Here is the Nagios plugin for checking Samba authentication.
In this case samba is configured with security = domain (which is user-level security).
This means that samba server is member of Windows domain (has machine account in domain) and samba server sends authentication requests to domain controllers (PDC or BDC).
Reminder one: to join samba server to the Windows domain, use the command:
net rpc join -U username
(username is Windows account that has right to add a machine to the domain).
Reminder two: in this configuration you still need Unix account for the user, say NIS one (yes, samba server is NIS client)
#!/bin/sh
#set -x
# Nagios states
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4
# Variables for end
RESULT=""
EXIT_STATUS=${STATE_OK}
PROGNAME=`/bin/basename $0`
SMBCLIENT="/usr/sfw/bin/smbclient"
GREP="/usr/bin/grep"
AWK="/usr/bin/awk"
# - Camelot account
USER=smbcheck
PASS='my_passwd'
DOMAIN=mydomain
# -- function: end script with output
endscript () {
echo ${RESULT}
exit ${EXIT_STATUS}
}
# -- function: usage of script
usage () {
echo "\
Nagios plugin to check if user 'smbcheck' can authenticate to MYDOMAIN
Usage:
${PROGNAME} -H <host>
${PROGNAME} --help
"
}
# -- function: HELP
help () {
echo; usage; echo
}
# Check if there is only one argument
if [ $# -lt 1 ] || [ $# -gt 2 ]; then
usage
exit ${STATE_UNKNOWN}
fi
while [ -n "$1" ] # true if first argument is non-null
do
case $1 in
--help | -h )
help
exit ${STATE_OK};;
-H )
shift
HOST=$1;;
* )
usage
exit ${STATE_UNKNOWN};;
esac
shift # if there is no shift, script will continue with host as null
done
OUTPUT=`${SMBCLIENT} //${HOST}/homes -c "pwd" -U ${USER}%${PASS} -W ${DOMAIN} 2>&1 |${GREP} Domain=`
if [ "$?" -eq "0" ]
then
RESULT="OK Authentication successful on ${OUTPUT}"
EXIT_STATUS=${STATE_OK}
else
RESULT="Authentication failed on ${DOMAIN}: ${OUTPUT}"
EXIT_STATUS=${STATE_CRITICAL}
fi
endscript
|