update to 3.6.23

x86_64: install cups backend under %{_prefix}/lib/cups, not %{_libdir}/cups
x86_64: install pam and nss libraries under /lib64 instead of /lib
use patch to fix smbd link against libtirpc instead of passing LDFLAGS [release 3.6.23-1mamba;Wed Apr 02 2014]
This commit is contained in:
Silvan Calarco 2024-01-05 17:37:14 +01:00
parent 76757d10f4
commit 690f4a096f
19 changed files with 1979 additions and 0 deletions

View File

@ -1,2 +1,4 @@
# samba # samba
Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients.

View File

@ -0,0 +1,57 @@
--- samba-3.0.23/examples/LDAP/smbldap-tools-0.9.2/smbldap_tools.pm 2006-01-03 11:57:41.000000000 +0100
+++ samba-3.0.23/examples/LDAP/smbldap-tools-0.9.2/smbldap_tools.pm.fix 2006-10-10 10:12:42.000000000 +0200
@@ -32,15 +32,15 @@
# ugly funcs using global variables and spawning openldap clients
my $smbldap_conf;
-if (-e "/etc/smbldap-tools/smbldap.conf") {
- $smbldap_conf="/etc/smbldap-tools/smbldap.conf";
+if (-e "/etc/samba/smbldap-tools/smbldap.conf") {
+ $smbldap_conf="/etc/samba/smbldap-tools/smbldap.conf";
} else {
$smbldap_conf="/etc/opt/IDEALX/smbldap-tools/smbldap.conf";
}
my $smbldap_bind_conf;
-if (-e "/etc/smbldap-tools/smbldap_bind.conf") {
- $smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf";
+if (-e "/etc/samba/smbldap-tools/smbldap_bind.conf") {
+ $smbldap_bind_conf="/etc/samba/smbldap-tools/smbldap_bind.conf";
} else {
$smbldap_bind_conf="/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf";
}
@@ -51,6 +51,10 @@
$samba_conf="/usr/local/samba/lib/smb.conf";
}
+# system-wide LDAP configuration files
+my $ldap_conf="/etc/ldap.conf";
+my $ldap_secret="/etc/ldap.secret";
+
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
use Exporter;
$VERSION = 1.00;
@@ -168,7 +172,22 @@
$conf{$parameter}=$value;
}
close (CONFIGFILE);
- } else {
+
+ if (open (CONFIGFILE, "$ldap_secret")) {
+ $conf{masterPw} = <CONFIGFILE>;
+ chomp($conf{masterPw});
+ close (CONFIGFILE);
+
+ open (CONFIGFILE, "$ldap_conf") || die "Unable to open $ldap_conf for reading !\n";
+ while (<CONFIGFILE>) {
+ chomp($_);
+ next if ( ! /^\s*rootbinddn\s*.*/ );
+ $_ =~ s/^\s*rootbinddn\s*(.*)$/$1/;
+ $conf{masterDN}=$_;
+ }
+ close (CONFIGFILE);
+ }
+ } else {
$conf{slaveDN}=$conf{slavePw}=$conf{masterDN}=$conf{masterPw}="";
}
# automatically find SID

View File

@ -0,0 +1,48 @@
diff -Nru samba-3.2.4.orig/source/client/mount.cifs.c samba-3.2.4/source/client/mount.cifs.c
--- samba-3.2.4.orig/source/client/mount.cifs.c 2008-09-18 08:49:02.000000000 +0200
+++ samba-3.2.4/source/client/mount.cifs.c 2008-10-02 12:30:24.000000000 +0200
@@ -89,44 +89,6 @@
char * domain_name = NULL;
char * prefixpath = NULL;
-/* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We
- * don't link to libreplace so need them here. */
-
-/* like strncpy but does not 0 fill the buffer and always null
- * terminates. bufsize is the size of the destination buffer */
-static size_t strlcpy(char *d, const char *s, size_t bufsize)
-{
- size_t len = strlen(s);
- size_t ret = len;
- if (bufsize <= 0) return 0;
- if (len >= bufsize) len = bufsize-1;
- memcpy(d, s, len);
- d[len] = 0;
- return ret;
-}
-
-/* like strncat but does not 0 fill the buffer and always null
- * terminates. bufsize is the length of the buffer, which should
- * be one more than the maximum resulting string length */
-static size_t strlcat(char *d, const char *s, size_t bufsize)
-{
- size_t len1 = strlen(d);
- size_t len2 = strlen(s);
- size_t ret = len1 + len2;
-
- if (len1+len2 >= bufsize) {
- if (bufsize < (len1+1)) {
- return ret;
- }
- len2 = bufsize - (len1+1);
- }
- if (len2 > 0) {
- memcpy(d+len1, s, len2);
- d[len1+len2] = 0;
- }
- return ret;
-}
-
/* BB finish BB
cifs_umount

