Samba › Samba - samba-technical

Fwd: Samba4 how to list all members of a group

Classic

List

Threaded

13 messages Options

steve-2

Fwd: Samba4 how to list all members of a group

Hi
Sorry to forward but I had no luck with this on the samba list.
On s4 at the cli, is it possible to get a list of members of say, Domain
Users?
Steve

-------- Original Message --------
Subject: Samba4 how to list all members of a group
Date: Fri, 27 Apr 2012 20:13:55 +0200
From: steve <[hidden email]>
To: [hidden email]

Version 4.0.0alpha20-GIT-1fbc185
On the Linux dc.

Thanks,
Steve

Lukasz Zalewski-2

Re: Fwd: Samba4 how to list all members of a group

On 30/04/12 10:20, steve wrote:
> Hi
> Sorry to forward but I had no luck with this on the samba list.
> On s4 at the cli, is it possible to get a list of members of say, Domain
> Users?
> Steve
>

Hi Steve,
For Domain Users you can try:

/usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.ldb
'(|(primaryGroupID=513)(memberOf=CN=Domain Users,CN=Users,DC=...))' dn

or using ldapsearch:
ldapsearch -h mys4dc -b 'DC=<my search base>'
'(|(primaryGroupID=513)(memberOf=CN=Domain Users,CN=Users,DC=...))' dn

Similarly for Domain Computers (using primaryGroupID=515 filter and
appropriate memberOf=CN=Domain Computers,CN=Users,DC=...).

You can probably tweak the filter a bit more to further constrain the
search.

These might be other, more elegant solutions though

HTH

L

steve-2

Re: Fwd: Samba4 how to list all members of a group

On 30/04/12 14:10, Lukasz Zalewski wrote:

> On 30/04/12 10:20, steve wrote:
>> Hi
>> Sorry to forward but I had no luck with this on the samba list.
>> On s4 at the cli, is it possible to get a list of members of say, Domain
>> Users?
>> Steve
>>
>
> Hi Steve,
> For Domain Users you can try:
>
> /usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.ldb
> '(|(primaryGroupID=513)(memberOf=CN=Domain Users,CN=Users,DC=...))' dn
>

Hi Lukasz
Yes. That gets us there. Thanks.

I can only think that this is not something I should need to do.

Cheers,
Steve

Lukasz Zalewski-2

Re: Fwd: Samba4 how to list all members of a group

On 30/04/12 14:47, steve wrote:

> On 30/04/12 14:10, Lukasz Zalewski wrote:
>> On 30/04/12 10:20, steve wrote:
>>> Hi
>>> Sorry to forward but I had no luck with this on the samba list.
>>> On s4 at the cli, is it possible to get a list of members of say, Domain
>>> Users?
>>> Steve
>>>
>>
>> Hi Steve,
>> For Domain Users you can try:
>>
>> /usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.ldb
>> '(|(primaryGroupID=513)(memberOf=CN=Domain Users,CN=Users,DC=...))' dn
>>
> Hi Lukasz
> Yes. That gets us there. Thanks.
>
> I can only think that this is not something I should need to do.
>
> Cheers,
> Steve
>

Hi Steve,
Where you thinking more of the samba-tool option, i.e.
samba-tool group listmembers <grouname>?

L

steve-2

Re: Fwd: Samba4 how to list all members of a group

On 30/04/12 15:59, Lukasz Zalewski wrote:

> On 30/04/12 14:47, steve wrote:
>> On 30/04/12 14:10, Lukasz Zalewski wrote:
>>> On 30/04/12 10:20, steve wrote:
>>>> Hi
>>>> Sorry to forward but I had no luck with this on the samba list.
>>>> On s4 at the cli, is it possible to get a list of members of say,
>>>> Domain
>>>> Users?
>>>> Steve
>>>>
>>>
>>> Hi Steve,
>>> For Domain Users you can try:
>>>
>>> /usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.ldb
>>> '(|(primaryGroupID=513)(memberOf=CN=Domain Users,CN=Users,DC=...))' dn
>>>
>> Hi Lukasz
>> Yes. That gets us there. Thanks.
>>
>> I can only think that this is not something I should need to do.
>>
>> Cheers,
>> Steve
>>
>
> Hi Steve,
> Where you thinking more of the samba-tool option, i.e.
> samba-tool group listmembers <grouname>?
>
> L

