update to 3.6.23

x86_64: install cups backend under %{_prefix}/lib/cups, not %{_libdir}/cups
x86_64: install pam and nss libraries under /lib64 instead of /lib
use patch to fix smbd link against libtirpc instead of passing LDFLAGS [release 3.6.23-1mamba;Wed Apr 02 2014]

README.md

@@ -1,2 +1,4 @@
 # samba
 
+Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients.
+

samba-3.0.23-smbldaptools-rootbinddn.patch

@@ -0,0 +1,57 @@
+--- samba-3.0.23/examples/LDAP/smbldap-tools-0.9.2/smbldap_tools.pm	2006-01-03 11:57:41.000000000 +0100
++++ samba-3.0.23/examples/LDAP/smbldap-tools-0.9.2/smbldap_tools.pm.fix	2006-10-10 10:12:42.000000000 +0200
+@@ -32,15 +32,15 @@
+ # ugly funcs using global variables and spawning openldap clients
+ 
+ my $smbldap_conf;
+-if (-e "/etc/smbldap-tools/smbldap.conf") {
+-	$smbldap_conf="/etc/smbldap-tools/smbldap.conf";
++if (-e "/etc/samba/smbldap-tools/smbldap.conf") {
++	$smbldap_conf="/etc/samba/smbldap-tools/smbldap.conf";
+ } else {
+ 	$smbldap_conf="/etc/opt/IDEALX/smbldap-tools/smbldap.conf";
+ }
+ 
+ my $smbldap_bind_conf;
+-if (-e "/etc/smbldap-tools/smbldap_bind.conf") {
+-	$smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf";
++if (-e "/etc/samba/smbldap-tools/smbldap_bind.conf") {
++	$smbldap_bind_conf="/etc/samba/smbldap-tools/smbldap_bind.conf";
+ } else {
+ 	$smbldap_bind_conf="/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf";
+ }
+@@ -51,6 +51,10 @@
+ 	$samba_conf="/usr/local/samba/lib/smb.conf";
+ }
+ 
++# system-wide LDAP configuration files
++my $ldap_conf="/etc/ldap.conf";
++my $ldap_secret="/etc/ldap.secret";
++
+ use vars       qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+ use Exporter;
+ $VERSION = 1.00;
+@@ -168,7 +172,22 @@
+ 		$conf{$parameter}=$value;
+ 	  }
+ 	  close (CONFIGFILE);
+-	} else {
++
++	  if (open (CONFIGFILE, "$ldap_secret")) {
++		$conf{masterPw} = <CONFIGFILE>;
++		chomp($conf{masterPw});
++		close (CONFIGFILE);
++
++		open (CONFIGFILE, "$ldap_conf") || die "Unable to open $ldap_conf for reading !\n";
++		while (<CONFIGFILE>) {
++		    chomp($_);
++		    next if ( ! /^\s*rootbinddn\s*.*/ );
++		    $_ =~ s/^\s*rootbinddn\s*(.*)$/$1/;
++		    $conf{masterDN}=$_;
++		}
++		close (CONFIGFILE);
++	  }
++        } else {
+ 	  $conf{slaveDN}=$conf{slavePw}=$conf{masterDN}=$conf{masterPw}="";
+ 	}
+        # automatically find SID

