199 lines
6.4 KiB
Perl
199 lines
6.4 KiB
Perl
|
# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
|
||
|
# $Id: smbldap.conf,v 1.17 2005/01/29 15:00:54 jtournier Exp $
|
||
|
#
|
||
|
# smbldap-tools.conf : Q & D configuration file for smbldap-tools
|
||
|
|
||
|
# This code was developped by IDEALX (http://IDEALX.org/) and
|
||
|
# contributors (their names can be found in the CONTRIBUTORS file).
|
||
|
#
|
||
|
# Copyright (C) 2001-2002 IDEALX
|
||
|
#
|
||
|
# This program is free software; you can redistribute it and/or
|
||
|
# modify it under the terms of the GNU General Public License
|
||
|
# as published by the Free Software Foundation; either version 2
|
||
|
# of the License, or (at your option) any later version.
|
||
|
#
|
||
|
# This program is distributed in the hope that it will be useful,
|
||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
# GNU General Public License for more details.
|
||
|
#
|
||
|
# You should have received a copy of the GNU General Public License
|
||
|
# along with this program; if not, write to the Free Software
|
||
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||
|
# USA.
|
||
|
|
||
|
# Purpose :
|
||
|
# . be the configuration file for all smbldap-tools scripts
|
||
|
|
||
|
##############################################################################
|
||
|
#
|
||
|
# General Configuration
|
||
|
#
|
||
|
##############################################################################
|
||
|
|
||
|
# Put your own SID
|
||
|
# to obtain this number do: net getlocalsid
|
||
|
SID="S-1-5-21-4054337095-2523087664-1495155603"
|
||
|
|
||
|
##############################################################################
|
||
|
#
|
||
|
# LDAP Configuration
|
||
|
#
|
||
|
##############################################################################
|
||
|
|
||
|
# Notes: to use to dual ldap servers backend for Samba, you must patch
|
||
|
# Samba with the dual-head patch from IDEALX. If not using this patch
|
||
|
# just use the same server for slaveLDAP and masterLDAP.
|
||
|
# Those two servers declarations can also be used when you have
|
||
|
# . one master LDAP server where all writing operations must be done
|
||
|
# . one slave LDAP server where all reading operations must be done
|
||
|
# (typically a replication directory)
|
||
|
|
||
|
# Ex: slaveLDAP=127.0.0.1
|
||
|
slaveLDAP="127.0.0.1"
|
||
|
slavePort="389"
|
||
|
|
||
|
# Master LDAP : needed for write operations
|
||
|
# Ex: masterLDAP=127.0.0.1
|
||
|
masterLDAP="127.0.0.1"
|
||
|
masterPort="389"
|
||
|
|
||
|
# Use TLS for LDAP
|
||
|
# If set to 1, this option will use start_tls for connection
|
||
|
# (you should also used the port 389)
|
||
|
ldapTLS="0"
|
||
|
|
||
|
# How to verify the server's certificate (none, optional or require)
|
||
|
# see "man Net::LDAP" in start_tls section for more details
|
||
|
verify="require"
|
||
|
|
||
|
# CA certificate
|
||
|
# see "man Net::LDAP" in start_tls section for more details
|
||
|
cafile="/etc/samba/smbldap-tools/ca.pem"
|
||
|
|
||
|
# certificate to use to connect to the ldap server
|
||
|
# see "man Net::LDAP" in start_tls section for more details
|
||
|
clientcert="/etc/samba/smbldap-tools/smbldap-tools.pem"
|
||
|
|
||
|
# key certificate to use to connect to the ldap server
|
||
|
# see "man Net::LDAP" in start_tls section for more details
|
||
|
clientkey="/etc/samba/smbldap-tools/smbldap-tools.key"
|
||
|
|
||
|
# LDAP Suffix
|
||
|
# Ex: suffix=dc=IDEALX,dc=ORG
|
||
|
suffix="dc=idealx,dc=org"
|
||
|
|
||
|
# Where are stored Users
|
||
|
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
|
||
|
usersdn="ou=People,${suffix}"
|
||
|
|
||
|
# Where are stored Computers
|
||
|
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
|
||
|
computersdn="ou=Machines,${suffix}"
|
||
|
|
||
|
# Where are stored Groups
|
||
|
# Ex groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
|
||
|
groupsdn="ou=Groups,${suffix}"
|
||
|
|
||
|
# Where are stored Idmap entries (used if samba is a domain member server)
|
||
|
# Ex groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
|
||
|
idmapdn="ou=Idmap,${suffix}"
|
||
|
|
||
|
# Where to store next uidNumber and gidNumber available
|
||
|
sambaUnixIdPooldn="ou=Idmap,${suffix}"
|
||
|
|
||
|
# Default scope Used
|
||
|
scope="sub"
|
||
|
|
||
|
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
|
||
|
hash_encrypt="SSHA"
