4 files changed, 46 insertions, 6 deletions

diff --git a/templates/add_samba_user b/templates/add_samba_user
new file mode 100644
index 0000000..1385d4e
--- /dev/null
+++ b/templates/add_samba_user
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# This script adds a samba account for a given user and password
+# call as:
+# > add_samba_user "USERNAME" "PASSWORD"
+
+/bin/echo -e "$2\n$2\n" | sudo /usr/bin/pdbedit -a "$1" -t 1>/dev/null
+results=$?
+
+if [ $results = 0 ]; then
+	echo "added samba account for '$1'"	
+else
+	echo "could not add samba account for '$1'"
+fi
+
+exit $results
diff --git a/templates/check_samba_user b/templates/check_samba_user
new file mode 100644
index 0000000..75cb4b5
--- /dev/null
+++ b/templates/check_samba_user
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# This script checks to see if a given user account exists on samba
+# if so, it returns 0
+# otherwise it returns 1
+
+sudo /usr/bin/pdbedit -L | egrep -q "^$1:"
+exists=$?
+
+if [ $exists = 0 ]; then
+	echo "'$1' is a samba user"	
+else
+	echo "no samba account matching '$1'"
+fi
+
+exit $exists
diff --git a/templates/configure_active_directory.erb b/templates/configure_active_directory.erb
index 35ba86f..4f9b6e0 100644
--- a/templates/configure_active_directory.erb
+++ b/templates/configure_active_directory.erb
@@ -54,7 +54,7 @@ do
   esac
 done
 
-password="<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>"
+password='<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>'
 
 # short hostname from facter
 my_hostname="<%= hostname -%>"
@@ -80,7 +80,7 @@ echo "Please do not kill me; I may be slow" >&2
 
 if [ "$action" = "leave" ]; then
   logger -st $PROG "Leaving AD domain"
-  $NET ads $action -U ${winbind_acct}%${password} | grep Deleted && success=true || success=false
+  $NET ads $action -U "${winbind_acct}%${password}" | grep Deleted && success=true || success=false
   kdestroy
   rm -f /etc/krb5.keytab
   if [ $success = "true" ]; then
@@ -105,8 +105,14 @@ ad_settle() {
 export KRB5CCNAME=$(umask 0077; mktemp -q winbind_cache.XXXXXXXX)
 
 if [ "$action" = "join" ]; then
+    if [ "${target_ou}" != "" ]; then
+    	ou_parameter="createcomputer=\"${target_ou}\""
+    else
+        ou_parameter=""
+    fi
+
     logger -st $PROG "Joining AD domain" >&2
-    $NET ads $action -U ${winbind_acct}%${password} createcomputer="${target_ou}"\
+    $NET ads $action -U "${winbind_acct}%${password}" ${ou_parameter} \
 	| grep Joined && success=true || success=false
 
 if [ $success = "false" ]; then
@@ -121,7 +127,8 @@ for attempt in $(seq 1 $max_attempts); do
     echo "Getting TGT for ${winbind_acct}@${my_realm}" >&2
     $EXPECT -c "spawn -noecho kinit -c $KRB5CCNAME ${winbind_acct}@${my_realm};
         expect :;
-        send ${password}\n;
+        send {${password}};
+        send \n;
         expect eof"
     klist -c $KRB5CCNAME &> /dev/null && break
 done
diff --git a/templates/verify_active_directory.erb b/templates/verify_active_directory.erb
index 5a2a506..0917c49 100644
--- a/templates/verify_active_directory.erb
+++ b/templates/verify_active_directory.erb
@@ -21,7 +21,7 @@ fi
 #  } >&2
 #fi
 
-password="<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>"
+password='<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>'
 
 # short hostname from facter
 my_hostname="<%= hostname -%>"
@@ -62,7 +62,8 @@ get_tgt() {
   (
   $EXPECT -c "spawn -noecho kinit -c $KRB5CCNAME ${winbind_acct}@${default_realm};
 	expect :;
-	send ${password}\n;
+	send {${password}};
+	send \n;
 	expect eof"
   ) &> /dev/null
   klist -c $KRB5CCNAME &> /dev/null