Article by ~!~ Syed Jahanzaib ~!~ Dedicated to ALL Pakistani Soldiers who gave there Life in SIACHIN Z@iB
Following is one of the simplest way to manage your Active Directory Using WEBMIN base customized panel. I always prefer to create my own in-house made solutions for daily routine tasks.
Using this method you can customize the options you want to use. For example, this panel access can be granted to support personnel or help-desk staff , so they will be limited to the features / options you provide them with.
For example, Support personnel can access your panel via using there browser
http://yourlinuxbox
and after entering his credentials, he will be redirected to command panel, Only those commands will appear here which you have granted access for.
A very basic example is showed in the image below . . . But you can create more advance, sophisticated functions with beautification using this panel to control every aspect of your network, whether its Microsoft, Linux or Mikrotik or any compatible device
To create this panel, you will need following components
1) Linux box with WEBMIN installed,
2) sshpass Utility on Linux box,
3) freeSSHD application installed on Windows AD Server .
4) Testing ssh connection to A.D from your Linux BOX
5) Create Scripts on Linux and Link them to WEBMIN
6) Create User in Webmin and Grant Custom Commands Rights
We will discuss above six topics in minimum details as following. . .
1) INSTALL WEBMIN ON YOUR LINUX BOX:
I assumed that you have installed and configure your Linux box (preferably Ubuntu, but any flavor can do the job, this is the main quality of Linux OS :)~
To install Webmin , first add its repositories to sources.list, to do this first open sources.list
nano /etc/apt/sources.list
Now paste the following lines in the end of this file.
deb http://download.webmin.com/download/repository sarge contrib deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib deb http://archive.canonical.com/ lucid partner
Save & Exit.
Now update apt-get and install webmin using
apt-get update apt-get install webmin
It will take some time to install webmin depend on your internet connection (usually less then 10 minutes) , afterward you can access it using
(TIP: you can change the webmin port by editing in /etc/webmin/miniserv.conf and change the port number to any port you like, for example 443 or 1234)
Now moving to ahead . . .
2) INSTALL ‘ SSHPASS ‘ ON YOUR LINUX BOX
sshpass utility is required so that you can do ssh to your windows box with the provided password, otherwise if you do normal ssh it will stop and ask you the password , which you can’t provide in automated way while using the webmin script, thus the script will stop on password function and will not perform as desired,
[However The best approach is to generate SSH keys and use them, but i am not going in that detail, just Google for it]
To install sshpass , use the below command . . .
sudo apt-get install sshpass
Done.
3) INSTALL freeSSHD SERVER ON WINDOWS Active Directory SERVER
First download freeSSHD server and install it. Installation procedure of this app is very simple , just clicking few next next button :p You can download it from
http://www.freesshd.com/freeSSHd.exe
At the end of the installation, it will ask you to run freeSSHD as Service, Select YES , so that it may run automatic when windows start as a windows service.
After Finishing setup, You will see its icon in your taskbar area , Right click on it and select SETTINGS,
Goto Users TAB, and add your users, (You can add local users in it , OR you can select NT Authentication for domain.
For domain, you wont have to enter password, choice is yours).
As shows in the image below . . .
4) TESTING SSH CONNECTION FROM LINUX BOX TO WINDOWS A.D SERVER
Now its time to test if your freeSSHD box is working. From your Linux box you can use the following command to test the connection.
sshpass -p ‘freessdh_password’ ssh userid@10.0.0.1
And if successful, you will see the windows command prompt
As shows in the image below . . .
If you are testing it from Windows, you can Use any sshclient tool, like PUTTY, and enter your freeSSHD Box IP and try to connect, if all goes OK, you will see the user id . Enter your id password you added in the freeSSHD , and you will see command prompt of windows.
4) Create Scripts on Linux and Link them to WEBMIN
Now that we have finished configuring base requirements, It is time to create various Scripts to perform our desired functions and link them to webmin GUI user interface (Usermin?) 😀
On your Linux box, Create an folder
mkdir /scripts cd /scripts
Now create first script which will ssh to A.D Server and will fetch the DISABLED USERS list.
touch viewdisabledusers.sh chmod +x viewdisabledusers.sh nano viewdisabledusers.sh
and paste the following line
sshpass -p '123' ssh zaib@10.0.0.1 'dsquery user -disabled'
Now Save & Exit.You can test it by execute it by ./viewdisabledusers.sh and you will see its result on your screen.