View File

@ -0,0 +1,22 @@
Files a/client/.mount.cifs.c.swp and b/client/.mount.cifs.c.swp differ
diff -Nur a/client/mount.cifs.c b/client/mount.cifs.c
--- a/client/mount.cifs.c 2010-04-01 15:26:22.000000000 +0200
+++ b/client/mount.cifs.c 2010-04-15 13:20:41.997470980 +0200
@@ -97,7 +97,7 @@
* error if it is. If you wish to disable this check, then set the following
* #define to 1, but please realize that you do so at your own peril.
*/
-#define CIFS_DISABLE_SETUID_CHECK 0
+#define CIFS_DISABLE_SETUID_CHECK 1
/*
* By default, mount.cifs follows the conventions set forth by /bin/mount
@@ -112,7 +112,7 @@
* The legacy behavior is now disabled by default. To reenable it, set the
* following #define to true.
*/
-#define CIFS_LEGACY_SETUID_CHECK 0
+#define CIFS_LEGACY_SETUID_CHECK 1
/*
* When an unprivileged user runs a setuid mount.cifs, we set certain mount

View File

@ -0,0 +1,24 @@
diff -Nru samba-3.6.23/source3.orig/Makefile.in samba-3.6.23/source3/Makefile.in
--- samba-3.6.23/source3.orig/Makefile.in 2014-03-11 10:17:34.000000000 +0000
+++ samba-3.6.23/source3/Makefile.in 2014-04-02 13:19:38.225103348 +0000
@@ -1783,7 +1783,7 @@
$(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
$(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \
$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTEVENT_LIBS) $(LIBTDB_LIBS) \
- $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
+ $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) -ltirpc
bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTEVENT) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
diff -Nru samba-3.6.23/source3.orig/wscript_build samba-3.6.23/source3/wscript_build
--- samba-3.6.23/source3.orig/wscript_build 2014-03-11 10:17:34.000000000 +0000
+++ samba-3.6.23/source3/wscript_build 2014-04-02 13:20:04.037796492 +0000
@@ -850,7 +850,7 @@
bld.SAMBA3_LIBRARY('smbd_base',
source=SMBD_SRC_BASE,
- deps='''tdb tevent dl krb5 ldap gssapi gssapi_krb5
+ deps='''tirpc tdb tevent dl krb5 ldap gssapi gssapi_krb5
DYNCONFIG wbclient crypt nsl cups cap resolv z passdb
PARAM_WITHOUT_REG samba3core LIBSMB POPT_SAMBA3 KRBCLIENT AVAHI
LIBMSRPC_GEN msrpc3 ads LIBADS_SERVER LIBADS_PRINTER

