Using adbindproxy.pl

This appendix describes the options available for the adbindproxy command-line tool. The adbindproxy.pl utility is used to configure Samba and Centrify Authentication Service to work together and provides specific functions, such as exporting UIDs and GIDs, creating symbolic links to Samba binaries and libraries, and restoring backed-up Samba files.

Note:   For step-by-step instructions about running adbindproxy.pl to configure Samba and Centrify Authentication Service to work together, see Running the adbindproxy.pl script.

Synopsis

Copy
adbindproxy.pl [--help] [--info] [--restore] [--unconfig] [--adjoinExtraOptions] [--adleaveExtraOptions] [--version] [--verbose]]
adbindproxy.pl [--export] [--groupFile filename] [--userFile filename] [--tdbfile filename]
adbindproxy.pl  [--record] [--responseFile filename]
adbindproxy.pl  [--nonInteractive] [--responseFile filename]
adbindproxy.pl  [--service start|stop|restart|status]

adbindroxy.pl options

You can use the following options with this command:

Use this option To do this

-c, --test filename

Generate a test target Samba configuration file.

With this option, the script generates a target Samba configuration file with the filename for review. This option is a review option and does not change any configuration or make any changes.

-E,
--export

Export user IDs (UIDs) and group IDs (GIDs) that are stored in Samba’s winbindd_idmap.tdb file.

Use the --groupFile and --userFile options to specify the export files for the GIDs and UIDs. Use the --tdbfile option to specify the .tdb file that contains the GIDs and UIDs.

After export, you can use the Centrify Authentication Service Administrator Console to import the users and groups with their existing UID and GID mappings into a zone.

-f, --responseFile filename

The filename specifies the response file for recording with the -x option or for non-interactive mode with the -n option. If you don't specify a filename, the default is /var/centrify/samba/adbindproxy.pl.rsp.

-g,
--groupFile filename

Specify the file in which to write the Samba‑created Active Directory group to GID mappings. Use this option with the ‑‑export option. By default, the file is:

/etc/group

-h, --help

Display the adbindproxy.pl usage information.

-i, --info

Display Samba interoperability information.

-j, --adjoinExtraOptions adjoinoptions

The adjoinoptions are the additional options to be used for the adjoin command.

Do not specify the domain or the following options with adjoinExtraOptions, because they're already handled in the response file:

-u / --user
-c / --container
-V / --verbose
-n / --name
-s / --server
-T / --trust
-k / --des
-z / --zone
-a / --alias

-l, --adleaveExtraOptions adleaveoptions

The adleaveoptions are the additional options to be used for the adleave command.

Do not specify the domain or the following options with adleaveExtraOptions, because they're already handled in the response file:

-u / --user
-f / --force

-n, --nonInteractive

Run adbindproxy.pl in non-interactive mode using the response file.

It is recommended to have the machine joined to the Active Directory domain before running this script in non-interactive mode.

Otherwise, adbindproxy.pl needs to obtain the Active Directory authorized user password from the command line with the -j/-l option, or interactively from the terminal.

WARNING: Typing the password in the command line NOT secure, do NOT do that unless you know what you are doing.

-r, --restore

Restore files backed up from the first time you configured Samba for interoperability with Centrify Authentication Service. Typically, you run adbindproxy.pl with the ‑‑restore option to restore Samba files before uninstalling the integration components that were provided in adbindproxy.

-S, --symbol

Force the creation of symbolic links to Centrify for Samba binaries and libraries without asking for confirmation.

--s, --service <start|stop|restart|status>

Control the CentrifyDC Samba service. If you haven't configured the CentrifyDC Samba service yet, this option has no effect.

If you specify --service status", there will be a return value of 0 if the service is running and a return value of 1 if the service isn't running.

-T, --noTestShare

Specify to not create the test folder "/samba-test" and not add the "samba-test" share when updating the smb.conf file.

-t, --tdbFile filename

Specify the location of the winbindd_idmap.tdb file that contains Samba UID and GID information. This option is used during the UID and GID export process.

If you omit this option, the default file to export from is:

/var/lib/samba/winbindd_idmap.tdb

-u, --userFile filename

Specify the file in which to write Samba-created Active Directory user to UID mappings. Use this option with the ‑-exports option.

By default, the file is /etc/passwd.

-v, --version

Display version information for the installed software.

-V, --verbose

Display detailed information for each operation.

-x, --record

Record the user input into the response file which can be used later in non-interactive mode.

Examples

To display basic information about the configuration of the Samba integration and interoperability with authentication service and Active Directory, you could type a command line similar to the following:

adbindproxy.pl --info

This command displays information similar to the following (where v.v.v is the Centrify version number and s.s.s is the Samba number):

The Samba base path is:        /usr
CentrifyDC version = CentrifyDC v.v.v CentrifyDC Architecture = 64-bit CentrifyDC Realm = ARCADE.NET
CentrifyDC NTLM Domain = ARCADE
CentrifyDC Host = magnolia.arcade.net
CentrifyDC Short Host = magnolia

Samba Version = s.s.s Samba Architecture = 64-bit
Samba Realm = ARCADE.NET
Samba NetBIOS Name = MAGNOLIA
Samba Version Supported = yes
Samba and CDC in same Realm = yes
Samba and CDC share machine account = yes Password sync using libtdb = <not specified>

To export existing Samba GID and UID information that you want to import into a Centrify Zone, and to show details about the operation performed, type a command line similar to the following:

adbindproxy.pl --export --verbose

This command displays information similar to the following:

The existing UID mappings have been exported to 
/var/centrify/samba/passwd.
The existing GID mappings have been exported to 
/var/centrify/samba/group.

To record the user input to a response file:

# adbindproxy.pl -x

To run adbindproxy.pl in non-interactive mode with the response file that was generated previously at the default location:

# adbindproxy.pl -n