# along with this program. If not, see <http://www.gnu.org/licenses/>.
name="ktpass.sh"
-TEMP=`getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
- -n "$name" -- "$@"`
+TEMP=$(getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
+ -n "$name" -- "$@")
eval set -- "$TEMP"
-usage () {
- echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
- echo -ne " [--host hostname] [--enc <encryption>]\n"
- echo -ne " [--ptype <type>] [--path-to-ldbsearch <path>]\n"
- echo -ne "\nEncoding should be one of:\n"
- echo -ne " * des-cbc-crc\n"
- echo -ne " * des-cbc-md5\n"
- echo -ne " * rc4-hmac (default)\n"
- echo -ne " * aes128-cts\n"
- echo -ne " * aes256-cts\n"
- exit 0
+usage()
+{
+ echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
+ echo -ne " [--host hostname] [--enc <encryption>]\n"
+ echo -ne " [--ptype <type>] [--path-to-ldbsearch <path>]\n"
+ echo -ne "\nEncoding should be one of:\n"
+ echo -ne " * des-cbc-crc\n"
+ echo -ne " * des-cbc-md5\n"
+ echo -ne " * rc4-hmac (default)\n"
+ echo -ne " * aes128-cts\n"
+ echo -ne " * aes256-cts\n"
+ exit 0
}
-while true ; do
- case "$1" in
- --out) outfile=$2 ; shift 2 ;;
- --princ) princ=$2 ; shift 2 ;;
- --pass) pass=$2 ; shift 2 ;;
- --host) host=$2 ; shift 2 ;;
- --ptype) shift 2 ;;
- --enc) enc=$2; shift 2;;
- --path-to-ldbsearch) path="$2/"; shift 2;;
- -h) usage;;
- --) shift ; break ;;
- *) echo "Internal error!" ; exit 1 ;;
- esac
+while true; do
+ case "$1" in
+ --out)
+ outfile=$2
+ shift 2
+ ;;
+ --princ)
+ princ=$2
+ shift 2
+ ;;
+ --pass)
+ pass=$2
+ shift 2
+ ;;
+ --host)
+ host=$2
+ shift 2
+ ;;
+ --ptype) shift 2 ;;
+ --enc)
+ enc=$2
+ shift 2
+ ;;
+ --path-to-ldbsearch)
+ path="$2/"
+ shift 2
+ ;;
+ -h) usage ;;
+ --)
+ shift
+ break
+ ;;
+ *)
+ echo "Internal error!"
+ exit 1
+ ;;
+ esac
done
#RC4-HMAC-NT|AES256-SHA1|AES128-SHA
if [ -z "$enc" ]; then
- enc="rc4-hmac"
+ enc="rc4-hmac"
fi
if [ -z "$path" ]; then
- path=`dirname $0`/../bin/
- if [ ! -f ${path}ldbsearch ]; then
- path=`dirname $0`/../../bin/
- fi
+ path=$(dirname $0)/../bin/
+ if [ ! -f ${path}ldbsearch ]; then
+ path=$(dirname $0)/../../bin/
+ fi
fi
if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then
- echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
- usage
+ echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
+ usage
fi
if [ -z $host ]; then
- host=`hostname`
+ host=$(hostname)
fi
-kvno=`${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ)(userprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null| grep -i msds-keyversionnumber`
+kvno=$(${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ)(userprincipalname=$princ))" msds-keyversionnumber -k 1 -N 2>/dev/null | grep -i msds-keyversionnumber)
if [ x"$kvno" = x"" ]; then
- echo -ne "Unable to find kvno for principal $princ\n"
- echo -ne " check that you are authentified with kerberos\n"
- exit 1
+ echo -ne "Unable to find kvno for principal $princ\n"
+ echo -ne " check that you are authentified with kerberos\n"
+ exit 1
else
- kvno=`echo $kvno | sed 's/^.*: //'`
+ kvno=$(echo $kvno | sed 's/^.*: //')
fi
if [ "$pass" = "*" ]; then
- echo -n "Enter password for $princ: "
- stty -echo
- read pass
- stty echo
- echo ""
+ echo -n "Enter password for $princ: "
+ stty -echo
+ read pass
+ stty echo
+ echo ""
fi
ktutil >/dev/null <<EOF
EOF
if [ $? -eq 0 ]; then
- echo "Keytab file $outfile created with success"