Now its time to link it with the webmin GUI Interface.
Login to Webmin.
Goto OTHERS / CUSTOM COMMANDS and click on Create a new custom command.
As showed in the image below . . .
After Entering Command Details as showed in the image above, Click on SAVE
Now you will see your newly created command box on Custom Commands Menu, click on it and you will see the result 🙂
# VIEW USER INFO SCRIPT
I will show you howto create custom command for specific User Info with input box.
Create a new Custom Command ,
As showed in the image below . . .
After entering all details, click on SAVE.
Now you will see View User Info Box on Custom Commands menu, Enter any valid user id (which exists on AD Users) and click on view user info button.
As showed in the image below . . .
Result . . .
As showed in the image below . . .
6) CREATE USER IN WEBMIN USERS & Grant Custom Command Rights
Now we will create a support staff user account and grant Custom Commands rights only , so when the support staff logged in to webmin, they see only Custom Commands Box, (Not all webmin access)
Goto Webmin / Webmin Users
Click on Create a new Webmin user
As showed in the image below . . .
In User name, type your user name
In Password field, select SET TO and enter password in the box.
In Available Webmin modules section, select Custom Commands
Click SAVE to finish.
As showed in the image below . . .
Now logout Webmin and again login with the new user id you just created in above step.
After successfully logedin . . .
User will see only Custom Commands Menu . . .
TIP: You can replace WEBMIN default logo with your company logo , default image location is/usr/share/webmin/images/webmin-blue.png
To change webmin default 10000 port
To change webmin default port which is 10000, you have to edit minisev.conf , following is an example. Open it and change port (usually appears in 1st line to one required)
sudo nano -w /etc/webmin/miniserv.conf
SCRIPTS EXAMPLES
</pre> <pre>root@linux:/scripts# cat viewpcname.sh sshpass -p 'freesshd_passowrd' ssh zaib@10.0.0.1 dsquery computer -limit 1000 | sort > /scripts/temp.txt sed -e 's/"CN=//g' -e 's/,CN=Computers,DC=YOURDOMAINNAME"//g' -e 's/,OU=WSUS,DC=agp1"//g' /scripts/temp.txt cat alluserinfo.sh sshpass -p 'freesshd_password' ssh zaib@10.0.0.1 'cmd /c dsquery user -limit 0 | dsget user -dn -disabled -display -email -dept -title' > /scripts/temp.txt cat /scripts/temp.txt root@linux:/scripts# cat disableuser.sh sshpass -p 'freesshd_password' ssh zaib@10.0.0.1 Net user $UID /DOMAIN /active:NO root@linux:/scripts# cat inactiveusers.sh sshpass -p 'freesshd_password' ssh zaib@10.0.0.1 'cmd /c dsquery user "dc=YOURDOMAINNAME" -inactive 2 | dsget user -display -email -dept -title'> /scripts/temp.txt sort /scripts/temp.txt -o /scripts/temp.txt cat /scripts/temp.txt root@linux:/scripts# cat viewdisabledusers.sh sshpass -p 'freesshd_password' ssh ssh@10.0.0.1 'cmd /c dsquery user -disabled | dsget user -display -email -dept -title' > /scripts/temp.txt cat /scripts/temp.txt root@linux:/scripts# cat enableuser.sh sshpass -p 'freesshd_password' ssh zaib@10.0.0.1 Net user $UID /DOMAIN /active:YES root@linux:/scripts# cat userinfo.sh sshpass -p 'freesshd_password' ssh zaib@10.0.0.1 Net user $UID /domain
More commands references are available here.
https://aacable.wordpress.com/2013/01/16/active-directory-dsquery-miscellenous-commands-with-syntax/
Regard’s
SYED JAHANZAIB
aacable [at] hotmail . com
Syed Jahanzaib - Personal Blog to Share Knowledge ! 