Yes, but listmembers is an error:

samba-tool group listmembers foo bar
Usage: samba-tool group <subcommand>

Available subcommands:
add - Creates a new AD group
addmembers - Add members to an AD group
delete - Deletes an AD group
list - List all groups
removemembers - Remove members from an AD group
ERROR: No such subcommand 'listmembers'

Cheers,
Steve

Lukasz Zalewski-2

Re: Fwd: Samba4 how to list all members of a group

On 30/04/12 15:18, steve wrote:

> On 30/04/12 15:59, Lukasz Zalewski wrote:
>> On 30/04/12 14:47, steve wrote:
>>> On 30/04/12 14:10, Lukasz Zalewski wrote:
>>>> On 30/04/12 10:20, steve wrote:
>>>>> Hi
>>>>> Sorry to forward but I had no luck with this on the samba list.
>>>>> On s4 at the cli, is it possible to get a list of members of say,
>>>>> Domain
>>>>> Users?
>>>>> Steve
>>>>>
>>>>
>>>> Hi Steve,
>>>> For Domain Users you can try:
>>>>
>>>> /usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.ldb
>>>> '(|(primaryGroupID=513)(memberOf=CN=Domain Users,CN=Users,DC=...))' dn
>>>>
>>> Hi Lukasz
>>> Yes. That gets us there. Thanks.
>>>
>>> I can only think that this is not something I should need to do.
>>>
>>> Cheers,
>>> Steve
>>>
>>
>> Hi Steve,
>> Where you thinking more of the samba-tool option, i.e.
>> samba-tool group listmembers <grouname>?
>>
>> L
> Yes, but listmembers is an error:
>

Sorry Steve,
This was just a question if you would like this functionality (or think
that it should be available) through samba-tool, rather than description
of an existing command.

L

Quinn Fissler

Re: Fwd: Samba4 how to list all members of a group

On 30 April 2012 15:23, Lukasz Zalewski <[hidden email]> wrote:

> On 30/04/12 15:18, steve wrote:
>
>> On 30/04/12 15:59, Lukasz Zalewski wrote:
>>
>>> On 30/04/12 14:47, steve wrote:
>>>
>>>> On 30/04/12 14:10, Lukasz Zalewski wrote:
>>>>
>>>>> On 30/04/12 10:20, steve wrote:
>>>>>
>>>>>> Hi
>>>>>> Sorry to forward but I had no luck with this on the samba list.
>>>>>> On s4 at the cli, is it possible to get a list of members of say,
>>>>>> Domain
>>>>>> Users?
>>>>>> Steve
>>>>>>
>>>>>>
>>>>> Hi Steve,
>>>>> For Domain Users you can try:
>>>>>
>>>>> /usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.**
>>>>> ldb
>>>>> '(|(primaryGroupID=513)(**memberOf=CN=Domain Users,CN=Users,DC=...))'
>>>>> dn
>>>>>
>>>>> Hi Lukasz
>>>> Yes. That gets us there. Thanks.
>>>>
>>>> I can only think that this is not something I should need to do.
>>>>
>>>> Cheers,
>>>> Steve
>>>>
>>>>
>>> Hi Steve,
>>> Where you thinking more of the samba-tool option, i.e.
>>> samba-tool group listmembers <grouname>?
>>>
>>> L
>>>
>> Yes, but listmembers is an error:
>>
>>
> Sorry Steve,
> This was just a question if you would like this functionality (or think
> that it should be available) through samba-tool, rather than description of
> an existing command.
>
> L
>

Shouldn't

getent group Domain\ Users

do it?

(I don't have a samba system to hand to test)

Matthieu Patou-7

Re: Fwd: Samba4 how to list all members of a group

> Shouldn't
>
> getent group Domain\ Users
>
> do it?
Only if you configured your box to use nss_winbindd, in this case getent
passwd will query samba for groups, by default it's not configured (and
not working well with samba4).