+ echo "Keytab file $outfile created with success"
else
- echo "Error while creating the keytab file $outfile"
+ echo "Error while creating the keytab file $outfile"
fi
# example script to setup DNS for a vampired domain
[ $# = 3 ] || {
- echo "Usage: setup_dns.sh HOSTNAME DOMAIN IP"
- exit 1
+ echo "Usage: setup_dns.sh HOSTNAME DOMAIN IP"
+ exit 1
}
HOSTNAME="$(echo $1 | tr '[a-z]' '[A-Z]')"
RSUFFIX=$(echo $DOMAIN | sed s/[\.]/,DC=/g)
[ -z "$PRIVATEDIR" ] && {
- PRIVATEDIR=$(bin/samba-tool testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2> /dev/null)
+ PRIVATEDIR=$(bin/samba-tool testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2>/dev/null)
}
-OBJECTGUID=$(bin/ldbsearch --scope=base -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2)
+OBJECTGUID=$(bin/ldbsearch --scope=base -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid | grep ^objectGUID | cut -d: -f2)
samba4kinit=kinit
if test -x $BINDIR/samba4kinit; then
$samba4kinit -e arcfour-hmac-md5 -k -t "$PRIVATEDIR/secrets.keytab" $HOSTNAME\$@$DOMAIN || exit 1
echo "Adding $HOSTNAME.$DOMAIN"
scripting/bin/nsupdate-gss --noverify $HOSTNAME $DOMAIN $IP 300 || {
- echo "Failed to add A record"
- exit 1
+ echo "Failed to add A record"
+ exit 1
}
echo "Adding $OBJECTGUID._msdcs.$DOMAIN => $HOSTNAME.$DOMAIN"
scripting/bin/nsupdate-gss --realm=$DOMAIN --noverify --ntype="CNAME" $OBJECTGUID _msdcs.$DOMAIN $HOSTNAME.$DOMAIN 300 || {
- echo "Failed to add CNAME"
- exit 1
+ echo "Failed to add CNAME"
+ exit 1
}
echo "Checking"
rndc flush
set -x
-. `dirname $0`/vars
+. $(dirname $0)/vars
-`dirname $0`/vampire_ad.sh || exit 1
+$(dirname $0)/vampire_ad.sh || exit 1
-ntds_guid=$(sudo bin/ldbsearch -H $PREFIX/private/sam.ldb -b "CN=NTDS Settings,CN=$machine,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,$dn" objectGUID|grep ^objectGUID| awk '{print $2}')
+ntds_guid=$(sudo bin/ldbsearch -H $PREFIX/private/sam.ldb -b "CN=NTDS Settings,CN=$machine,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,$dn" objectGUID | grep ^objectGUID | awk '{print $2}')
cp $PREFIX/private/$DNSDOMAIN.zone{.template,}
sed -i "s/NTDSGUID/$ntds_guid/g" $PREFIX/private/$DNSDOMAIN.zone
cp $PREFIX/private/named.conf{.local,}
sudo rndc reconfig
-fsmotmp=`mktemp fsmo.ldif.XXXXXXXXX`
-cp `dirname $0`/fsmo.ldif.template $fsmotmp
+fsmotmp=$(mktemp fsmo.ldif.XXXXXXXXX)
+cp $(dirname $0)/fsmo.ldif.template $fsmotmp
sed -i "s/NTDSGUID/$ntds_guid/g" $fsmotmp
sed -i "s/MACHINE/$machine/g" $fsmotmp
sed -i "s/DNSDOMAIN/$DNSDOMAIN/g" $fsmotmp
set -x
-. `dirname $0`/vars
+. $(dirname $0)/vars
if [ -z "$site" ]; then
- site="Default-First-Site-Name"
+ site="Default-First-Site-Name"
fi
bin/ldbdel -r -H ldap://$server.$DNSDOMAIN -U$workgroup/administrator%$pass "CN=$machine,CN=Computers,$dn"
set -x
-. `dirname $0`/vars
+. $(dirname $0)/vars
-namedtmp=`mktemp named.conf.ad.XXXXXXXXX`
-cp `dirname $0`/named.conf.ad.template $namedtmp
+namedtmp=$(mktemp named.conf.ad.XXXXXXXXX)
+cp $(dirname $0)/named.conf.ad.template $namedtmp
sed -i "s/DNSDOMAIN/$DNSDOMAIN/g" $namedtmp
sed -i "s/SERVERIP/$server_ip/g" $namedtmp
chmod a+r $namedtmp
mv -f $namedtmp $PREFIX/private/named.conf
sudo rndc reconfig
-`dirname $0`/unvampire_ad.sh
+$(dirname $0)/unvampire_ad.sh
-cat <<EOF > nsupdate.txt
+cat <<EOF >nsupdate.txt
update delete $DNSDOMAIN A $machine_ip
show
send
TARGET=$1
shift
for f in $*; do