samba-3.2.4-remove_strlcpy_strlcat.patch

@@ -0,0 +1,48 @@
+diff -Nru samba-3.2.4.orig/source/client/mount.cifs.c samba-3.2.4/source/client/mount.cifs.c
+--- samba-3.2.4.orig/source/client/mount.cifs.c	2008-09-18 08:49:02.000000000 +0200
++++ samba-3.2.4/source/client/mount.cifs.c	2008-10-02 12:30:24.000000000 +0200
+@@ -89,44 +89,6 @@
+ char * domain_name = NULL;
+ char * prefixpath = NULL;
+ 
+-/* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We
+- * don't link to libreplace so need them here. */
+-
+-/* like strncpy but does not 0 fill the buffer and always null
+- *    terminates. bufsize is the size of the destination buffer */
+-static size_t strlcpy(char *d, const char *s, size_t bufsize)
+-{
+-	size_t len = strlen(s);
+-	size_t ret = len;
+-	if (bufsize <= 0) return 0;
+-	if (len >= bufsize) len = bufsize-1;
+-	memcpy(d, s, len);
+-	d[len] = 0;
+-	return ret;
+-}
+-
+-/* like strncat but does not 0 fill the buffer and always null
+- *    terminates. bufsize is the length of the buffer, which should
+- *       be one more than the maximum resulting string length */
+-static size_t strlcat(char *d, const char *s, size_t bufsize)
+-{
+-	size_t len1 = strlen(d);
+-	size_t len2 = strlen(s);
+-	size_t ret = len1 + len2;
+-
+-	if (len1+len2 >= bufsize) {
+-		if (bufsize < (len1+1)) {
+-			return ret;
+-		}
+-		len2 = bufsize - (len1+1);
+-	}
+-	if (len2 > 0) {
+-		memcpy(d+len1, s, len2);
+-		d[len1+len2] = 0;
+-	}
+-	return ret;
+-}
+-
+ /* BB finish BB
+ 
+         cifs_umount

samba-3.5.8-mount_disable_setuid_check.patch

@@ -0,0 +1,22 @@
+Files a/client/.mount.cifs.c.swp and b/client/.mount.cifs.c.swp differ
+diff -Nur a/client/mount.cifs.c b/client/mount.cifs.c
+--- a/client/mount.cifs.c	2010-04-01 15:26:22.000000000 +0200
++++ b/client/mount.cifs.c	2010-04-15 13:20:41.997470980 +0200
+@@ -97,7 +97,7 @@
+  * error if it is. If you wish to disable this check, then set the following
+  * #define to 1, but please realize that you do so at your own peril.
+  */
+-#define CIFS_DISABLE_SETUID_CHECK 0
++#define CIFS_DISABLE_SETUID_CHECK 1
+ 
+ /*
+  * By default, mount.cifs follows the conventions set forth by /bin/mount
+@@ -112,7 +112,7 @@
+  * The legacy behavior is now disabled by default. To reenable it, set the
+  * following #define to true.
+  */
+-#define CIFS_LEGACY_SETUID_CHECK 0
++#define CIFS_LEGACY_SETUID_CHECK 1
+ 
+ /*
+  * When an unprivileged user runs a setuid mount.cifs, we set certain mount

samba-3.6.23-link-tirpc.patch

@@ -0,0 +1,24 @@
+diff -Nru samba-3.6.23/source3.orig/Makefile.in samba-3.6.23/source3/Makefile.in
+--- samba-3.6.23/source3.orig/Makefile.in	2014-03-11 10:17:34.000000000 +0000
++++ samba-3.6.23/source3/Makefile.in	2014-04-02 13:19:38.225103348 +0000
+@@ -1783,7 +1783,7 @@
+ 		$(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
+ 		$(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \
+ 		$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTEVENT_LIBS) $(LIBTDB_LIBS) \
+-		$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
++		$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) -ltirpc
+ 
+ bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTEVENT) $(LIBTDB) $(LIBWBCLIENT)
+ 	@echo Linking $@
+diff -Nru samba-3.6.23/source3.orig/wscript_build samba-3.6.23/source3/wscript_build
+--- samba-3.6.23/source3.orig/wscript_build	2014-03-11 10:17:34.000000000 +0000
++++ samba-3.6.23/source3/wscript_build	2014-04-02 13:20:04.037796492 +0000
+@@ -850,7 +850,7 @@
+ 
+ bld.SAMBA3_LIBRARY('smbd_base',
+                     source=SMBD_SRC_BASE,
+-                    deps='''tdb tevent dl krb5 ldap gssapi gssapi_krb5
++                    deps='''tirpc tdb tevent dl krb5 ldap gssapi gssapi_krb5
+                     DYNCONFIG wbclient crypt nsl cups cap resolv z passdb
+                     PARAM_WITHOUT_REG samba3core LIBSMB POPT_SAMBA3 KRBCLIENT AVAHI
+                     LIBMSRPC_GEN msrpc3 ads LIBADS_SERVER LIBADS_PRINTER

