Sambastatus: my first module for nethserver

module

(Carlo Minucci) #41

ok
the version 0.3 is officially out :slight_smile:
you can download from here https://minucci.net/nethserver/nethserver-sambastatus-0.3-1.x86_64.rpm

now you can see a list of machines that are joined domain


(Giacomo Sanchietti) #42

I looked to you repository this morning :slight_smile:

I think records inside the /var/lib/nethserver/db/accounts are not really synchronized to the content of AD LDAP.
I think you need something like this:

net ads -P  search '(objectCategory=Computer)' dnsHostName 

If you want to know also the last login:

net ads -P  search '(objectCategory=Computer)' dnsHostName lastLogonTimestamp

Edit: just a quick and dirt perl script which outputs data in JSON:

#!/usr/bin/perl

use JSON;
use POSIX;

my $output = qx(net ads -P  search '(objectCategory=Computer)' cn dNSHostName lastLogonTimestamp);

my @machines;
my %current;
foreach my $line (split /[\r\n]+/, $output) {
    if ($line =~ /^cn: (.*)/) {
        if (%current) {
            push(@machines,\%current);
        }
        %current = ();
        $current{'cn'} = $1;
    }
    if ($line =~ /^dNSHostName: (.*)/) {
        $current{'dNSHostName'} = $1;
    }
    if ($line =~ /^dNSHostName: (.*)/) {
        $current{'dNSHostName'} = $1;
    }
    if ($line =~ /^lastLogonTimestamp: (.*)/) {
        $current{'lastLogonTimestamp'} = floor(($1/10000000)-11644473600);
    }
}
push(@machines,\%current);

print encode_json(\@machines);


(Carlo Minucci) #43

i knew there was a better solution then mine :slight_smile:

but

[root@server ~]# net ads -P search ‘(objectCategory=Computer)’ dnsHostName
ads_connect: No logon servers
ads_connect: No logon servers
[root@server ~]#


(Giacomo Sanchietti) #44

Mmm, I think you’re using NethServer 6.9. Am I right?
The proposed scripts works only NS 7 with Active Directory.

What is your scenario? Maybe I can try to create something which works on more environments. :wink:


(Carlo Minucci) #45

yes, mine is 6.9

but i think i have some problem with ldap:

[root@server ~]# /etc/init.d/slapd start
Starting slapd: [FAILED]
[root@server ~]#

the log tell me

Oct 2 17:57:48 server slaptest: auxpropfunc error invalid parameter supplied

some time ago i fixed this bug i don’t remember how :slight_smile:


(Giacomo Sanchietti) #46

IIRC in 6.9 slapd is handled by upstart, you need these commands:

status slapd
start slapd
stop slopd

(Antonio) #47

Hello Carlo,

I installed your form on my NS7 but unfortunately it does not show anything!

smbstatus from the console displays this:



(Carlo Minucci) #48

in the shell try

smbstatus -b

and

smbstatus -L

and past the output

but… do you use nethserver as domain controller or not?


(Antonio) #49

Yes !

use nethserver 7 for DC.

I have windows 10 pro join and opensuse


(Carlo Minucci) #50

mmm

ok… i don’t know why… I begin to investigate :flashlight:


(Markus Neuberger) #51

Hi @gecco,

nice presentation at the conference.

I tried your module now on 7.3.1611 and like it happened to @netbix, my web UI also shows nothing.

[root@server ~]# smbstatus -b

Samba version 4.6.2
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing
----------------------------------------------------------------------------------------------------------------------------------------
9509    nobody       nobody       192.168.1.228 (ipv4:192.168.1.228:2297)   SMB2_10           -                    -

[root@server ~]# smbstatus -L
Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time
--------------------------------------------------------------------------------------------------
9509         99         DENY_NONE  0x100080    RDONLY     NONE             /var/lib/nethserver/ibay/gast   .   Tue Oct  3 11:36:19 2017
9509         99         DENY_NONE  0x100081    RDONLY     NONE             /var/lib/nethserver/ibay/gast   .   Tue Oct  3 11:36:19 2017

Had a look at the command in /usr/share/nethesis/NethServer/Template/SambaStatus/Connection.php

[root@server SambaStatus]# smbstatus -b | sed -e '1,4d' | awk '{print $2 \"\t\" $4 \"\t\" $5}' | sort -h
awk: cmd. line:1: {print $2 \"\t\" $4 \"\t\" $5}
awk: cmd. line:1:           ^ backslash not last character on line
awk: cmd. line:1: {print $2 \"\t\" $4 \"\t\" $5}
awk: cmd. line:1:           ^ syntax error

It seems to be the masking of the tabs so I tried the following:

[root@server SambaStatus]# smbstatus -b | sed -e '1,4d' | awk -v OFS="\t" '{print $2, $4, $5}' | sort -h
nobody  192.168.1.228   (ipv4:192.168.1.228:2297)

But on web UI I still see nothing.


(Carlo Minucci) #52

this happen because in php you have to escape the "
in bash no :slight_smile:
the right command is

smbstatus -b | sed -e ‘1,4d’ | awk ‘{print $2 “\t” $4 “\t” $5}’ | sort -h


(Antonio) #53

From bash the command works


(Antonio) #54

machines added to domain what should i show?

/var/lib/nethserver/db/accounts ???


(Markus Neuberger) #55

Tried this in the php:

$command = "smbstatus -b";
$admin_shell = shell_exec($command);
echo $admin_shell;

and got


(Carlo Minucci) #56

mmm
yes… i think it is the problem… (srvmgr is the user run webserver)

in 7.3

[root@segreteria tmp]# su srvmgr
bash-4.2$ smbstatus -b
smbstatus only works as root!
bash-4.2$

in 6.9

[root@server tmp]# su srvmgr
[srvmgr@server tmp]$ smbstatus -b

Samba version 3.6.23-45.el6_9
PID Username Group Machine

14913 admin admin (192.168.1.2)
9461 dimichele dimichele docenti3 (192.168.1.156)
14915 minucci minucci (192.168.1.2)
13254 giorgini giorgini docenti2 (192.168.1.155)

mmm… a big problem…

my sambastatus is not ready for nethserver 7 :frowning:


(Markus Neuberger) #57

Did a very dirty trick, just writing smbstatus to a file as root:

[root@server SambaStatus]# su - srvmgr
Creating home directory for srvmgr.
[root@server SambaStatus]# smbstatus -b > home/svrmgr/smbstatb

Replaced the command string in Connection.php with:

Maybe let a cron job write the smbstatus to the file?

Somethings wrong with “Host name” which shows “users@cmb.local” but maybe I changed something when trying to find the error.


(Bogdan Costin) #58

Hi Markus,
can you try $command = “sudo smbstatus -b”;

You can check that smbstatus is able to be run as sudo ?


(Carlo Minucci) #59

i tried… but ask for password


(Bogdan Costin) #60

try to add smbstatus in sudoers file and see then
I had a similar issue with my script and I had to add the script to the sudoers