{"id":1299,"date":"2019-04-28T03:10:41","date_gmt":"2019-04-28T00:10:41","guid":{"rendered":"https:\/\/helia.ee\/koolitus\/?page_id=1299"},"modified":"2019-04-29T11:06:35","modified_gmt":"2019-04-29T08:06:35","slug":"samba_gsync","status":"publish","type":"page","link":"https:\/\/helia.ee\/koolitus\/?page_id=1299","title":{"rendered":"Samba_Gsync"},"content":{"rendered":"\n<p>Simple one way password synchronization from samba 4 (&gt;=4.7) to G Suite<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Lapin-Blanc\/samba_gsync#installation--run\"><\/a>installation &amp; run<\/h1>\n\n\n\n<p>I&#8217;ve tested this with a fresh Centos 7 Samba 4.8.2 built from sources and configured as explained described there :<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Go to \/usr\/local\/ and clone this repo, cd to the repo  <strong>(repo on sellel aadressil  <br><\/strong><a href=\"http:\/\/helia.ee\/koolitus\/dokumendid\/samba-gsync.zip\"><strong>http:\/\/helia.ee\/koolitus\/dokumendid\/samba-gsync.zip<\/strong><\/a><strong> See tuleb laadida \u00fclal nimetatud kausta ja lahti pakkida).<\/strong><\/li><li>Edit the config.json file with :<\/li><\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">{\n    \"domain\" : \"yourdomain.com\",\n    \"protected_accounts\" : [ \"administrator\", \"super.user\"]\n}<\/pre>\n\n\n\n<ol class=\"wp-block-list\"><li>Go to your G Suite console, start or use an existing project, create credentials and get the OAuth 2.0 &#8216;client_secret_XXX.json&#8217; file and rename it to &#8216;client_secret.json&#8217;, <\/li><li>Put this file in the &#8216;ggl&#8217; dir and chmod it to 600<\/li><li>Get Google API client and ldif3:<\/li><\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>(enne allpool nimetatud failide installi tuleb installida j\u00e4rgnev programm: sudo apt install python-pip )<\/strong><br>pip install --upgrade google-api-python-client <br>pip install ldif3<br><br>(<strong>Juurde tuleb installida ka selline asi: <br>pip install --upgrade oauth2clien<br><br>muidu ei toimi all j\u00e4rgnev k\u00e4sk<\/strong>) <\/pre>\n\n\n\n<ol class=\"wp-block-list\"><li>First, launch&nbsp;<code>.\/initialize_credentials.py<\/code><\/li><li>Add&nbsp;<code>password hash userPassword schemes = CryptSHA512<\/code>&nbsp;to smb.conf<\/li><li>Get sure samba is up and running, and you should be able to&nbsp;<code>.\/start_syncing.sh<\/code>&nbsp;and&nbsp;<code>.\/stop_syncing<\/code><\/li><li>You can check logs at \/var\/log\/samba_sync\/sync.log and \/var\/log\/samba_sync\/user-syncpasswords.log<\/li><li>Once everything is fine, you can copy, start and enable the startup script :<ul><li>cp samba-gsync.service \/etc\/systemd\/system\/<\/li><li>chmod +x \/etc\/systemd\/system\/samba-gsync.service<\/li><li>systemctl start samba-gsync.service<\/li><li>systemctl enable samba-gsync.service<\/li><\/ul><\/li><li>The sync.py script should not be called directly (meant to be called by samba directly)<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/Lapin-Blanc\/samba_gsync#behaviour\"><\/a>Behaviour<\/h2>\n\n\n\n<p>Whenever you create a local domain user account, either from RSAT or from samba-tool, this account is also created on the G Suite domain. Synced attributes are primaryEmail, givenName and familyName and G Suite email is build with&nbsp;<em><a href=\"mailto:username@domain.com\">username@domain.com<\/a><\/em><\/p>\n\n\n\n<p>If you don&#8217;t provide a givenName and\/or familyName, username will be used instead.<\/p>\n\n\n\n<p>If you modify the password, it gets updated (that&#8217;s the whole point&#8230;).<\/p>\n\n\n\n<p>If you delete a local user account&nbsp;<strong>it is also deleted<\/strong>&nbsp;on the G Suite domain.<\/p>\n\n\n\n<p>Accounts mentionned in the config file are protected though.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Simple one way password synchronization from samba 4 (&gt;=4.7) to G Suite installation &amp; run I&#8217;ve tested this with a fresh Centos 7 Samba 4.8.2 built from sources and configured as explained described there : Go to \/usr\/local\/ and clone this repo, cd to the repo (repo on sellel aadressil http:\/\/helia.ee\/koolitus\/dokumendid\/samba-gsync.zip See tuleb laadida \u00fclal [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":1285,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-1299","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/1299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1299"}],"version-history":[{"count":2,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/1299\/revisions"}],"predecessor-version":[{"id":1303,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/1299\/revisions\/1303"}],"up":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/1285"}],"wp:attachment":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}