samba-conf

@@ -0,0 +1,86 @@
+[global]
+    unix charset = UTF-8
+    netbios name = %HOSTNAME
+    server string =
+    workgroup = %DOMAIN
+    os level = 64
+    preferred master = no
+    domain master = no
+    local master = no
+    security = user
+    guest account = guest
+    passdb backend = smbpasswd
+    encrypt passwords = yes
+    domain logons = no
+    log file = /var/log/samba/log.%m
+    log level = 1
+    logon path = \\%L\profiles\%U
+    logon drive = H:
+    logon home = \\%N\home\%u
+    logon script = logon.cmd
+#    ldap machine suffix = ou=Machines
+#    ldap user suffix = ou=People
+#    ldap group suffix = ou=Groups
+#    ldap idmap suffix = ou=Idmap
+    load printers = yes
+    printing = cups
+    printcap name = cups
+#    add user script= /usr/lib/samba/sbin/smbldap-useradd -a -m '%u'
+#    delete user script = /usr/lib/samba/sbin/smbldap-userdel %u
+#    add group script = /usr/lib/samba/sbin/smbldap-groupadd -p '%g'
+#    delete group script = /usr/lib/samba/sbin/smbldap-groupdel '%g'
+#    add user to group script = /usr/lib/samba/sbin/smbldap-groupmod -m '%u' '%g'
+#    delete user from group script = /usr/lib/samba/sbin/smbldap-groupmod -x '%u' '%g'
+#    set primary group script = /usr/lib/samba/sbin/smbldap-usermod -g '%g' '%u'
+#    add machine script = /usr/lib/samba/sbin/smbldap-useradd -w '%u'
+    map acl inherit = Yes
+    winbind separator = /
+
+[netlogon]
+    comment = Network Logon Service
+    path = /var/lib/samba/netlogon
+    guest ok = Yes
+    locking = no
+
+[profiles]
+    comment = Profile Share
+    path = /var/lib/samba/profiles
+    read only = no
+    profile acls = Yes
+    create mask = 0600
+    directory mask = 0700
+
+[profdata]
+    comment = Profile Data Share
+    path = /var/lib/samba/profdata
+    read only = No
+    profile acls = Yes
+
+[homes]
+    comment = Home Directory for : %u
+    path = /home/%u
+    read only = No
+    browseable = No
+    root preexec = /usr/lib/samba/sbin/mkhomedir.sh %u
+
+[shared]
+    comment = Shared files for user %u
+    path = /home/%u/shared
+
+[print$]
+    comment = Printer Drivers
+    path = /var/lib/samba/drivers
+    browseable = yes
+    guest ok = no
+    read only = yes
+    write list = Administrator
+
+[printers]
+    comment = SMB Print spool
+    path = /var/spool/samba
+    browseable = no
+    public = yes
+    guest ok = yes
+    writable = no
+    printable = yes
+    printer admin = Administrator, @ntadmins

samba-initscript

@@ -0,0 +1,57 @@
+#!/bin/sh
+# Copyright (c) 2003-2007 Silvan Calarco <ilvan.calarco@mambasotf@org>
+# Copyright (c) 2007 Davide Madrisan <davide.madrisan@gmail.com>
+#
+# chkconfig: 2345 55 15
+# description: start Samba daemons (nmbd and smbd)
+
+. /etc/sysconfig/rc
+. $rc_functions
+
+NAME=samba
+NMBD=/usr/sbin/nmbd
+SMBD=/usr/sbin/smbd
+NMBDPID=/run/nmbd.pid
+SMBDPID=/run/smbd.pid
+
+[ -x $SMBD -a -x $NMBD ] || exit 0
+
+[ -r /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME
+
+case "$1" in
+   start)
+      echo -n "Starting nmbd: "
+      daemon --pidfile=$NMBDPID $NMBD -D
+      evaluate_retval; echo
+      echo -n "Starting smbd: "
+      daemon --pidfile=$SMBDPID $SMBD -D
+      evaluate_retval; echo
+   ;;
+   stop)
+      echo -n "Stopping nmbd: "
+      killproc -p $NMBDPID $NMBD -TERM
+      echo
+      sleep 1
+      echo -n "Stopping smbd: "
+      killproc -p $SMBDPID $SMBD -TERM
+      echo
+   ;;
+   reload)
+      echo -n "Reloading smbd: "
+      reloadproc $SMBD
+      echo
+   ;;
+   restart|force-reload)
+      $0 stop
+      sleep 1
+      $0 start
+   ;;
+   status)
+      statusproc $NMBD
+      statusproc $SMBD
+   ;;
+   *)
+      echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|status}"
+      exit 1
+   ;;
+esac