86
samba-conf Normal file
View File

@ -0,0 +1,86 @@
[global]
unix charset = UTF-8
netbios name = %HOSTNAME
server string =
workgroup = %DOMAIN
os level = 64
preferred master = no
domain master = no
local master = no
security = user
guest account = guest
passdb backend = smbpasswd
encrypt passwords = yes
domain logons = no
log file = /var/log/samba/log.%m
log level = 1
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%N\home\%u
logon script = logon.cmd
# ldap machine suffix = ou=Machines
# ldap user suffix = ou=People
# ldap group suffix = ou=Groups
# ldap idmap suffix = ou=Idmap
load printers = yes
printing = cups
printcap name = cups
# add user script= /usr/lib/samba/sbin/smbldap-useradd -a -m '%u'
# delete user script = /usr/lib/samba/sbin/smbldap-userdel %u
# add group script = /usr/lib/samba/sbin/smbldap-groupadd -p '%g'
# delete group script = /usr/lib/samba/sbin/smbldap-groupdel '%g'
# add user to group script = /usr/lib/samba/sbin/smbldap-groupmod -m '%u' '%g'
# delete user from group script = /usr/lib/samba/sbin/smbldap-groupmod -x '%u' '%g'
# set primary group script = /usr/lib/samba/sbin/smbldap-usermod -g '%g' '%u'
# add machine script = /usr/lib/samba/sbin/smbldap-useradd -w '%u'
map acl inherit = Yes
winbind separator = /
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = no
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = no
profile acls = Yes
create mask = 0600
directory mask = 0700
[profdata]
comment = Profile Data Share
path = /var/lib/samba/profdata
read only = No
profile acls = Yes
[homes]
comment = Home Directory for : %u
path = /home/%u
read only = No
browseable = No
root preexec = /usr/lib/samba/sbin/mkhomedir.sh %u
[shared]
comment = Shared files for user %u
path = /home/%u/shared
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
browseable = yes
guest ok = no
read only = yes
write list = Administrator
[printers]
comment = SMB Print spool
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes
printer admin = Administrator, @ntadmins

57
samba-initscript Normal file
View File

@ -0,0 +1,57 @@
#!/bin/sh
# Copyright (c) 2003-2007 Silvan Calarco <ilvan.calarco@mambasotf@org>
# Copyright (c) 2007 Davide Madrisan <davide.madrisan@gmail.com>
#
# chkconfig: 2345 55 15
# description: start Samba daemons (nmbd and smbd)
. /etc/sysconfig/rc
. $rc_functions
NAME=samba
NMBD=/usr/sbin/nmbd
SMBD=/usr/sbin/smbd
NMBDPID=/run/nmbd.pid
SMBDPID=/run/smbd.pid
[ -x $SMBD -a -x $NMBD ] || exit 0
[ -r /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME
case "$1" in
start)
echo -n "Starting nmbd: "
daemon --pidfile=$NMBDPID $NMBD -D
evaluate_retval; echo
echo -n "Starting smbd: "
daemon --pidfile=$SMBDPID $SMBD -D
evaluate_retval; echo
;;
stop)
echo -n "Stopping nmbd: "
killproc -p $NMBDPID $NMBD -TERM
echo
sleep 1
echo -n "Stopping smbd: "
killproc -p $SMBDPID $SMBD -TERM
echo
;;
reload)
echo -n "Reloading smbd: "
reloadproc $SMBD
echo
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
status)
statusproc $NMBD
statusproc $SMBD
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac

1
samba-ld.so.conf Normal file
View File

@ -0,0 +1 @@
/usr/lib/samba

7
samba-lmhosts Normal file
View File

@ -0,0 +1,7 @@
# This file provides the same function that the lmhosts file does for
# Windows. It's another way to map netbios names to ip addresses.
#
# Cf. section 'name resolve order' in the manual page of smb.conf for
# more information.
127.0.0.1 localhost

34
samba-mkhomedir.sh Normal file
View File

@ -0,0 +1,34 @@
#!/bin/sh
# mkhomedir.sh -- automatically create user homedirs for Samba DC users
# Copyright (C) 2005 Silvan Calarco <silvan.calarco@qilinux.it>
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License version 2 as published by the
# Free Software Foundation. There is NO warranty; not even for MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.
#
# me=${0##*/}
[ "$1" ] || {
echo "Usage: $0 <user>"
exit 1;
}
getent passwd $1 >/dev/null || {
echo "Error: user $1 does not exits. Exiting."
exit 1;
}
[ -e "/home" ] || {
echo "Error: directory /home does not exits. Exiting."
exit 1;
}
HOMEUSER=$1
HOMEDIR=/home/$1
[ -e "$HOMEDIR" ] && exit 0;
cp -a /etc/skel $HOMEDIR
chown -R "$HOMEUSER":"Domain Users" $HOMEDIR

8
samba-pam Normal file
View File

@ -0,0 +1,8 @@
#%PAM-1.0
auth sufficient pam_unix.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_limits.so
#session optional pam_console.so

