samba/samba-qilinux_smbldap_conf.sh

286 lines
7.1 KiB
Bash
Raw Permalink Normal View History

#!/bin/bash
#
# qilinux_samba_ldap.sh :
# Configures LDAP directory for use with SAMBA as a PDC
# as well as Idealx SMB-LDAP scripts
#
# Copyright (c) 2004 by Silvan Calarco <silvan.calarco@qilinux.it>
#
source /etc/rc.d/init.d/ldap-functions
source /etc/sysconfig/defaults
test $UID = 0 ||
{ echo "error: $0: must be superuser" >&2
{ (exit 1); exit 1; }; }
set_ldap_environment
case $? in
0) ;;
1) echo "error: $0: cannot read base dn from /etc/ldap.conf; aborting.";
exit 1 ;;
*) echo "error: $0: cannot find host DN. Check HOSTDC in /etc/sysconfig/
ldap." ;;
esac
argc=$#
for ((i=1; i<=argc; i++)); do
case ${!i} in
*) if test -z "$LDAPPASSWORD"; then LDAPPASSWORD=${!i}
fi
esac
done
tempfile=`tempfile 2>/dev/null` || tempfile=/tmp/qilinux_samba_ldap.ldif
trap "rm -f $tempfile" 0 1 2 5 15
echo "Configuring Samba"
# this must be done before any other thing or net getlocalsid won't work
grep "ldap suffix" /etc/samba/smb.conf > /dev/null
if [ $? -eq 1 ]; then
sed -i "/.*logon script.*/a\\
ldap admin dn = $LDAPBINDDN\\
ldap server = 127.0.0.1\\
ldap port = 636\\
ldap ssl = start tls\\
ldap suffix = $LDAPHOSTDN" /etc/samba/smb.conf
fi
grep "ldap machine suffix" /etc/samba/smb.conf > /dev/null
if [ $? -eq 1 ]; then
sed -i "/.*ldap suffix.*/a\\
ldap user suffix = ou=People\\
ldap group suffix = ou=Groups\\
ldap machine suffix = ou=Domain Computers\\
ldap idmap suffix = ou=Idmap" /etc/samba/smb.conf
fi
sed -i "s|passdb backend =.*)|passdb backend = ldapsam|" /etc/samba/smb.conf
echo "Setting samba password for LDAP"
smbpasswd -w "`cat /etc/ldap.secret`"
echo "Adding LDAP entries"
DESTHOME="/home"
DN=$LDAPHOSTDN
STSID="`net getlocalsid 2>/dev/null`" || { echo "Error getting localsid. Aborting."; exit 1; }
SID=${STSID#*: }
sed -i "s|\$SID=.*|\$SID=\'$SID\';|
s|\$suffix = .*|\$suffix = \"$DN\";|
s|\$binddn = .*|\$binddn = \"$LDAPBINDDN\";|
s|\$UID_START = .*|\$UID_START = $MINUID;|
s|\$GID_START = .*|\$GID_START = $MINUID;|" \
/etc/samba/smbldap-tools/smbldap.conf
cat > $tempfile << _EOF
#
# $DN: LDAP base DN
# $DESTHOME: /home
# $_userSmbHome (optional)
# $_userHomeDrive (optional)
# $_userProfile (optional)
# $SID: machine SID
dn: ou=Groups,$LDAPHOSTDN
objectClass: organizationalUnit
ou: Groups
dn: ou=Machines,$LDAPHOSTDN
objectClass: organizationalUnit
ou: Machines
dn: uid=Administrator,ou=People,$LDAPHOSTDN
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
gidNumber: 65400
uid: Administrator
uidNumber: 65400
homeDirectory: $DESTHOME/Administrator
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaPrimaryGroupSID: $SID-65400
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaAcctFlags: [U ]
sambaSID: $SID-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
dn: uid=guest,ou=People,$LDAPHOSTDN
cn: guest
sn: guest
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
gidNumber: 65401
uid: guest
uidNumber: 65401
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaPrimaryGroupSID: $SID-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NU ]
sambaSID: $SID-2998
loginShell: /bin/false
dn: cn=Domain Admins,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65400
cn: Domain Admins
memberUid: Administrator
description: Netbios Domain Administrators
sambaSID: $SID-65400
sambaGroupType: 2
displayName: Domain Admins
dn: cn=Domain Users,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65401
cn: Domain Users
description: Netbios Domain Users
sambaSID: $SID-65401
sambaGroupType: 2
displayName: Domain Users
dn: cn=Domain Guests,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65402
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: $SID-65402
sambaGroupType: 2
displayName: Domain Guests
dn: cn=Administrators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65403
cn: Administrators
description: Netbios Domain Members can fully administer the computer/sambaDomainName
sambaSID: $SID-65403
sambaGroupType: 2
displayName: Administrators
dn: cn=Users,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65404
cn: Users
description: Netbios Domain Ordinary users
sambaSID: $SID-65404
sambaGroupType: 2
displayName: users
dn: cn=Guests,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65405
cn: Guests
memberUid: guest
description: Netbios Domain Users granted guest access to the computer/sambaDomainName
sambaSID: $SID-65405
sambaGroupType: 2
displayName: Guests
dn: cn=Power Users,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65406
cn: Power Users
description: Netbios Domain Members can share directories and printers
sambaSID: $SID-65406
sambaGroupType: 2
displayName: Power Users
dn: cn=Account Operators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65407
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: $SID-65407
sambaGroupType: 2
displayName: Account Operators
dn: cn=Server Operators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65408
cn: Server Operators
description: Netbios Domain Server Operators
sambaSID: $SID-65408
sambaGroupType: 2
displayName: Server Operators
dn: cn=Print Operators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65409
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: $SID-65409
sambaGroupType: 2
displayName: Print Operators
dn: cn=Backup Operators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65410
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up files
sambaSID: $SID-65410
sambaGroupType: 2
displayName: Backup Operators
dn: cn=Replicator,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65411
cn: Replicator
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: $SID-65411
sambaGroupType: 2
displayName: Replicator
dn: cn=Domain Computers,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65412
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: $SID-65412
sambaGroupType: 2
displayName: Domain Computers
dn: ou=Idmap,$LDAPHOSTDN
objectClass: organizationalUnit
ou: idmap
#structuralObjectClass: organizationalUnit
_EOF
echo $LDAPBINDDN $LDAPPASSWORD
if test -z "$LDAPPASSWORD"; then
ldapadd -x -c -D $LDAPBINDDN -W -h localhost -f $tempfile
else
ldapadd -x -c -D $LDAPBINDDN -w $LDAPPASSWORD -h localhost -f $tempfile
fi
rm -f $tempfile
exit 0