|
||
|
|
||
|
# if hash_encrypt is set to CRYPT, you may set a salt format.
|
||
|
# default is "%s", but many systems will generate MD5 hashed
|
||
|
# passwords if you use "$1$%.8s". This parameter is optional!
|
||
|
crypt_salt_format="%s"
|
||
|
|
||
|
##############################################################################
|
||
|
#
|
||
|
# Unix Accounts Configuration
|
||
|
#
|
||
|
##############################################################################
|
||
|
|
||
|
# Login defs
|
||
|
# Default Login Shell
|
||
|
# Ex: userLoginShell="/bin/bash"
|
||
|
userLoginShell="/bin/false"
|
||
|
|
||
|
# Home directory
|
||
|
# Ex: userHome="/home/%U"
|
||
|
userHome="/dev/null"
|
||
|
|
||
|
# Gecos
|
||
|
userGecos="System User"
|
||
|
|
||
|
# Default User (POSIX and Samba) GID
|
||
|
defaultUserGid="65401"
|
||
|
|
||
|
# Default Computer (Samba) GID
|
||
|
defaultComputerGid="65412"
|
||
|
|
||
|
# Skel dir
|
||
|
skeletonDir="/etc/skel"
|
||
|
|
||
|
# Default password validation time (time in days) Comment the next line if
|
||
|
# you don't want password to be enable for defaultMaxPasswordAge days (be
|
||
|
# careful to the sambaPwdMustChange attribute's value)
|
||
|
defaultMaxPasswordAge="99"
|
||
|
|
||
|
##############################################################################
|
||
|
#
|
||
|
# SAMBA Configuration
|
||
|
#
|
||
|
##############################################################################
|
||
|
|
||
|
# The UNC path to home drives location (%U username substitution)
|
||
|
# Ex: \\My-PDC-netbios-name\homes\%U
|
||
|
# Just set it to a null string if you want to use the smb.conf 'logon home'
|
||
|
# directive and/or disable roaming profiles
|
||
|
userSmbHome="\\PDC-SMB3\homes\%U"
|
||
|
|
||
|
# The UNC path to profiles locations (%U username substitution)
|
||
|
# Ex: \\My-PDC-netbios-name\profiles\%U
|
||
|
# Just set it to a null string if you want to use the smb.conf 'logon path'
|
||
|
# directive and/or disable roaming profiles
|
||
|
userProfile="\\PDC-SMB3\profiles\%U"
|
||
|
|
||
|
# The default Home Drive Letter mapping
|
||
|
# (will be automatically mapped at logon time if home directory exist)
|
||
|
# Ex: H: for H:
|
||
|
userHomeDrive="H:"
|
||
|
|
||
|
# The default user netlogon script name (%U username substitution)
|
||
|
# if not used, will be automatically username.cmd
|
||
|
# make sure script file is edited under dos
|
||
|
# Ex: %U.cmd
|
||
|
# userScript="startup.cmd" # make sure script file is edited under dos
|
||
|
userScript="%U.cmd"
|
||
|
|
||
|
# Domain appended to the users "mail"-attribute
|
||
|
# when smbldap-useradd -M is used
|
||
|
mailDomain="idealx.com"
|
||
|
|
||
|
##############################################################################
|
||
|
#
|
||
|
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
|
||
|
#
|
||
|
##############################################################################
|
||
|
|
||
|
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
|
||
|
# prefer Crypt::SmbHash library
|
||
|
with_smbpasswd="0"
|
||
|
smbpasswd="/usr/bin/smbpasswd"
|
||
|
|
||
|
# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
|
||
|
# but prefer Crypt:: libraries
|
||
|
with_slappasswd="0"
|
||
|
slappasswd="/usr/sbin/slappasswd"
|
||
|
|