View File

@ -0,0 +1,285 @@
#!/bin/bash
#
# qilinux_samba_ldap.sh :
# Configures LDAP directory for use with SAMBA as a PDC
# as well as Idealx SMB-LDAP scripts
#
# Copyright (c) 2004 by Silvan Calarco <silvan.calarco@qilinux.it>
#
source /etc/rc.d/init.d/ldap-functions
source /etc/sysconfig/defaults
test $UID = 0 ||
{ echo "error: $0: must be superuser" >&2
{ (exit 1); exit 1; }; }
set_ldap_environment
case $? in
0) ;;
1) echo "error: $0: cannot read base dn from /etc/ldap.conf; aborting.";
exit 1 ;;
*) echo "error: $0: cannot find host DN. Check HOSTDC in /etc/sysconfig/
ldap." ;;
esac
argc=$#
for ((i=1; i<=argc; i++)); do
case ${!i} in
*) if test -z "$LDAPPASSWORD"; then LDAPPASSWORD=${!i}
fi
esac
done
tempfile=`tempfile 2>/dev/null` || tempfile=/tmp/qilinux_samba_ldap.ldif
trap "rm -f $tempfile" 0 1 2 5 15
echo "Configuring Samba"
# this must be done before any other thing or net getlocalsid won't work
grep "ldap suffix" /etc/samba/smb.conf > /dev/null
if [ $? -eq 1 ]; then
sed -i "/.*logon script.*/a\\
ldap admin dn = $LDAPBINDDN\\
ldap server = 127.0.0.1\\
ldap port = 636\\
ldap ssl = start tls\\
ldap suffix = $LDAPHOSTDN" /etc/samba/smb.conf
fi
grep "ldap machine suffix" /etc/samba/smb.conf > /dev/null
if [ $? -eq 1 ]; then
sed -i "/.*ldap suffix.*/a\\
ldap user suffix = ou=People\\
ldap group suffix = ou=Groups\\
ldap machine suffix = ou=Domain Computers\\
ldap idmap suffix = ou=Idmap" /etc/samba/smb.conf
fi
sed -i "s|passdb backend =.*)|passdb backend = ldapsam|" /etc/samba/smb.conf
echo "Setting samba password for LDAP"
smbpasswd -w "`cat /etc/ldap.secret`"
echo "Adding LDAP entries"
DESTHOME="/home"
DN=$LDAPHOSTDN
STSID="`net getlocalsid 2>/dev/null`" || { echo "Error getting localsid. Aborting."; exit 1; }
SID=${STSID#*: }
sed -i "s|\$SID=.*|\$SID=\'$SID\';|
s|\$suffix = .*|\$suffix = \"$DN\";|
s|\$binddn = .*|\$binddn = \"$LDAPBINDDN\";|
s|\$UID_START = .*|\$UID_START = $MINUID;|
s|\$GID_START = .*|\$GID_START = $MINUID;|" \
/etc/samba/smbldap-tools/smbldap.conf
cat > $tempfile << _EOF
#
# $DN: LDAP base DN
# $DESTHOME: /home
# $_userSmbHome (optional)
# $_userHomeDrive (optional)
# $_userProfile (optional)
# $SID: machine SID
dn: ou=Groups,$LDAPHOSTDN
objectClass: organizationalUnit
ou: Groups
dn: ou=Machines,$LDAPHOSTDN
objectClass: organizationalUnit
ou: Machines
dn: uid=Administrator,ou=People,$LDAPHOSTDN
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
gidNumber: 65400
uid: Administrator
uidNumber: 65400
homeDirectory: $DESTHOME/Administrator
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaPrimaryGroupSID: $SID-65400
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaAcctFlags: [U ]
sambaSID: $SID-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
dn: uid=guest,ou=People,$LDAPHOSTDN
cn: guest
sn: guest
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
gidNumber: 65401
uid: guest
uidNumber: 65401
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaPrimaryGroupSID: $SID-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NU ]
sambaSID: $SID-2998
loginShell: /bin/false
dn: cn=Domain Admins,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65400
cn: Domain Admins
memberUid: Administrator
description: Netbios Domain Administrators
sambaSID: $SID-65400
sambaGroupType: 2
displayName: Domain Admins
dn: cn=Domain Users,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65401
cn: Domain Users
description: Netbios Domain Users
sambaSID: $SID-65401
sambaGroupType: 2
displayName: Domain Users
dn: cn=Domain Guests,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65402
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: $SID-65402
sambaGroupType: 2
displayName: Domain Guests
dn: cn=Administrators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65403
cn: Administrators
description: Netbios Domain Members can fully administer the computer/sambaDomainName
sambaSID: $SID-65403
sambaGroupType: 2
displayName: Administrators
dn: cn=Users,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65404
cn: Users
description: Netbios Domain Ordinary users
sambaSID: $SID-65404
sambaGroupType: 2
displayName: users
dn: cn=Guests,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65405
cn: Guests
memberUid: guest
description: Netbios Domain Users granted guest access to the computer/sambaDomainName
sambaSID: $SID-65405
sambaGroupType: 2
displayName: Guests
dn: cn=Power Users,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65406
cn: Power Users
description: Netbios Domain Members can share directories and printers
sambaSID: $SID-65406
sambaGroupType: 2
displayName: Power Users
dn: cn=Account Operators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65407
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: $SID-65407
sambaGroupType: 2
displayName: Account Operators
dn: cn=Server Operators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65408
cn: Server Operators
description: Netbios Domain Server Operators
sambaSID: $SID-65408
sambaGroupType: 2
displayName: Server Operators
dn: cn=Print Operators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65409
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: $SID-65409
sambaGroupType: 2
displayName: Print Operators
dn: cn=Backup Operators,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65410
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up files
sambaSID: $SID-65410
sambaGroupType: 2
displayName: Backup Operators
dn: cn=Replicator,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65411
cn: Replicator
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: $SID-65411
sambaGroupType: 2
displayName: Replicator
dn: cn=Domain Computers,ou=Groups,$LDAPHOSTDN
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 65412
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: $SID-65412
sambaGroupType: 2
displayName: Domain Computers
dn: ou=Idmap,$LDAPHOSTDN
objectClass: organizationalUnit
ou: idmap
#structuralObjectClass: organizationalUnit
_EOF
echo $LDAPBINDDN $LDAPPASSWORD
if test -z "$LDAPPASSWORD"; then
ldapadd -x -c -D $LDAPBINDDN -W -h localhost -f $tempfile
else
ldapadd -x -c -D $LDAPBINDDN -w $LDAPPASSWORD -h localhost -f $tempfile
fi
rm -f $tempfile
exit 0