samba-ld.so.conf

@@ -0,0 +1 @@
+/usr/lib/samba

samba-lmhosts

@@ -0,0 +1,7 @@
+# This file provides the same function that the lmhosts file does for
+# Windows. It's another way to map netbios names to ip addresses.
+#
+# Cf. section 'name resolve order' in the manual page of smb.conf for
+# more information.
+
+127.0.0.1	localhost

samba-mkhomedir.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+# mkhomedir.sh -- automatically create user homedirs for Samba DC users
+# Copyright (C) 2005 Silvan Calarco <silvan.calarco@qilinux.it>
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License version 2 as published by the
+# Free Software Foundation.  There is NO warranty; not even for MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# me=${0##*/}
+
+[ "$1" ] || {
+echo "Usage: $0 <user>"
+exit 1;
+}
+getent passwd $1 >/dev/null || {
+echo "Error: user $1 does not exits. Exiting."
+exit 1;
+}
+
+[ -e "/home" ] || {
+echo "Error: directory /home does not exits. Exiting."
+exit 1;
+}
+
+HOMEUSER=$1
+HOMEDIR=/home/$1
+
+[ -e "$HOMEDIR" ] && exit 0;
+
+cp -a /etc/skel $HOMEDIR
+chown -R "$HOMEUSER":"Domain Users" $HOMEDIR
+
+

samba-pam

@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth       sufficient   pam_unix.so
+auth       include      system-auth
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
+session    required     pam_limits.so
+#session    optional     pam_console.so

