139 lines
4.5 KiB
Bash
Executable File
139 lines
4.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Script to create Samba4 computer accounts from CSV file using ldbmodify
|
|
# Usage: ./create_samba_computers.sh
|
|
|
|
# Set script directory for relative paths
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
CSV_FILE="$SCRIPT_DIR/Transfert/computers.csv"
|
|
TEMPLATE_FILE="$SCRIPT_DIR/computer.ldif.orig"
|
|
TEMP_LDIF="$SCRIPT_DIR/computer.ldif"
|
|
|
|
# Check if running as root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "Error: This script must be run as root to access Samba's LDB database."
|
|
echo "Please run with: sudo $0"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if required files exist
|
|
if [[ ! -f "$CSV_FILE" ]]; then
|
|
echo "Error: CSV file not found at $CSV_FILE"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ ! -f "$TEMPLATE_FILE" ]]; then
|
|
echo "Error: Template file not found at $TEMPLATE_FILE"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if ldbmodify is available
|
|
if ! command -v ldbmodify &> /dev/null; then
|
|
echo "Error: ldbmodify command not found. Please ensure Samba4 is installed."
|
|
exit 1
|
|
fi
|
|
|
|
# Function to clean up temp file
|
|
cleanup() {
|
|
if [[ -f "$TEMP_LDIF" ]]; then
|
|
rm -f "$TEMP_LDIF"
|
|
echo "Cleaned up temporary file: $TEMP_LDIF"
|
|
fi
|
|
}
|
|
|
|
# Set trap to cleanup on exit
|
|
trap cleanup EXIT
|
|
|
|
echo "Starting Samba4 computer account creation process..."
|
|
echo "Reading computers from: $CSV_FILE"
|
|
echo "Using template: $TEMPLATE_FILE"
|
|
echo ""
|
|
|
|
# Counter for statistics
|
|
total_computers=0
|
|
successful_computers=0
|
|
failed_computers=0
|
|
|
|
# Read CSV file line by line (skip header)
|
|
while IFS=',' read -r NAME OBJECTSID; do
|
|
# Skip header line
|
|
if [[ "$NAME" == "NAME" && "$OBJECTSID" == "OBJECTSID" ]]; then
|
|
continue
|
|
fi
|
|
|
|
total_computers=$((total_computers + 1))
|
|
|
|
# Trim whitespace and newlines from variables
|
|
NAME=$(echo "$NAME" | tr -d '\r\n' | xargs)
|
|
OBJECTSID=$(echo "$OBJECTSID" | tr -d '\r\n' | xargs)
|
|
|
|
echo "Processing computer $total_computers: $NAME"
|
|
|
|
# Check if any required field is empty
|
|
if [[ -z "$NAME" || -z "$OBJECTSID" ]]; then
|
|
echo " Warning: Skipping computer due to missing data (NAME='$NAME', OBJECTSID='$OBJECTSID')"
|
|
failed_computers=$((failed_computers + 1))
|
|
continue
|
|
fi
|
|
|
|
# Validate ObjectSID format
|
|
if [[ ! "$OBJECTSID" =~ ^S-1-5-21- ]]; then
|
|
echo " Warning: Skipping computer due to invalid ObjectSID format: $OBJECTSID"
|
|
failed_computers=$((failed_computers + 1))
|
|
continue
|
|
fi
|
|
|
|
# Create computer.ldif from template by replacing placeholders
|
|
if ! cp "$TEMPLATE_FILE" "$TEMP_LDIF" 2>/dev/null; then
|
|
echo " ✗ Failed to copy template file"
|
|
failed_computers=$((failed_computers + 1))
|
|
continue
|
|
fi
|
|
|
|
# Use sed to replace placeholders (handle special characters properly)
|
|
sed -i "s|NAME|$NAME|g" "$TEMP_LDIF"
|
|
sed -i "s|OBJECTSID|$OBJECTSID|g" "$TEMP_LDIF"
|
|
|
|
echo " Created LDIF file for computer: $NAME"
|
|
|
|
# Execute ldbmodify command
|
|
if ldbmodify -H /var/lib/samba/private/sam.ldb --controls="local_oid:1.3.6.1.4.1.7165.4.3.12:0" "$TEMP_LDIF" 2>/dev/null; then
|
|
echo " ✓ Successfully created computer account: $NAME"
|
|
successful_computers=$((successful_computers + 1))
|
|
else
|
|
echo " ✗ Failed to create computer account: $NAME"
|
|
echo " Computer may already exist or check Samba permissions."
|
|
failed_computers=$((failed_computers + 1))
|
|
fi
|
|
|
|
echo ""
|
|
done < "$CSV_FILE"
|
|
|
|
# Display final statistics
|
|
echo "========================================="
|
|
echo "Computer account creation process completed!"
|
|
echo "Total computers processed: $total_computers"
|
|
echo "Successfully created: $successful_computers"
|
|
echo "Failed: $failed_computers"
|
|
echo "========================================="
|
|
|
|
# Note about permissions and next steps
|
|
if [[ $failed_computers -gt 0 ]]; then
|
|
echo ""
|
|
echo "Note: If computer accounts failed to be created, possible causes:"
|
|
echo "1. Computer account already exists in the domain"
|
|
echo "2. ObjectSID conflict or duplication"
|
|
echo "3. Samba4 service not running: sudo systemctl status samba-ad-dc"
|
|
fi
|
|
|
|
if [[ $successful_computers -gt 0 ]]; then
|
|
echo ""
|
|
echo "✅ Computer accounts created successfully!"
|
|
echo "Next steps for each workstation:"
|
|
echo "1. On each computer, open PowerShell as Administrator"
|
|
echo "2. Run: Reset-ComputerMachinePassword -Credential <AdminAccount> -Server <DC_IP>"
|
|
echo "3. Reboot the computer to complete the domain rejoin process"
|
|
echo ""
|
|
echo "To verify created computer accounts:"
|
|
echo "samba-tool computer list"
|
|
fi |