198
samba-smbldap_conf.pm Normal file
View File

@ -0,0 +1,198 @@
# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
# $Id: smbldap.conf,v 1.17 2005/01/29 15:00:54 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
# Purpose :
# . be the configuration file for all smbldap-tools scripts
##############################################################################
#
# General Configuration
#
##############################################################################
# Put your own SID
# to obtain this number do: net getlocalsid
SID="S-1-5-21-4054337095-2523087664-1495155603"
##############################################################################
#
# LDAP Configuration
#
##############################################################################
# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)
# Ex: slaveLDAP=127.0.0.1
slaveLDAP="127.0.0.1"
slavePort="389"
# Master LDAP : needed for write operations
# Ex: masterLDAP=127.0.0.1
masterLDAP="127.0.0.1"
masterPort="389"
# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
ldapTLS="0"
# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="require"
# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile="/etc/samba/smbldap-tools/ca.pem"
# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/samba/smbldap-tools/smbldap-tools.pem"
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/samba/smbldap-tools/smbldap-tools.key"
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=idealx,dc=org"
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
usersdn="ou=People,${suffix}"
# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
computersdn="ou=Machines,${suffix}"
# Where are stored Groups
# Ex groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
groupsdn="ou=Groups,${suffix}"
# Where are stored Idmap entries (used if samba is a domain member server)
# Ex groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
idmapdn="ou=Idmap,${suffix}"
# Where to store next uidNumber and gidNumber available
sambaUnixIdPooldn="ou=Idmap,${suffix}"
# Default scope Used
scope="sub"
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt="SSHA"
# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
crypt_salt_format="%s"
##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################
# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/false"
# Home directory
# Ex: userHome="/home/%U"
userHome="/dev/null"
# Gecos
userGecos="System User"
# Default User (POSIX and Samba) GID
defaultUserGid="65401"
# Default Computer (Samba) GID
defaultComputerGid="65412"
# Skel dir
skeletonDir="/etc/skel"
# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="99"
##############################################################################
#
# SAMBA Configuration
#
##############################################################################
# The UNC path to home drives location (%U username substitution)
# Ex: \\My-PDC-netbios-name\homes\%U
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
userSmbHome="\\PDC-SMB3\homes\%U"
# The UNC path to profiles locations (%U username substitution)
# Ex: \\My-PDC-netbios-name\profiles\%U
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
userProfile="\\PDC-SMB3\profiles\%U"
# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: H: for H:
userHomeDrive="H:"
# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: %U.cmd
# userScript="startup.cmd" # make sure script file is edited under dos
userScript="%U.cmd"
# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
mailDomain="idealx.com"
##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

