#!/bin/bash # # qilinux_samba_ldap.sh : # Configures LDAP directory for use with SAMBA as a PDC # as well as Idealx SMB-LDAP scripts # # Copyright (c) 2004 by Silvan Calarco # source /etc/rc.d/init.d/ldap-functions source /etc/sysconfig/defaults test $UID = 0 || { echo "error: $0: must be superuser" >&2 { (exit 1); exit 1; }; } set_ldap_environment case $? in 0) ;; 1) echo "error: $0: cannot read base dn from /etc/ldap.conf; aborting."; exit 1 ;; *) echo "error: $0: cannot find host DN. Check HOSTDC in /etc/sysconfig/ ldap." ;; esac argc=$# for ((i=1; i<=argc; i++)); do case ${!i} in *) if test -z "$LDAPPASSWORD"; then LDAPPASSWORD=${!i} fi esac done tempfile=`tempfile 2>/dev/null` || tempfile=/tmp/qilinux_samba_ldap.ldif trap "rm -f $tempfile" 0 1 2 5 15 echo "Configuring Samba" # this must be done before any other thing or net getlocalsid won't work grep "ldap suffix" /etc/samba/smb.conf > /dev/null if [ $? -eq 1 ]; then sed -i "/.*logon script.*/a\\ ldap admin dn = $LDAPBINDDN\\ ldap server = 127.0.0.1\\ ldap port = 636\\ ldap ssl = start tls\\ ldap suffix = $LDAPHOSTDN" /etc/samba/smb.conf fi grep "ldap machine suffix" /etc/samba/smb.conf > /dev/null if [ $? -eq 1 ]; then sed -i "/.*ldap suffix.*/a\\ ldap user suffix = ou=People\\ ldap group suffix = ou=Groups\\ ldap machine suffix = ou=Domain Computers\\ ldap idmap suffix = ou=Idmap" /etc/samba/smb.conf fi sed -i "s|passdb backend =.*)|passdb backend = ldapsam|" /etc/samba/smb.conf echo "Setting samba password for LDAP" smbpasswd -w "`cat /etc/ldap.secret`" echo "Adding LDAP entries" DESTHOME="/home" DN=$LDAPHOSTDN STSID="`net getlocalsid 2>/dev/null`" || { echo "Error getting localsid. Aborting."; exit 1; } SID=${STSID#*: } sed -i "s|\$SID=.*|\$SID=\'$SID\';| s|\$suffix = .*|\$suffix = \"$DN\";| s|\$binddn = .*|\$binddn = \"$LDAPBINDDN\";| s|\$UID_START = .*|\$UID_START = $MINUID;| s|\$GID_START = .*|\$GID_START = $MINUID;|" \ /etc/samba/smbldap-tools/smbldap.conf cat > $tempfile << _EOF # # $DN: LDAP base DN # $DESTHOME: /home # $_userSmbHome (optional) # $_userHomeDrive (optional) # $_userProfile (optional) # $SID: machine SID dn: ou=Groups,$LDAPHOSTDN objectClass: organizationalUnit ou: Groups dn: ou=Machines,$LDAPHOSTDN objectClass: organizationalUnit ou: Machines dn: uid=Administrator,ou=People,$LDAPHOSTDN cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount gidNumber: 65400 uid: Administrator uidNumber: 65400 homeDirectory: $DESTHOME/Administrator sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaPrimaryGroupSID: $SID-65400 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: $SID-2996 loginShell: /bin/false gecos: Netbios Domain Administrator dn: uid=guest,ou=People,$LDAPHOSTDN cn: guest sn: guest objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount gidNumber: 65401 uid: guest uidNumber: 65401 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaPrimaryGroupSID: $SID-514 sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaAcctFlags: [NU ] sambaSID: $SID-2998 loginShell: /bin/false dn: cn=Domain Admins,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65400 cn: Domain Admins memberUid: Administrator description: Netbios Domain Administrators sambaSID: $SID-65400 sambaGroupType: 2 displayName: Domain Admins dn: cn=Domain Users,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65401 cn: Domain Users description: Netbios Domain Users sambaSID: $SID-65401 sambaGroupType: 2 displayName: Domain Users dn: cn=Domain Guests,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65402 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: $SID-65402 sambaGroupType: 2 displayName: Domain Guests dn: cn=Administrators,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65403 cn: Administrators description: Netbios Domain Members can fully administer the computer/sambaDomainName sambaSID: $SID-65403 sambaGroupType: 2 displayName: Administrators dn: cn=Users,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65404 cn: Users description: Netbios Domain Ordinary users sambaSID: $SID-65404 sambaGroupType: 2 displayName: users dn: cn=Guests,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65405 cn: Guests memberUid: guest description: Netbios Domain Users granted guest access to the computer/sambaDomainName sambaSID: $SID-65405 sambaGroupType: 2 displayName: Guests dn: cn=Power Users,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65406 cn: Power Users description: Netbios Domain Members can share directories and printers sambaSID: $SID-65406 sambaGroupType: 2 displayName: Power Users dn: cn=Account Operators,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65407 cn: Account Operators description: Netbios Domain Users to manipulate users accounts sambaSID: $SID-65407 sambaGroupType: 2 displayName: Account Operators dn: cn=Server Operators,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65408 cn: Server Operators description: Netbios Domain Server Operators sambaSID: $SID-65408 sambaGroupType: 2 displayName: Server Operators dn: cn=Print Operators,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65409 cn: Print Operators description: Netbios Domain Print Operators sambaSID: $SID-65409 sambaGroupType: 2 displayName: Print Operators dn: cn=Backup Operators,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65410 cn: Backup Operators description: Netbios Domain Members can bypass file security to back up files sambaSID: $SID-65410 sambaGroupType: 2 displayName: Backup Operators dn: cn=Replicator,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65411 cn: Replicator description: Netbios Domain Supports file replication in a sambaDomainName sambaSID: $SID-65411 sambaGroupType: 2 displayName: Replicator dn: cn=Domain Computers,ou=Groups,$LDAPHOSTDN objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 65412 cn: Domain Computers description: Netbios Domain Computers accounts sambaSID: $SID-65412 sambaGroupType: 2 displayName: Domain Computers dn: ou=Idmap,$LDAPHOSTDN objectClass: organizationalUnit ou: idmap #structuralObjectClass: organizationalUnit _EOF echo $LDAPBINDDN $LDAPPASSWORD if test -z "$LDAPPASSWORD"; then ldapadd -x -c -D $LDAPBINDDN -W -h localhost -f $tempfile else ldapadd -x -c -D $LDAPBINDDN -w $LDAPPASSWORD -h localhost -f $tempfile fi rm -f $tempfile exit 0