Matthieu

--
Matthieu Patou
Samba Team
http://samba.org

steve-2

Re: Fwd: Samba4 how to list all members of a group

On 04/30/2012 06:37 PM, Matthieu Patou wrote:

>
>> Shouldn't
>>
>> getent group Domain\ Users
>>
>> do it?
> Only if you configured your box to use nss_winbindd, in this case
> getent passwd will query samba for groups, by default it's not
> configured (and not working well with samba4).
>
> Matthieu
>

No.
getent group only lists groups, not members therein. For that, you don't
necessarily need nss-winbindd. We use the new nss-pam-ldapd fork of
nss-ldap which well with the s4 LDAP.
Cheers,
Steve

steve-2

Re: Fwd: Samba4 how to list all members of a group

In reply to this post by Lukasz Zalewski-2

On 04/30/2012 04:23 PM, Lukasz Zalewski wrote:

> On 30/04/12 15:18, steve wrote:
>> On 30/04/12 15:59, Lukasz Zalewski wrote:
>>> On 30/04/12 14:47, steve wrote:
>>>> On 30/04/12 14:10, Lukasz Zalewski wrote:
>>>>> On 30/04/12 10:20, steve wrote:
>>>>>> Hi
>>>>>> Sorry to forward but I had no luck with this on the samba list.
>>>>>> On s4 at the cli, is it possible to get a list of members of say,
>>>>>> Domain
>>>>>> Users?
>>>>>> Steve
>>>>>>
>>>>>
>>>>> Hi Steve,
>>>>> For Domain Users you can try:
>>>>>
>>>>> /usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.ldb
>>>>> '(|(primaryGroupID=513)(memberOf=CN=Domain
>>>>> Users,CN=Users,DC=...))' dn
>>>>>
>>>> Hi Lukasz
>>>> Yes. That gets us there. Thanks.
>>>>
>>>> I can only think that this is not something I should need to do.
>>>>
>>>> Cheers,
>>>> Steve
>>>>
>>>
>>> Hi Steve,
>>> Where you thinking more of the samba-tool option, i.e.
>>> samba-tool group listmembers <grouname>?
>>>
>>> L
>> Yes, but listmembers is an error:
>>
>
> Sorry Steve,
> This was just a question if you would like this functionality (or
> think that it should be available) through samba-tool, rather than
> description of an existing command.
>
> L

Hi
Ah, I see. Yes. I certainly feel it would be a worthwhile addition to
samba-tool. You already have the code. With a bit of cut and grep we
could get it to list just the names of the members too:-)
Cheers,
Steve

steve-2

Re: Fwd: Samba4 how to list all members of a group

In reply to this post by steve-2

On 04/30/2012 03:47 PM, steve wrote:

> On 30/04/12 14:10, Lukasz Zalewski wrote:
>> On 30/04/12 10:20, steve wrote:
>>> Hi
>>> Sorry to forward but I had no luck with this on the samba list.
>>> On s4 at the cli, is it possible to get a list of members of say,
>>> Domain
>>> Users?
>>> Steve
>>>
>>
>> Hi Steve,
>> For Domain Users you can try:
>>
>> /usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.ldb
>> '(|(primaryGroupID=513)(memberOf=CN=Domain Users,CN=Users,DC=...))' dn
>>
> Hi Lukasz
> Yes. That gets us there. Thanks.
>
> I can only think that this is not something I should need to do.
>
> Cheers,
> Steve

Hi
Can anyone do any better than this mess?!

function listgroup {
#lists members of a group
# $1 is the name of the group
# get the gid
strgid=$(wbinfo --group-info="$1")
gid=$(echo $strgid | cut -d ":" -f 3)
#get the group from the sid
strsid=$(wbinfo --gid-to-sid=$gid)
primarygid=$(echo $strsid | cut -d "-" -f 8)
#$db is your ldap://fqdn and $auth if the kerberos ccacche= stuff
ldbsearch --url=$db $auth
"(|(primaryGroupID=$primarygid)(memberOf=CN=$1,CN=Users,$basedn))" dn |
grep CN | cut -d ":" -f2 | cut -d "=" -f2 | cut -d "," -f1 | grep -v ldap
}

Cheers,
Steve

Lukasz Zalewski-2

Re: Fwd: Samba4 how to list all members of a group

On 16/05/12 18:50, steve wrote:

