Using adbindproxy.pl
This section describes the options available for the adbindproxy
command-line tool. The adbindproxy.pl
utility is used to configure Samba and Authentication Service to work together and provides specific functions, such as exporting UIDs and GIDs, creating symbolic links to Samba binaries and libraries, and restoring backed-up Samba files.
Synopsis
adbindproxy.pl [--help] [--info] [--restore] [--unconfig] [--adjoinExtraOptions] [--adleaveExtraOptions] [--version] [--verbose]
adbindproxy.pl [--export] [--groupFile filename] [--userFile filename] [--tdbfile filename]
adbindproxy.pl [--record] [--responseFile filename]
adbindproxy.pl [--nonInteractive] [--responseFile filename]
adbindproxy.pl [--service start|stop|restart|status]
adbindroxy.pl Options
You can use the following options with this command:
Use this option | To Do This |
---|---|
-c --test filename
|
Generate a test target Samba configuration file. With this option, the script generates a target Samba configuration file with the filename for review. This option is a review option and does not change any configuration or make any changes. |
-E , --export |
Export user IDs (UIDs) and group IDs (GIDs) that are stored in Samba’s winbindd_idmap.tdb file. Use the --groupFile and --userFile options to specify the export files for the GIDs and UIDs. Use the --tdbfile option to specify the .tdb file that contains the GIDs and UIDs. After export, you can use the Access Manager Console to import the users and groups with their existing UID and GID mappings into a zone. |
-f , --responseFile filename |
The filename specifies the response file for recording with the -x option or for non-interactive mode with the -n option. If you don't specify a filename, the default is /var/centrify/samba/adbindproxy.pl.rsp . |
-g , --groupFile filename |
Specify the file in which to write the Samba-created Active Directory group to GID mappings. Use this option with the export option. By default, the file is:/etc/group |
-h , --help |
Display the adbindproxy.pl usage information. |
-i, --info
|
Display Samba interoperability information. |
-j, --adjoinExtraOptions adjoinoptions
|
The adjoinoptions are the additional options to be used for the adjoin command. Do not specify the domain or the following options with adjoinExtraOptions, because they're already handled in the response file: -u / --user -c / --container -V / --verbose -n / --name -s / --server -T / --trust -k / --des adjoinoptions 0 / adjoinoptions 1 adjoinoptions 2 / adjoinoptions 3 |
-l , --adleaveExtraOptions adleaveoptions |
The adleaveoptions are the additional options to be used for the adleave command. Do not specify the domain or the following options with adleaveExtraOptions, because they're already handled in the response file: -u / --user -f / --force |
-n , --nonInteractive |
Run adbindproxy.pl in non-interactive mode using the response file. It is recommended to have the machine joined to the Active Directory domain before running this script in non-interactive mode. Otherwise, adbindproxy.pl needs to obtain the Active Directory authorized user password from the command line with the -j/-l option, or interactively from the terminal.WARNING: Typing the password in the command line NOT secure, do NOT do that unless you know what you are doing. |
-r , --restore |
Restore files backed up from the first time you configured Samba for interoperability with the Authentication Service. Typically, you run adbindproxy.pl with the restore option to restore Samba files before uninstalling the integration components that were provided in adbindproxy. |
-S , --symbol |
Force the creation of symbolic links to Verify Privilege Server Suite for Samba binaries and libraries without asking for confirmation. |
--s , --service <start|stop|restart|status> |
Control the CentrifyDC Samba service. If you haven't configured the CentrifyDC Samba service yet, this option has no effect. If you specify --service status , there will be a return value of 0 if the service is running and a return value of 1 if the service isn't running. |
-T , --noTestShare |
Specify to not create the test folder "/samba-test" and not add the "samba-test" share when updating the smb.conf file. |
-t , --tdbFile filename |
Specify the location of the winbindd_idmap.tdb file that contains Samba UID and GID information. This option is used during the UID and GID export process. If you omit this option, the default file to export from is: /var/lib/samba/winbindd_idmap.tdb |
-u , --userFile filename |
Specify the file in which to write Samba-created Active Directory user to UID mappings. Use this option with the -exports option. By default, the file is /etc/passwd . |
-v , --version |
Display version information for the installed software. |
-V , --verbose |
Display detailed information for each operation. |
-x , --record |
Record the user input into the response file which can be used later in non-interactive mode. |
Examples
To display basic information about the configuration of the Samba integration and interoperability with authentication service and Active Directory, you could type a command line similar to the following:
adbindproxy.pl --info
This command displays information similar to the following (where v.v.v is the Verify Privilege Server Suite version number and s.s.s is the Samba number):
The Samba base path is: /usr
CentrifyDC version = CentrifyDC v.v.v
CentrifyDC Architecture = 64-bit
CentrifyDC Realm = ARCADE.NET
CentrifyDC NTLM Domain = ARCADE
CentrifyDC Host = magnolia.arcade.net
CentrifyDC Short Host = magnolia
Samba Version = s.s.s
Samba Architecture = 64-bit
Samba Realm = ARCADE.NET
Samba NetBIOS Name = MAGNOLIA
Samba Version Supported = yes
Samba and CDC in same Realm = yes
Samba and CDC share machine account = yes
Password sync using libtdb = <not specified>
To export existing Samba GID and UID information that you want to import into a Verify Privilege Server Suite Zone, and to show details about the operation performed, type a command line similar to the following:
adbindproxy.pl --export --verbose
This command displays information similar to the following:
The existing UID mappings have been exported to
/var/centrify/samba/passwd.
The existing GID mappings have been exported to
/var/centrify/samba/group.
To record the user input to a response file:
# adbindproxy.pl -x
To run adbindproxy.pl in non-interactive mode with the response file that was generated previously at the default location:
# adbindproxy.pl -n