samba-qilinux_smbldap_conf.sh

@@ -0,0 +1,285 @@
+#!/bin/bash
+#
+# qilinux_samba_ldap.sh : 
+# Configures LDAP directory for use with SAMBA as a PDC
+# as well as Idealx SMB-LDAP scripts
+#
+# Copyright (c) 2004 by Silvan Calarco <silvan.calarco@qilinux.it>
+#
+source /etc/rc.d/init.d/ldap-functions
+source /etc/sysconfig/defaults
+
+test $UID = 0 ||
+ { echo "error: $0: must be superuser" >&2
+    { (exit 1); exit 1; }; }
+
+set_ldap_environment
+case $? in
+        0) ;;
+        1) echo "error: $0: cannot read base dn from /etc/ldap.conf; aborting.";
+ exit 1 ;;
+        *) echo "error: $0: cannot find host DN. Check HOSTDC in /etc/sysconfig/
+ldap." ;;
+esac 
+   
+argc=$#
+for ((i=1; i<=argc; i++)); do
+   case ${!i} in
+   *) if test -z "$LDAPPASSWORD"; then LDAPPASSWORD=${!i}
+      fi
+   esac
+done
+
+tempfile=`tempfile 2>/dev/null` || tempfile=/tmp/qilinux_samba_ldap.ldif
+trap "rm -f $tempfile" 0 1 2 5 15
+
+echo "Configuring Samba"
+# this must be done before any other thing or net getlocalsid won't work
+grep "ldap suffix" /etc/samba/smb.conf > /dev/null
+if [ $? -eq 1 ]; then
+    sed -i "/.*logon script.*/a\\
+    ldap admin dn = $LDAPBINDDN\\
+    ldap server = 127.0.0.1\\
+    ldap port = 636\\
+    ldap ssl = start tls\\
+    ldap suffix = $LDAPHOSTDN" /etc/samba/smb.conf
+fi
+
+grep "ldap machine suffix" /etc/samba/smb.conf > /dev/null
+if [ $? -eq 1 ]; then
+    sed -i "/.*ldap suffix.*/a\\
+    ldap user suffix = ou=People\\
+    ldap group suffix = ou=Groups\\
+    ldap machine suffix = ou=Domain Computers\\
+    ldap idmap suffix = ou=Idmap" /etc/samba/smb.conf
+fi
+
+sed -i "s|passdb backend =.*)|passdb backend = ldapsam|" /etc/samba/smb.conf
+
+echo "Setting samba password for LDAP"
+smbpasswd -w "`cat /etc/ldap.secret`"
+
+echo "Adding LDAP entries"
+DESTHOME="/home"
+DN=$LDAPHOSTDN
+STSID="`net getlocalsid 2>/dev/null`" || { echo "Error getting localsid. Aborting."; exit 1; }
+SID=${STSID#*: }
+sed -i "s|\$SID=.*|\$SID=\'$SID\';| 
+        s|\$suffix = .*|\$suffix = \"$DN\";|
+	s|\$binddn = .*|\$binddn = \"$LDAPBINDDN\";|
+        s|\$UID_START = .*|\$UID_START = $MINUID;|
+        s|\$GID_START = .*|\$GID_START = $MINUID;|" \
+        /etc/samba/smbldap-tools/smbldap.conf
+
+cat > $tempfile << _EOF
+#
+# $DN: LDAP base DN
+# $DESTHOME: /home
+# $_userSmbHome (optional)
+# $_userHomeDrive (optional)
+# $_userProfile (optional)
+# $SID: machine SID
+
+dn: ou=Groups,$LDAPHOSTDN
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Machines,$LDAPHOSTDN
+objectClass: organizationalUnit
+ou: Machines
+
+dn: uid=Administrator,ou=People,$LDAPHOSTDN
+cn: Administrator
+sn: Administrator
+objectClass: inetOrgPerson
+objectClass: sambaSamAccount
+objectClass: posixAccount
+gidNumber: 65400
+uid: Administrator
+uidNumber: 65400
+homeDirectory: $DESTHOME/Administrator
+sambaPwdLastSet: 0
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdCanChange: 0
+sambaPwdMustChange: 2147483647
+sambaPrimaryGroupSID: $SID-65400
+sambaLMPassword: XXX
+sambaNTPassword: XXX
+sambaAcctFlags: [U          ]
+sambaSID: $SID-2996
+loginShell: /bin/false
+gecos: Netbios Domain Administrator
+
+dn: uid=guest,ou=People,$LDAPHOSTDN
+cn: guest
+sn: guest
+objectClass: inetOrgPerson
+objectClass: sambaSamAccount
+objectClass: posixAccount
+gidNumber: 65401
+uid: guest
+uidNumber: 65401
+homeDirectory: /dev/null
+sambaPwdLastSet: 0
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdCanChange: 0
+sambaPwdMustChange: 2147483647
+sambaPrimaryGroupSID: $SID-514
+sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
+sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
+sambaAcctFlags: [NU         ]
+sambaSID: $SID-2998
+loginShell: /bin/false
+
+dn: cn=Domain Admins,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65400
+cn: Domain Admins
+memberUid: Administrator
+description: Netbios Domain Administrators
+sambaSID: $SID-65400
+sambaGroupType: 2
+displayName: Domain Admins
+
+dn: cn=Domain Users,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65401
+cn: Domain Users
+description: Netbios Domain Users
+sambaSID: $SID-65401
+sambaGroupType: 2
+displayName: Domain Users
+
+dn: cn=Domain Guests,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65402
+cn: Domain Guests
+description: Netbios Domain Guests Users
+sambaSID: $SID-65402
+sambaGroupType: 2
+displayName: Domain Guests
+
+dn: cn=Administrators,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65403
+cn: Administrators
+description: Netbios Domain Members can fully administer the computer/sambaDomainName
+sambaSID: $SID-65403
+sambaGroupType: 2
+displayName: Administrators
+
+dn: cn=Users,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65404
+cn: Users
+description: Netbios Domain Ordinary users
+sambaSID: $SID-65404
+sambaGroupType: 2
+displayName: users
+
+dn: cn=Guests,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65405
+cn: Guests
+memberUid: guest
+description: Netbios Domain Users granted guest access to the computer/sambaDomainName
+sambaSID: $SID-65405
+sambaGroupType: 2
+displayName: Guests
+
+dn: cn=Power Users,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65406
+cn: Power Users
+description: Netbios Domain Members can share directories and printers
+sambaSID: $SID-65406
+sambaGroupType: 2
+displayName: Power Users
+
+dn: cn=Account Operators,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65407
+cn: Account Operators
+description: Netbios Domain Users to manipulate users accounts
+sambaSID: $SID-65407
+sambaGroupType: 2
+displayName: Account Operators
+
+dn: cn=Server Operators,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65408
+cn: Server Operators
+description: Netbios Domain Server Operators
+sambaSID: $SID-65408
+sambaGroupType: 2
+displayName: Server Operators
+
+dn: cn=Print Operators,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65409
+cn: Print Operators
+description: Netbios Domain Print Operators
+sambaSID: $SID-65409
+sambaGroupType: 2
+displayName: Print Operators
+
+dn: cn=Backup Operators,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65410
+cn: Backup Operators
+description: Netbios Domain Members can bypass file security to back up files
+sambaSID: $SID-65410
+sambaGroupType: 2
+displayName: Backup Operators
+
+dn: cn=Replicator,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65411
+cn: Replicator
+description: Netbios Domain Supports file replication in a sambaDomainName
+sambaSID: $SID-65411
+sambaGroupType: 2
+displayName: Replicator
+
+dn: cn=Domain Computers,ou=Groups,$LDAPHOSTDN
+objectClass: posixGroup
+objectClass: sambaGroupMapping
+gidNumber: 65412
+cn: Domain Computers
+description: Netbios Domain Computers accounts
+sambaSID: $SID-65412
+sambaGroupType: 2
+displayName: Domain Computers
+
+dn: ou=Idmap,$LDAPHOSTDN
+objectClass: organizationalUnit
+ou: idmap
+#structuralObjectClass: organizationalUnit
+_EOF
+
+echo $LDAPBINDDN $LDAPPASSWORD
+if test -z "$LDAPPASSWORD"; then
+	ldapadd -x -c -D $LDAPBINDDN -W -h localhost -f $tempfile
+else
+	ldapadd -x -c -D $LDAPBINDDN -w $LDAPPASSWORD -h localhost -f $tempfile 
+fi
+
+rm -f $tempfile
+
+exit 0