-if nm $f 2>&1 | grep $TARGET > /dev/null; then
- echo [$f]
- nm $f | grep $TARGET
- echo
-fi
+ if nm $f 2>&1 | grep $TARGET >/dev/null; then
+ echo [$f]
+ nm $f | grep $TARGET
+ echo
+ fi
done
# rebuild a zone file, adding all DCs
[ $# -eq 2 ] || {
- echo "rebuild_zone.sh <sam.ldb> <zonefile>"
- exit 1
+ echo "rebuild_zone.sh <sam.ldb> <zonefile>"
+ exit 1
}
LDB="$1"
dnshostname=$(bin/ldbsearch -H $LDB --scope=base -b '' dnsHostname | grep ^dns | cut -d' ' -f2)
host=$(echo $dnshostname | cut -d. -f1)
realm=$(echo $dnshostname | cut -d. -f2-)
-GUIDs=$(bin/ldbsearch -H $LDB objectclass=ntdsdsa objectguid --cross-ncs|grep ^objectGUID| cut -d' ' -f2)
-DOMAINGUID=$(bin/ldbsearch -H $LDB --scope=base objectguid |grep ^objectGUID| cut -d' ' -f2)
+GUIDs=$(bin/ldbsearch -H $LDB objectclass=ntdsdsa objectguid --cross-ncs | grep ^objectGUID | cut -d' ' -f2)
+DOMAINGUID=$(bin/ldbsearch -H $LDB --scope=base objectguid | grep ^objectGUID | cut -d' ' -f2)
-dcname() {
- GUID=$1
- echo $(bin/ldbsearch -H $LDB objectguid=$GUID dn --cross-ncs|grep CN=NTDS.Settings| cut -d, -f2| cut -d= -f2)
+dcname()
+{
+ GUID=$1
+ echo $(bin/ldbsearch -H $LDB objectguid=$GUID dn --cross-ncs | grep CN=NTDS.Settings | cut -d, -f2 | cut -d= -f2)
}
-getip() {
- NAME=$1
- ret=$(nmblookup $NAME| egrep '^[0-9]' | head -1 | cut -d' ' -f1)
- test -n "$ret" || {
- echo "Unable to find IP for $NAME. Using XX.XX.XX.XX. Please edit" 1>&2
- echo "XX.XX.XX.XX"
- }
- echo $ret
+getip()
+{
+ NAME=$1
+ ret=$(nmblookup $NAME | egrep '^[0-9]' | head -1 | cut -d' ' -f1)
+ test -n "$ret" || {
+ echo "Unable to find IP for $NAME. Using XX.XX.XX.XX. Please edit" 1>&2
+ echo "XX.XX.XX.XX"
+ }
+ echo $ret
}
echo "Generating header for host $host in realm $realm"
-cat <<EOF > $ZFILE
+cat <<EOF >$ZFILE
; -*- zone -*-
; generated by rebuild_zone.sh
\$ORIGIN $realm.
EOF
for GUID in $GUIDs; do
- dc=$(dcname $GUID)
- echo "Generating IP for DC $dc"
- ip=$(getip $dc)
- test -n "$ip" || exit 1
- echo " IN A $ip" >> $ZFILE
+ dc=$(dcname $GUID)
+ echo "Generating IP for DC $dc"
+ ip=$(getip $dc)
+ test -n "$ip" || exit 1
+ echo " IN A $ip" >>$ZFILE
done
-echo "; IP Addresses" >> $ZFILE
+echo "; IP Addresses" >>$ZFILE
for GUID in $GUIDs; do
- dc=$(dcname $GUID)
- ip=$(getip $dc)
- test -n "$ip" || exit 1
- echo "$dc IN A $ip" >> $ZFILE
+ dc=$(dcname $GUID)
+ ip=$(getip $dc)
+ test -n "$ip" || exit 1
+ echo "$dc IN A $ip" >>$ZFILE
done
for GUID in $GUIDs; do
- dc=$(dcname $GUID)
- ip=$(getip $dc)
- test -n "$ip" || exit 1
- echo "Generating zone body for DC $dc with IP $ip"
-cat <<EOF >> $ZFILE
+ dc=$(dcname $GUID)
+ ip=$(getip $dc)
+ test -n "$ip" || exit 1
+ echo "Generating zone body for DC $dc with IP $ip"
+ cat <<EOF >>$ZFILE
;
; Entries for $dc
gc._msdcs IN A $ip
EOF
done
-cat <<EOF >> $ZFILE
+cat <<EOF >>$ZFILE
; kerberos hack
_kerberos IN TXT $(echo $realm | tr [a-z] [A-Z])
# time waiting on the disk!
sudo echo "About to (re)mount bin and st as tmpfs"
-rm -rf bin st
-sudo umount bin > /dev/null 2>&1
-sudo umount st > /dev/null 2>&1
+rm -rf bin st
+sudo umount bin >/dev/null 2>&1
+sudo umount st >/dev/null 2>&1
mkdir -p bin st || exit 1
sudo mount -t tmpfs /dev/null bin || exit 1
sudo chown $USER bin/. || exit 1
#!/bin/sh
[ $# -ge 3 ] || {
- echo "Usage: watch_servers.sh DB1 DB2 PASSWORD SEARCH <attrs>"
- exit 1
+ echo "Usage: watch_servers.sh DB1 DB2 PASSWORD SEARCH <attrs>"
+ exit 1
}
host1="$1"