Comments (9)
Regarding your different questions: Here is the pillar I had to use. This works with the init.sls state I wrote in #35 (comment)
# user.present needs hash -> openssl passwd -1
# pdbedit.managed needs hash -> salt '*' pdbedit.generate_nt_hash PASSWORD
samba:
users:
agent:
passwordPASSWD: $1$EN0z3WOT$/1Y.PghPl0C1t.b9Q4w4F1
passwordNT: 7B592E4F8178B4C75788531B2E747687
Or maybe it would be nicer to write? I have no idea, I just started using Salt to solve my problems, not salt's problems xD
samba:
users:
agent:
password:
PASSWD: $1$EN0z3WOT$/1Y.PghPl0C1t.b9Q4w4F1
NT: 7B592E4F8178B4C75788531B2E747687
Does your solution scale?
I have no idea. I just need one user for one special use case. It's not about samba for me, it's about Zabbix. On each Zabbix Proxy I need a single smb share with a single user to make the Zabbix agent available to the Windows Server OS.
So if False should work then raise an issue at...
I guess I have to do that.
But anyway we would have to decide, if the pillar for this state has to to be plaintext or Hash. I guess it can't be both? Or can it? user.present
can handle both. And the True or False Bool for pdbedit.managed
could be set via pillar? But that would get rather complicated for a simple to use formula.
from samba-formula.
I tried this today and I failed. I have the feeling, that the module isn't working and that it is not my fault, but I'm not sure of course. Here is my code:
{% if grains['os_family'] in ('RedHat', 'Suse', 'Debian') %}
include:
- samba.client
{% endif %}
{% for login,user in salt['pillar.get']('samba:users', {}).items() %}
{{ login }}:
user.present:
- name: {{ login }}
- fullname: {{ login }}
- password: {{ user.password }}
pdbedit.managed:
- login: {{ login }}
- password: {{ user.password }}
- password_hashed: False
{% endfor %}
This is the error I get:
----------
ID: agent
Function: pdbedit.managed
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/salt/state.py", line 1919, in call
**cdata['kwargs'])
File "/usr/lib/python3/dist-packages/salt/loader.py", line 1918, in wrapper
return f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/salt/states/pdbedit.py", line 132, in managed
res = __salt__['pdbedit.modify'](**kwargs)
File "/usr/lib/python3/dist-packages/salt/modules/pdbedit.py", line 325, in modify
ret = create(login, password, password_hashed)[login]
File "/usr/lib/python3/dist-packages/salt/modules/pdbedit.py", line 218, in create
nthash=_quote_args(password_hash)
File "/usr/lib/python3.5/shlex.py", line 282, in quote
if _find_unsafe(s) is None:
TypeError: cannot use a string pattern on a bytes-like object
Started: 19:10:47.391963
Duration: 87.277 ms
Changes:
Can somebody help me decide if it's my fault, or if I have to raise a bug in the saltstack project? ping @noelmcloughlin
from samba-formula.
That's annoying.
Could this be jinja encoding/decoding issue?
https://stackoverflow.com/questions/39047657/base64-decode-string-in-jinja
I'm honestly not sure and bit too busy to look at this.
I wonder if there is an open or closed issue for this error at https://github.com/saltstack/salt repo?
from samba-formula.
Update:
I can get it to work, if I set - password_hashed: True
and change the Pillar to an NT hash. But that would need two pillar values, as user.present
and pdbedit.managed
use different password hashes.
Even if I try it via the pdbedit module I get the error, when I use Plaintext passwords:
root@salt:/srv# salt 'HOST' pdbedit.modify agent password='abc'
HOST:
Passed invalid arguments to pdbedit.modify: cannot use a string pattern on a bytes-like object
from samba-formula.
This seems to work, if I write it like this, but this would require the define two hashes in the pillar:
{% if grains['os_family'] in ('RedHat', 'Suse', 'Debian') %}
include:
- samba.client
{% endif %}
{% for login,user in salt['pillar.get']('samba:users', {}).items() %}
{{ login }}:
user.present:
- name: {{ login }}
- fullname: {{ login }}
- password: {{ user.passwordPASSWD }}
pdbedit.managed:
- login: {{ login }}
- password: {{ user.passwordNT }}
- password_hashed: True
{% endfor %}
from samba-formula.
You could update pillar.example with what worked, if no code change is necessary.
This would help stop other people getting tripped up.
Does your solution scale? How many users would be managed using smbpasswd. I'm typically using Active Directory (winbind) and/or users-formula
for use management and never used samba.users
state to be honest.
I had a look at the python module, it's a basic implementation:
https://github.com/saltstack/salt/blob/b44f0f1d0fd564690c6e45c6dd061c0e84d76def/salt/states/pdbedit.py#L78
Only Bool is supported for password. So if False should work then raise an issue at https://github.com/saltstack/salt so someone might improve this.
from samba-formula.
Cool - great work! I'd suggest you raise PR to incorporate #35 (comment) and update pillar.example
with what worked (you can add more than one example if you want). Whatever solves your problem is the correct contribution.
The only minor suggestion is to keep keys lowercase password_nt
and password_passwd
. YAML supports "any case" but the current style pillar.example is lowercase and underscores.
Nice work anyway - it will be great contribution to have samba.users
work out of the box - i.e. paste example from pillar.example into their environment and run the state with no failures or unwanted behaviour.
from samba-formula.
And since the user case is one user (i.e. not 1 million users) the solution scales. I guess the most common use case is one or two users.
from samba-formula.
I guess this can be closed after #70 ?
from samba-formula.
Related Issues (20)
- Add 'MacOS' stanza to map.jinja HOT 1
- Suse: pillar.example SLS rendering error line 30
- Suse: Relocation Error on LEAP HOT 6
- Samba-winbind: Add 'domains users' to sudoers HOT 2
- Fix painfully slow AD group lookup
- SSSD support HOT 1
- Fix idmap config 'schema_mode' syntax in yaml HOT 7
- winbind is restarted on each run HOT 2
- Regression in Winbind packaging breaks APT [bionic] HOT 1
- smb.service ERROR: failed to setup guest info HOT 4
- smb service on CentOS7: NT_STATUS_NO_MEMORY
- Ignoring parameter "winbind trusted domains only" HOT 3
- Ignoring parameter "winbind trusted domains only" - HOT 2
- section_order ignored HOT 4
- "virtual package" names: samba-client. Will no longer be supported as of the Fluorine release.
- In state "samba.user" "samba_smbpasswd_{{ login }}" gets executed each state.apply HOT 3
- [BUG] FreeBSD Package name is incorrect
- [FEATURE] Allow settings shell and other options for samba.user
- [BUG] Maintained?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samba-formula.