samba-smbldap_conf.pm

@@ -0,0 +1,198 @@
+# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
+# $Id: smbldap.conf,v 1.17 2005/01/29 15:00:54 jtournier Exp $
+#
+# smbldap-tools.conf : Q & D configuration file for smbldap-tools
+
+#  This code was developped by IDEALX (http://IDEALX.org/) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+#
+#                 Copyright (C) 2001-2002 IDEALX
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public License
+#  as published by the Free Software Foundation; either version 2
+#  of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+#  USA.
+
+#  Purpose :
+#       . be the configuration file for all smbldap-tools scripts
+
+##############################################################################
+#
+# General Configuration
+#
+##############################################################################
+
+# Put your own SID
+# to obtain this number do: net getlocalsid
+SID="S-1-5-21-4054337095-2523087664-1495155603"
+
+##############################################################################
+#
+# LDAP Configuration
+#
+##############################################################################
+
+# Notes: to use to dual ldap servers backend for Samba, you must patch
+# Samba with the dual-head patch from IDEALX. If not using this patch
+# just use the same server for slaveLDAP and masterLDAP.
+# Those two servers declarations can also be used when you have 
+# . one master LDAP server where all writing operations must be done
+# . one slave LDAP server where all reading operations must be done
+#   (typically a replication directory)
+
+# Ex: slaveLDAP=127.0.0.1
+slaveLDAP="127.0.0.1"
+slavePort="389"
+
+# Master LDAP : needed for write operations
+# Ex: masterLDAP=127.0.0.1
+masterLDAP="127.0.0.1"
+masterPort="389"
+
+# Use TLS for LDAP
+# If set to 1, this option will use start_tls for connection
+# (you should also used the port 389)
+ldapTLS="0"
+
+# How to verify the server's certificate (none, optional or require)
+# see "man Net::LDAP" in start_tls section for more details
+verify="require"
+
+# CA certificate
+# see "man Net::LDAP" in start_tls section for more details
+cafile="/etc/samba/smbldap-tools/ca.pem"
+
+# certificate to use to connect to the ldap server
+# see "man Net::LDAP" in start_tls section for more details
+clientcert="/etc/samba/smbldap-tools/smbldap-tools.pem"
+
+# key certificate to use to connect to the ldap server
+# see "man Net::LDAP" in start_tls section for more details
+clientkey="/etc/samba/smbldap-tools/smbldap-tools.key"
+
+# LDAP Suffix
+# Ex: suffix=dc=IDEALX,dc=ORG
+suffix="dc=idealx,dc=org"
+
+# Where are stored Users
+# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
+usersdn="ou=People,${suffix}"
+
+# Where are stored Computers
+# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
+computersdn="ou=Machines,${suffix}"
+
+# Where are stored Groups
+# Ex groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
+groupsdn="ou=Groups,${suffix}"
+
+# Where are stored Idmap entries (used if samba is a domain member server)
+# Ex groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
+idmapdn="ou=Idmap,${suffix}"
+
+# Where to store next uidNumber and gidNumber available
+sambaUnixIdPooldn="ou=Idmap,${suffix}"
+
+# Default scope Used
+scope="sub"
+
+# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
+hash_encrypt="SSHA"
+
+# if hash_encrypt is set to CRYPT, you may set a salt format.
+# default is "%s", but many systems will generate MD5 hashed
+# passwords if you use "$1$%.8s". This parameter is optional!
+crypt_salt_format="%s"
+
+##############################################################################
+# 
+# Unix Accounts Configuration
+# 
+##############################################################################
+
+# Login defs
+# Default Login Shell
+# Ex: userLoginShell="/bin/bash"
+userLoginShell="/bin/false"
+
+# Home directory
+# Ex: userHome="/home/%U"
+userHome="/dev/null"
+
+# Gecos
+userGecos="System User"
+
+# Default User (POSIX and Samba) GID
+defaultUserGid="65401"
+
+# Default Computer (Samba) GID
+defaultComputerGid="65412"
+
+# Skel dir
+skeletonDir="/etc/skel"
+
+# Default password validation time (time in days) Comment the next line if
+# you don't want password to be enable for defaultMaxPasswordAge days (be
+# careful to the sambaPwdMustChange attribute's value)
+defaultMaxPasswordAge="99"
+
+##############################################################################
+#
+# SAMBA Configuration
+#
+##############################################################################
+
+# The UNC path to home drives location (%U username substitution)
+# Ex: \\My-PDC-netbios-name\homes\%U
+# Just set it to a null string if you want to use the smb.conf 'logon home'
+# directive and/or disable roaming profiles
+userSmbHome="\\PDC-SMB3\homes\%U"
+
+# The UNC path to profiles locations (%U username substitution)
+# Ex: \\My-PDC-netbios-name\profiles\%U
+# Just set it to a null string if you want to use the smb.conf 'logon path'
+# directive and/or disable roaming profiles
+userProfile="\\PDC-SMB3\profiles\%U"
+
+# The default Home Drive Letter mapping
+# (will be automatically mapped at logon time if home directory exist)
+# Ex: H: for H:
+userHomeDrive="H:"
+
+# The default user netlogon script name (%U username substitution)
+# if not used, will be automatically username.cmd
+# make sure script file is edited under dos
+# Ex: %U.cmd
+# userScript="startup.cmd" # make sure script file is edited under dos
+userScript="%U.cmd"
+
+# Domain appended to the users "mail"-attribute
+# when smbldap-useradd -M is used
+mailDomain="idealx.com"
+
+##############################################################################
+#
+# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
+#
+##############################################################################
+
+# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
+# prefer Crypt::SmbHash library
+with_smbpasswd="0"
+smbpasswd="/usr/bin/smbpasswd"
+
+# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
+# but prefer Crypt:: libraries
+with_slappasswd="0"
+slappasswd="/usr/sbin/slappasswd"
+