1
samba-smbusers Normal file
View File

@ -0,0 +1 @@
root = Administrator

15
samba-swat_desktopfile Normal file
View File

@ -0,0 +1,15 @@
[Desktop Entry]
Version=1.0
Encoding=UTF-8
Name=SWAT
GenericName=Samba Web Administration tool
GenericName[fr]=Interface de configuration Web de samba
GenericName[it]=Interfaccia di amministrazione di Samba
Comment=Configure Samba via Swat Web interface
Comment[fr]=Configure Samba depuis l'interface Web Swat
Comment[it]=Configura Samba con l'interfaccia Web Swat
Exec=konqueror http://localhost:901
Type=Application
Icon=samba
Terminal=false
Categories=Application;System;

15
samba-xinetd-swat Normal file
View File

@ -0,0 +1,15 @@
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
port = 901
socket_type = stream
wait = no
only_from = 127.0.0.1
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = no
}

1032
samba.spec Normal file

File diff suppressed because it is too large Load Diff

75
winbind-initscript Normal file
View File

@ -0,0 +1,75 @@
#!/bin/sh
#
# chkconfig: 345 91 35
# description: Starts and stops the Samba winbind daemon
#
# pidfile: /run/winbindd.pid
# config: /etc/samba/smb.conf
# source function library
. /etc/sysconfig/rc
. $rc_functions
NAME=winbindd
DAEMON=/usr/sbin/$NAME
DAEMONPID=/run/$NAME.pid
DAEMONCONF=/etc/samba/smb.conf
OPTIONS=""
[ -x $DAEMON ] || exit 0
# source networking configuration
. /etc/sysconfig/network
# check that networking is up
[ ${NETWORKING} = "no" ] && exit 0
# avoid using root's TMPDIR
unset TMPDIR
[ -r /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME
# check that smb.conf exists
[ -r $DAEMONCONF ] || exit 0
RETVAL=0
case "$1" in
start)
echo -n $"Starting $NAME: "
daemon --pidfile=$DAEMONPID $DAEMON $OPTIONS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$NAME
;;
stop)
echo -n $"Stopping $NAME: "
killproc -p $DAEMONPID $DAEMON
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$NAME $DAEMONPID
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
reload)
echo -n "Reloading $NAME: "
reloadproc $DAEMON
echo
;;
condrestart)
[ -e /var/lock/subsys/$NAME ] && $0 restart || :
;;
status)
statusproc $DAEMON
RETVAL=$?
;;
*)
echo $"Usage: ""/etc/init.d/$NAME {start|stop|status|reload|restart|condrestart}"
exit 1
;;
esac
exit $?

12
winbind-nm-dispatcher Normal file
View File

@ -0,0 +1,12 @@
#!/bin/sh
INTERFACE=$1 # The interface which is brought up or down
STATUS=$2 # The new state of the interface
case "$STATUS" in
'up') # $INTERFACE is up
[ -f /var/run/samba/winbindd.pid ] || /sbin/service winbind start
;;
'down') # $INTERFACE is down
;;
esac