1 |
dev-zero 07/09/07 21:07:41 |
2 |
|
3 |
Added: lmhosts samba.pam smbusers swat.xinetd |
4 |
system-auth-winbind nsswitch.conf-winbind |
5 |
samba.schema nsswitch.conf-wins |
6 |
smb.conf.example-samba3 |
7 |
Log: |
8 |
Version bump (bug #178639, thanks to Johan Andersson for the py_smb-patch). Added ipv6 support (bug #187905). Replaced 'kerberos' with 'ads' USE flag (bug #181558). Added possibility to start daemons seperately (bug #112188). Fixed python-handling (bug #177545). |
9 |
(Portage version: 2.1.3.7) |
10 |
|
11 |
Revision Changes Path |
12 |
1.1 net-fs/samba/files/config/lmhosts |
13 |
|
14 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/lmhosts?rev=1.1&view=markup |
15 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/lmhosts?rev=1.1&content-type=text/plain |
16 |
|
17 |
Index: lmhosts |
18 |
=================================================================== |
19 |
# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/config/lmhosts,v 1.1 2007/09/07 21:07:40 dev-zero Exp $ |
20 |
127.0.0.1 localhost |
21 |
|
22 |
|
23 |
|
24 |
1.1 net-fs/samba/files/config/samba.pam |
25 |
|
26 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/samba.pam?rev=1.1&view=markup |
27 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/samba.pam?rev=1.1&content-type=text/plain |
28 |
|
29 |
Index: samba.pam |
30 |
=================================================================== |
31 |
#%PAM-1.0 |
32 |
# * pam_smbpass.so authenticates against the smbpasswd file |
33 |
# * changed Redhat's 'pam_stack' with 'include' for *BSD compatibility |
34 |
# (Diego "Flameeyes" Petteno'): enable with pam>=0.78 only |
35 |
auth required pam_smbpass.so nodelay |
36 |
account include system-auth |
37 |
session include system-auth |
38 |
password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf |
39 |
|
40 |
|
41 |
|
42 |
1.1 net-fs/samba/files/config/smbusers |
43 |
|
44 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/smbusers?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/smbusers?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: smbusers |
48 |
=================================================================== |
49 |
# Unix_name = SMB_name1 SMB_name2 ... |
50 |
# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/config/smbusers,v 1.1 2007/09/07 21:07:40 dev-zero Exp $ |
51 |
root = administrator admin |
52 |
nobody = guest pcguest smbguest |
53 |
|
54 |
|
55 |
|
56 |
1.1 net-fs/samba/files/config/swat.xinetd |
57 |
|
58 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/swat.xinetd?rev=1.1&view=markup |
59 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/swat.xinetd?rev=1.1&content-type=text/plain |
60 |
|
61 |
Index: swat.xinetd |
62 |
=================================================================== |
63 |
# default: off |
64 |
# description: SWAT is the Samba Web Admin Tool. Use swat \ |
65 |
# to configure your Samba server. To use SWAT, \ |
66 |
# connect to port 901 with your favorite web browser. |
67 |
# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/config/swat.xinetd,v 1.1 2007/09/07 21:07:40 dev-zero Exp $ |
68 |
|
69 |
service swat |
70 |
{ |
71 |
port = 901 |
72 |
socket_type = stream |
73 |
wait = no |
74 |
only_from = localhost |
75 |
user = root |
76 |
server = /usr/sbin/swat |
77 |
log_on_failure += USERID |
78 |
disable = yes |
79 |
} |
80 |
|
81 |
|
82 |
|
83 |
1.1 net-fs/samba/files/config/system-auth-winbind |
84 |
|
85 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/system-auth-winbind?rev=1.1&view=markup |
86 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/system-auth-winbind?rev=1.1&content-type=text/plain |
87 |
|
88 |
Index: system-auth-winbind |
89 |
=================================================================== |
90 |
#%PAM-1.0 |
91 |
# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/config/system-auth-winbind,v 1.1 2007/09/07 21:07:40 dev-zero Exp $ |
92 |
|
93 |
auth required /lib/security/pam_env.so |
94 |
auth sufficient /lib/security/pam_winbind.so |
95 |
auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass |
96 |
auth required /lib/security/pam_deny.so |
97 |
|
98 |
account sufficient /lib/security/pam_winbind.so |
99 |
account required /lib/security/pam_unix.so |
100 |
|
101 |
password required /lib/security/pam_cracklib.so retry=3 |
102 |
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow |
103 |
password required /lib/security/pam_deny.so |
104 |
|
105 |
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 |
106 |
session required /lib/security/pam_limits.so |
107 |
session required /lib/security/pam_unix.so |
108 |
|
109 |
|
110 |
|
111 |
1.1 net-fs/samba/files/config/nsswitch.conf-winbind |
112 |
|
113 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/nsswitch.conf-winbind?rev=1.1&view=markup |
114 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/nsswitch.conf-winbind?rev=1.1&content-type=text/plain |
115 |
|
116 |
Index: nsswitch.conf-winbind |
117 |
=================================================================== |
118 |
# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/config/nsswitch.conf-winbind,v 1.1 2007/09/07 21:07:40 dev-zero Exp $ |
119 |
passwd: files winbind |
120 |
group: files winbind |
121 |
|
122 |
hosts: files dns |
123 |
networks: files dns |
124 |
|
125 |
services: db files |
