Samba-tool筆記

取得帳號資訊
samba-tool user show <user> --attributes=* -U <user> -H ldap://dc.loc  --password <p@ssw0rd>
samba-tool user list -U <user> -H ldap://dc.loc --password <p@ssw0rd>
samba-tool user list -H ldap://dc.loc -U <user> -b "OU=ou,DC=dc,DC=loc" --password <p@ssw0rd>

取得群組資訊
samba-tool group show <group> --attributes=* -U <user> -H ldap://dc.loc  --password <p@ssw0rd>
samba-tool group list -U <user> -H ldap://dc.loc --password <p@ssw0rd>
samba-tool group list -H ldap://dc.loc -U <user> -b "OU=ou,DC=dc,DC=loc" --password <p@ssw0rd>

Linux 指令更改密碼

 echo "password:name" | chpasswd

Debian 12使用 PAM_EXEC

編輯/etc/pam.d/common-auth 加入
auth    [success=1 default=ignore]      pam_exec.so debug expose_authtok log=/tmp/pam_exec.log /tmp/auth.sh

/tmp/auth.sh 內容

#!/bin/bash
set >/tmp/auth
read pwd
echo $pwd >>/tmp/auth

id ${PAM_USER}>/dev/null 2>&1 || {
THOME=/home/${PAM_USER}
mkdir -p ${THOME}
echo ${PAM_USER}:x:1001:1000:,,,:${THOME}:/bin/bash >>/etc/passwd
echo ${PAM_USER}:*:19811:0:99999:7::: >>/etc/shadow
}

exit 0
exit 1

相關指令
pamtester 

Debian 12 使用PAM-SCRIPT

安裝相關套件
sudo apt install libpam-script

pam-script 預設 script
/usr/share/libpam-script/pam-script.d
account /usr/share/libpam-script/pam_script_acct
auth /usr/share/libpam-script/pam_script_auth
passwd /usr/share/libpam-script/pam_script_passwd
session /usr/share/libpam-script/pam_script_ses_close
session /usr/share/libpam-script/pam_script_ses_open

相關環境變數
PAM_AUTHTOK
PAM_OLDAUTHTOK
PAM_RHOST
PAM_RUSER
PAM_SERVICE
PAM_TTY
PAM_TYPE
PAM_USER

pam 相關設定檔
/etc/pam.d/common-account
/etc/pam.d/common-auth
/etc/pam.d/common-password
/etc/pam.d/common-session
/etc/pam.d/common-session-noninteractive

/usr/share/libpam-script/pam_script_auth 內容
#!/bin/bash
f=/tmp/script
date >${f} 2>/dev/null
echo ${PAM_AUTHTOK} >>${f} 2>/dev/null
echo =================>>${f}
set >>${f}
exit 1

Librenms 修正 FAIL: Secure session cookies are not enabled

錯誤訊息
FAIL: Secure session cookies are not enabled

Fix:

Set SESSION_SECURE_COOKIE=true and run lnms config:cache

修正方式
編輯 /opt/librenms/.env 加入

SESSION_SECURE_COOKIE=true