I have the command
cat - << _EOF | ed /home/fred/test >/dev/null 2>&1
2 s#u_pwd=*:#u_pwd=${Password}:#
3,$ s/u_succhg#*:/u_succhg#${Date}:/
w
q
_EOF
I works great on the local system but I need to ssh to a remote system and run this command without... (1 Reply)
Unix Box: IBM AIX
Shell : K-Shell
When i logged into a remote server through FTP, and tried to find only required month file by typing `ls -ltr *200805`, the output is "ls remotefile localfile". I coudnt understand this.
What is want is get into the remote server and get the count of required... (6 Replies)
I have two redhat linux server. i have created one script which contain some command that run on Local server as well as remote server.I am using this command to connect to remote server
ssh user1@192.x.x.x 'command'
but when i am running the script in local server it connecting to the server... (1 Reply)
hi,
I need script to perform below task.
1. Read the IP address
2. copy the script from origin server to destination.
3. get root access on destination server
4. run the script on destination server
5. return to the origin server
Code:
#!/bin/bash
echo "Enter Server IP... (5 Replies)
Geeks,
Could you please help me out in my script and identify the missing piece. I need to check/get the exit status of a remote command executed on remote host through script and send out an email when process/processes is/are not running on any/all server(s).
Here's the complete... (5 Replies)
Hi
I am trying to write a script which when I run from server A it execute few command on another server say B and show me the output.
below is the script but it is not showing me the o/p of B machine but instead showing me A machine o/p every time.
#!/bin/bash
for i in `cat... (14 Replies)
I have below command to check for error logs from last 24 hours from the file : /var/log/messages/ The command is working fine on the local host.
sudo awk -F - -vDT="$(date --date="24 hours ago" "+%b %_d %H:%M:%S")" ' DT < $1' /var/log/messages | egrep -i "error|fail"
I want to run the... (8 Replies)
I am currently try to write a simple script with the following condition, but so far not having luck as the exit code would always be 0.
Run remote command to read a file and grep for test word.
if test word is in the file, send email.
if not, do nothing
also possible to ssh to multiple... (3 Replies)
Hello i am having an issue with bash script and this is the code
now=$(cat hosts1.txt | awk '{print $2;}')
while read n ;do
ssh root@$now 'useradd test1; echo -e "test1\ntest1" | passwd test1 && echo "test1 ALL=(ALL:ALL) ALL" >> /etc/sudoers'
When i execute only part with cat, it... (8 Replies)
I have an issue with all of my AIX servers where a user can execute a remote command (bash in this case) using PuTTY and bypass all of the application security that we setup in the users .profile. How do I secure this without breaking the rest of the users? (8 Replies)
Discussion started by: d_brodie
8 Replies
LEARN ABOUT DEBIAN
krb5-sync
KRB5-SYNC(8) krb5-sync KRB5-SYNC(8)NAME
krb5-sync - Synchronize passwords and status with Active Directory
SYNOPSIS
krb5-sync [-d | -e] [-p password] user
krb5-sync -f file
DESCRIPTION
krb5-sync provides a command-line interface to the same functions provided by the password and status synchronization plugin. It can push
a new password to Active Directory (actually, to any password store that supports the Kerberos set-password protocol) or activate or
deactivate an account in Active Directory.
To synchronize passwords, provide the -p option and specify the password. Note that the password is given on the command line and must be
quoted if it contains special characters, and the password will be exposed to any other users on the system where this command is run.
This is useful primarily for testing and should not be used with production passwords. Synchronization to Active Directory will be
attempted based on the configuration in krb5.conf (see below).
To enable or disable an account, provide the -e or -d option respectively. These options can also be provided in conjunction with the -p
option to take both actions at once.
In either case, user should be the principal name for which these actions should be taken. user may be either unqualified or in the local
realm; either way, the Active Directory realm in which to make changes will be taken from the krb5.conf configuration.
Alternately, krb5-sync also supports processing actions from a file. To do this, use the -f flag and give the file on the command line.
The format of the file should be as follows:
<account>
ad
password | enable | disable
<password>
where the fourth line is present only if the <action> is "password". <account> should be the unqualified name of the account. The second
line should be the string "ad" to push the change to Windows Active Directory. The third line should be one of "password", "enable", or
"disable", corresponding to the -p, -e, and -d options respectively. The "enable" and "disable" actions are only supported for AD.
The file format is not particularly forgiving. In particular, all of the keywords are case-sensitive and there must not be any whitespace
at the beginning or end of the lines (except in the password, and only if that whitespace is part of the password), just a single newline
terminating each line.
When the -f option is given, the file will be deleted if the action was successful but left alone if the action failed.
The configuration block in krb5.conf should look something like this:
krb5-sync = {
ad_keytab = /etc/krb5kdc/ad-keytab
ad_principal = service/sync@WINDOWS.EXAMPLE.COM
ad_realm = WINDOWS.EXAMPLE.COM
ad_admin_server = dc1.windows.example.com
ad_ldap_base = ou=People
}
If the configuration required for an action is not given, that action will not be performed but will apparently succeed from the
perspective of the krb5-sync utility. Therefore, if this utility reports success but no change is happening, double-check the
configuration to ensure that all required options are present.
The "ad_keytab" option specifies the location of a keytab for authenticating to the other realm, the "ad_principal" option specifies the
principal to authenticate as (using the key in the keytab), and the "ad_realm" option specifies the foreign realm. "ad_admin_server" is
the host to contact via LDAP to push account status changes. "ad_ldap_base" specifies the base tree inside Active Directory where account
information is stored. Omit the trailing "dc=" part; it will be added automatically from "ad_realm".
OPTIONS -d Disable the specified user in Active Directory. Requires that all of the ad_* options be set in krb5.conf. This option may not be
specified at the same time as -e.
-e Enable the specified user in Active Directory. Requires that all of the ad_* options be set in krb5.conf. This option may not be
specified at the same time as -e.
-f file
Rather than perform a particular action based on a username given on the command line, read a queue file and take action based on it.
The format of the queue file is described above. If the action fails, the file will be left alone. If the action succeeds, the file
will be deleted.
-p password
Change the user's password to password in Active Directory.
EXAMPLES
Disable the account "jdoe" in Active Directory (using the AD configuration found in krb5.conf):
krb5-sync -d jdoe
Change the password of the account "testuser" in Active Directory to "changeme":
krb5-sync -p changeme testuser@EXAMPLE.COM
The same, except also enable the account in Active Directory:
krb5-sync -e -p changeme testuser
Note that the realm for the user given on the command line is optional and ignored.
Given a file named jdoe-ad-1168560492 containing:
jdoe
ad
password
changeme
the command:
krb5-sync -f jdoe-ad-1168560492
will change jdoe's password to "changeme" in Active Directory and then delete the file.
SEE ALSO
The current version of this program is available from its web page at http://www.eyrie.org/~eagle/software/krb5-sync/
<http://www.eyrie.org/~eagle/software/krb5-sync/>.
AUTHOR
Russ Allbery <rra@stanford.edu>
2.2 2012-01-10 KRB5-SYNC(8)