> On 04/30/2012 03:47 PM, steve wrote:
>> On 30/04/12 14:10, Lukasz Zalewski wrote:
>>> On 30/04/12 10:20, steve wrote:
>>>> Hi
>>>> Sorry to forward but I had no luck with this on the samba list.
>>>> On s4 at the cli, is it possible to get a list of members of say,
>>>> Domain
>>>> Users?
>>>> Steve
>>>>
>>>
>>> Hi Steve,
>>> For Domain Users you can try:
>>>
>>> /usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.ldb
>>> '(|(primaryGroupID=513)(memberOf=CN=Domain Users,CN=Users,DC=...))' dn
>>>
>> Hi Lukasz
>> Yes. That gets us there. Thanks.
>>
>> I can only think that this is not something I should need to do.
>>
>> Cheers,
>> Steve
> Hi
> Can anyone do any better than this mess?!
>
> function listgroup {
> #lists members of a group
> # $1 is the name of the group
> # get the gid
> strgid=$(wbinfo --group-info="$1")
> gid=$(echo $strgid | cut -d ":" -f 3)
> #get the group from the sid
> strsid=$(wbinfo --gid-to-sid=$gid)
> primarygid=$(echo $strsid | cut -d "-" -f 8)
> #$db is your ldap://fqdn and $auth if the kerberos ccacche= stuff
> ldbsearch --url=$db $auth
> "(|(primaryGroupID=$primarygid)(memberOf=CN=$1,CN=Users,$basedn))" dn |
> grep CN | cut -d ":" -f2 | cut -d "=" -f2 | cut -d "," -f1 | grep -v ldap
> }
>
> Cheers,
> Steve

Hi Steve,
the listmembers option is now part of samba-tool and members are listed
according to their samAccountName (or cn if samAccountName attribute is
not available):
./samba-tool group listmembers
Usage: samba-tool group listmembers <groupname> [options]

Regards

L

steve-2

Re: Fwd: Samba4 how to list all members of a group

On 05/16/2012 08:00 PM, Lukasz Zalewski wrote:

> On 16/05/12 18:50, steve wrote:
>> On 04/30/2012 03:47 PM, steve wrote:
>>> On 30/04/12 14:10, Lukasz Zalewski wrote:
>>>> On 30/04/12 10:20, steve wrote:
>>>>> Hi
>>>>> Sorry to forward but I had no luck with this on the samba list.
>>>>> On s4 at the cli, is it possible to get a list of members of say,
>>>>> Domain
>>>>> Users?
>>>>> Steve
>>>>>
>>>>
>>>> Hi Steve,
>>>> For Domain Users you can try:
>>>>
>>>> /usr/local/samba/bin/ldbsearch -a -H /usr/local/samba/private/sam.ldb
>>>> '(|(primaryGroupID=513)(memberOf=CN=Domain Users,CN=Users,DC=...))' dn
>>>>
>>> Hi Lukasz
>>> Yes. That gets us there. Thanks.
>>>
>>> I can only think that this is not something I should need to do.
>>>
>>> Cheers,
>>> Steve
>> Hi
>> Can anyone do any better than this mess?!
>>
>> function listgroup {
>> #lists members of a group
>> # $1 is the name of the group
>> # get the gid
>> strgid=$(wbinfo --group-info="$1")
>> gid=$(echo $strgid | cut -d ":" -f 3)
>> #get the group from the sid
>> strsid=$(wbinfo --gid-to-sid=$gid)
>> primarygid=$(echo $strsid | cut -d "-" -f 8)
>> #$db is your ldap://fqdn and $auth if the kerberos ccacche= stuff
>> ldbsearch --url=$db $auth
>> "(|(primaryGroupID=$primarygid)(memberOf=CN=$1,CN=Users,$basedn))" dn |
>> grep CN | cut -d ":" -f2 | cut -d "=" -f2 | cut -d "," -f1 | grep -v
>> ldap
>> }
>>
>> Cheers,
>> Steve
>
> Hi Steve,
> the listmembers option is now part of samba-tool and members are
> listed according to their samAccountName (or cn if samAccountName
> attribute is not available):
> ./samba-tool group listmembers
> Usage: samba-tool group listmembers <groupname> [options]
>
> Regards
>
> L

Hi Lukasz
Works perfectly. I never thought to try it, even on my new build.
Thanks again,
Steve