samba-smbusers

@@ -0,0 +1 @@
+root = Administrator

samba-swat_desktopfile

@@ -0,0 +1,15 @@
+[Desktop Entry]
+Version=1.0
+Encoding=UTF-8
+Name=SWAT
+GenericName=Samba Web Administration tool
+GenericName[fr]=Interface de configuration Web de samba
+GenericName[it]=Interfaccia di amministrazione di Samba
+Comment=Configure Samba via Swat Web interface
+Comment[fr]=Configure Samba depuis l'interface Web Swat
+Comment[it]=Configura Samba con l'interfaccia Web Swat
+Exec=konqueror http://localhost:901
+Type=Application
+Icon=samba
+Terminal=false
+Categories=Application;System;

samba-xinetd-swat

@@ -0,0 +1,15 @@
+# default: off
+# description: SWAT is the Samba Web Admin Tool. Use swat \
+#              to configure your Samba server. To use SWAT, \
+#              connect to port 901 with your favorite web browser.
+service swat
+{
+        port            = 901
+        socket_type     = stream
+        wait            = no
+        only_from       = 127.0.0.1
+        user            = root
+        server          = /usr/sbin/swat
+        log_on_failure  += USERID
+        disable         = no
+}

winbind-initscript

@@ -0,0 +1,75 @@
+#!/bin/sh
+#
+# chkconfig: 345 91 35
+# description: Starts and stops the Samba winbind daemon
+#
+# pidfile: /run/winbindd.pid
+# config:  /etc/samba/smb.conf
+
+# source function library
+. /etc/sysconfig/rc
+. $rc_functions
+
+NAME=winbindd
+DAEMON=/usr/sbin/$NAME
+DAEMONPID=/run/$NAME.pid
+DAEMONCONF=/etc/samba/smb.conf
+OPTIONS=""
+
+[ -x $DAEMON ] || exit 0
+
+# source networking configuration
+. /etc/sysconfig/network
+
+# check that networking is up
+[ ${NETWORKING} = "no" ] && exit 0
+
+# avoid using root's TMPDIR
+unset TMPDIR
+
+[ -r /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME
+
+# check that smb.conf exists
+[ -r $DAEMONCONF ] || exit 0
+
+RETVAL=0
+
+case "$1" in
+   start)
+      echo -n $"Starting $NAME: "
+      daemon --pidfile=$DAEMONPID $DAEMON $OPTIONS
+      RETVAL=$?
+      echo
+      [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$NAME
+   ;;
+   stop)
+      echo -n $"Stopping $NAME: "
+      killproc -p $DAEMONPID $DAEMON
+      RETVAL=$?
+      echo
+      [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$NAME $DAEMONPID
+   ;;
+   restart|force-reload)
+      $0 stop
+      sleep 1
+      $0 start
+   ;;
+   reload)
+      echo -n "Reloading $NAME: "
+      reloadproc $DAEMON
+      echo
+   ;;
+   condrestart)
+      [ -e /var/lock/subsys/$NAME ] && $0 restart || :
+   ;;
+   status)
+      statusproc $DAEMON
+      RETVAL=$?
+   ;;
+   *)
+      echo $"Usage: ""/etc/init.d/$NAME {start|stop|status|reload|restart|condrestart}"
+      exit 1
+   ;;
+esac
+
+exit $?

winbind-nm-dispatcher

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+INTERFACE=$1 # The interface which is brought up or down
+STATUS=$2 # The new state of the interface
+
+case "$STATUS" in
+    'up') # $INTERFACE is up
+        [ -f /var/run/samba/winbindd.pid ] || /sbin/service winbind start
+        ;;
+    'down') # $INTERFACE is down
+        ;;
+esac