SetProperty sambaHomePath, %SambaHomeDir%   
 Lin.DS.Op.SetProperty sambaHomeDrive, %SambaHomeDrive%   
 Lin.DS.Op.SetProperty sambaLogonScript, %SambaScriptPath%   
 Lin.DS.Op.SetProperty sambaProfilePath, %SambaProfilePath%   
 Lin.DS.Op.SetProperty sambaPrimaryGroupSID, Domain Users   
 Lin.DS.Op.SetProperty sambaAcctFlags, [U]   
 Lin.DS.Op.Commit   
 // Create home directory and set permissions   
 Lin.SSH.Command 20, mkdir %HomeDirectory%   
 $c InitGid $c InitUid Lin.SSH.Command 20, chown -R %uidNumber%:%gidNumber% %HomeDirectory%   
 // (-R flag = recursively descends the specified directories)   
 Lin.SSH.Command 20, chmod 700 %HomeDirectory%   
Data.EndLoop   
[Batch_End]

[Undo_Batch_Begin]
// Log on to LDAP and SSH   
Lin.DS.Logon %LDServer%, %LDAdminAccount%, %LDAdminPW%   
Lin.SSH.Logon %SSHserver%, %SSHAdminAccount%, %SSHAdminPW%   
// Delete account and home directory   
Data.Loop   
 Lin.DS.Object.Delete %LDAccountPath%   
 Lin.SSH.Command 20, rmdir %HomeDirectory%   
Data.EndLoop   
// Delete Group   
Lin.DS.Object.Delete %LDGroupPath%   
[Undo_Batch_End]

[Data_Begin]
FirstName1   LastName1   AccountName1   Password1   
FirstName2   LastName2   AccountName2   Password2   
FirstName3   LastName3   AccountName3   Password3   
[Data_End]