Blame | Last modification | View Log | RSS feed
# $Id: smbldap.conf 35 2011-02-23 09:07:36Z fumiyas $## smbldap-tools.conf : Q & D configuration file for smbldap-tools# This code was developped by IDEALX (http://IDEALX.org/) and# contributors (their names can be found in the CONTRIBUTORS file).## Copyright (C) 2001-2002 IDEALX## This program is free software; you can redistribute it and/or# modify it under the terms of the GNU General Public License# as published by the Free Software Foundation; either version 2# of the License, or (at your option) any later version.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program; if not, write to the Free Software# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,# USA.# Purpose :# . be the configuration file for all smbldap-tools scripts################################################################################ General Configuration################################################################################ Put your own SID. To obtain this number do: "net getlocalsid".# If not defined, parameter is taking from "net getlocalsid" return#SID="S-1-5-21-2252255531-4061614174-2474224977"# Domain name the Samba server is in charged.# If not defined, parameter is taking from smb.conf configuration file# Ex: sambaDomain="IDEALX-NT"#sambaDomain="DOMSMB"################################################################################ LDAP Configuration################################################################################ Notes: to use to dual ldap servers backend for Samba, you must patch# Samba with the dual-head patch from IDEALX. If not using this patch# just use the same server for slaveLDAP and masterLDAP.# Those two servers declarations can also be used when you have# . one master LDAP server where all writing operations must be done# . one slave LDAP server where all reading operations must be done# (typically a replication directory)# Slave LDAP server# Ex: slaveLDAP=127.0.0.1# If not defined, parameter is set to "127.0.0.1"slaveLDAP="ldap.example.com"# Slave LDAP port# If not defined, parameter is set to "389"slavePort="389"# Master LDAP server: needed for write operations# Ex: masterLDAP=127.0.0.1# If not defined, parameter is set to "127.0.0.1"masterLDAP="ldap.example.com"# Master LDAP port# If not defined, parameter is set to "389"masterPort="389"# Use TLS for LDAP# If set to 1, this option will use start_tls for connection# (you should also used the port 389)# If not defined, parameter is set to "0"ldapTLS="1"# Use SSL for LDAP# If set to 1, this option will use SSL for connection# (standard port for ldaps is 636)# If not defined, parameter is set to "0"ldapSSL="0"# How to verify the server's certificate (none, optional or require)# see "man Net::LDAP" in start_tls section for more detailsverify="require"# CA certificate# see "man Net::LDAP" in start_tls section for more detailscafile="/etc/pki/tls/certs/ldapserverca.pem"# certificate to use to connect to the ldap server# see "man Net::LDAP" in start_tls section for more detailsclientcert="/etc/pki/tls/certs/ldapclient.pem"# key certificate to use to connect to the ldap server# see "man Net::LDAP" in start_tls section for more detailsclientkey="/etc/pki/tls/certs/ldapclientkey.pem"# LDAP Suffix# Ex: suffix=dc=IDEALX,dc=ORGsuffix="dc=example,dc=com"# Where are stored Users# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"# Warning: if 'suffix' is not set here, you must set the full dn for usersdnusersdn="ou=People,${suffix}"# Where are stored Computers# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"# Warning: if 'suffix' is not set here, you must set the full dn for computersdncomputersdn="ou=Computers,${suffix}"# Where are stored Groups# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"# Warning: if 'suffix' is not set here, you must set the full dn for groupsdngroupsdn="ou=Group,${suffix}"# Where are stored Idmap entries (used if samba is a domain member server)# Ex: idmapdn="ou=Idmap,dc=IDEALX,dc=ORG"# Warning: if 'suffix' is not set here, you must set the full dn for idmapdnidmapdn="ou=Idmap,${suffix}"# Where to store next uidNumber and gidNumber available for new users and groups# If not defined, entries are stored in sambaDomainName object.# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"# Default scope Usedscope="sub"# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)hash_encrypt="SSHA"# if hash_encrypt is set to CRYPT, you may set a salt format.# default is "%s", but many systems will generate MD5 hashed# passwords if you use "$1$%.8s". This parameter is optional!crypt_salt_format="%s"################################################################################ Unix Accounts Configuration################################################################################ Login defs# Default Login Shell# Ex: userLoginShell="/bin/bash"userLoginShell="/bin/bash"# Home directory# Ex: userHome="/home/%U"userHome="/home/%U"# Default mode used for user homeDirectoryuserHomeDirectoryMode="700"# GecosuserGecos="System User"# Default User (POSIX and Samba) GIDdefaultUserGid="513"# Default Computer (Samba) GIDdefaultComputerGid="515"# Skel dirskeletonDir="/etc/skel"# Default password validation time (time in days) Comment the next line if# you don't want password to be enable for defaultMaxPasswordAge days (be# careful to the sambaPwdMustChange attribute's value)defaultMaxPasswordAge="45"################################################################################ SAMBA Configuration################################################################################ The UNC path to home drives location (%U username substitution)# Just set it to a null string if you want to use the smb.conf 'logon home'# directive and/or disable roaming profiles# Ex: userSmbHome="\\PDC-SMB3\%U"userSmbHome="\\PDC-SRV\%U"# The UNC path to profiles locations (%U username substitution)# Just set it to a null string if you want to use the smb.conf 'logon path'# directive and/or disable roaming profiles# Ex: userProfile="\\PDC-SMB3\profiles\%U"userProfile="\\PDC-SRV\profiles\%U"# The default Home Drive Letter mapping# (will be automatically mapped at logon time if home directory exist)# Ex: userHomeDrive="H:"userHomeDrive="H:"# The default user netlogon script name (%U username substitution)# if not used, will be automatically username.cmd# make sure script file is edited under dos# Ex: userScript="startup.cmd" # make sure script file is edited under dosuserScript="logon.bat"# Domain appended to the users "mail"-attribute# when smbldap-useradd -M is used# Ex: mailDomain="idealx.com"mailDomain="example.com"################################################################################ SMBLDAP-TOOLS Configuration (default are ok for a RedHat)################################################################################ Allows not to use smbpasswd (if with_smbpasswd="0" in smbldap.conf) but# prefer Crypt::SmbHash librarywith_smbpasswd="0"smbpasswd="/usr/bin/smbpasswd"# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)# but prefer Crypt:: librarieswith_slappasswd="0"slappasswd="/usr/sbin/slappasswd"# comment out the following line to get rid of the default banner# no_banner="1"