126 |
protocols: db files |
127 |
rpc: db files |
128 |
ethers: db files |
129 |
netmasks: files |
130 |
netgroup: files |
131 |
bootparams: files |
132 |
|
133 |
automount: files |
134 |
aliases: files |
135 |
|
136 |
|
137 |
|
138 |
1.1 net-fs/samba/files/config/samba.schema |
139 |
|
140 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/samba.schema?rev=1.1&view=markup |
141 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/samba.schema?rev=1.1&content-type=text/plain |
142 |
|
143 |
Index: samba.schema |
144 |
=================================================================== |
145 |
## |
146 |
## schema file for OpenLDAP 2.x |
147 |
## Schema for storing Samba user accounts and group maps in LDAP |
148 |
## OIDs are owned by the Samba Team |
149 |
## |
150 |
## Prerequisite schemas - uid (cosine.schema) |
151 |
## - displayName (inetorgperson.schema) |
152 |
## - gidNumber (nis.schema) |
153 |
## |
154 |
## 1.3.6.1.4.1.7165.2.1.x - attributetypes |
155 |
## 1.3.6.1.4.1.7165.2.2.x - objectclasses |
156 |
## |
157 |
## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------ |
158 |
## |
159 |
## Run the 'get_next_oid' bash script in this directory to find the |
160 |
## next available OID for attribute type and object classes. |
161 |
## |
162 |
## $ ./get_next_oid |
163 |
## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME .... |
164 |
## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME .... |
165 |
## |
166 |
## Also ensure that new entries adhere to the declaration style |
167 |
## used throughout this file |
168 |
## |
169 |
## <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME .... |
170 |
## ^ ^ ^ |
171 |
## |
172 |
## The spaces are required for the get_next_oid script (and for |
173 |
## readability). |
174 |
## |
175 |
## ------------------------------------------------------------------ |
176 |
|
177 |
######################################################################## |
178 |
## HISTORICAL ## |
179 |
######################################################################## |
180 |
|
181 |
## |
182 |
## Password hashes |
183 |
## |
184 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' |
185 |
# DESC 'LanManager Passwd' |
186 |
# EQUALITY caseIgnoreIA5Match |
187 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) |
188 |
|
189 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' |
190 |
# DESC 'NT Passwd' |
191 |
# EQUALITY caseIgnoreIA5Match |
192 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) |
193 |
|
194 |
## |
195 |
## Account flags in string format ([UWDX ]) |
196 |
## |
197 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' |
198 |
# DESC 'Account Flags' |
199 |
# EQUALITY caseIgnoreIA5Match |
200 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) |
201 |
|
202 |
## |
203 |
## Password timestamps & policies |
204 |
## |
205 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' |
206 |
# DESC 'NT pwdLastSet' |
207 |
# EQUALITY integerMatch |
208 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
209 |
|
210 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' |
211 |
# DESC 'NT logonTime' |
212 |
# EQUALITY integerMatch |
213 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
214 |
|
215 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' |
216 |
# DESC 'NT logoffTime' |
217 |
# EQUALITY integerMatch |
218 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
219 |
|
220 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' |
221 |
# DESC 'NT kickoffTime' |
222 |
# EQUALITY integerMatch |
223 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
224 |
|
225 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' |
226 |
# DESC 'NT pwdCanChange' |
227 |
# EQUALITY integerMatch |
228 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
229 |
|
230 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' |
231 |
# DESC 'NT pwdMustChange' |
232 |
# EQUALITY integerMatch |
233 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
234 |
|
235 |
## |
236 |
## string settings |
237 |
## |
238 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' |
239 |
# DESC 'NT homeDrive' |
240 |
# EQUALITY caseIgnoreIA5Match |
241 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) |
242 |
|
243 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' |
244 |
# DESC 'NT scriptPath' |
245 |
# EQUALITY caseIgnoreIA5Match |
246 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) |
247 |
|
248 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' |
249 |
# DESC 'NT profilePath' |
250 |
# EQUALITY caseIgnoreIA5Match |
251 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) |
252 |
|
253 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' |
254 |
# DESC 'userWorkstations' |
255 |
# EQUALITY caseIgnoreIA5Match |
256 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) |
257 |
|
258 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' |
259 |
# DESC 'smbHome' |
260 |
# EQUALITY caseIgnoreIA5Match |
261 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) |
262 |
|
263 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' |
264 |
# DESC 'Windows NT domain to which the user belongs' |
265 |
# EQUALITY caseIgnoreIA5Match |
266 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) |
267 |
|
268 |
## |
269 |
## user and group RID |
270 |
## |
271 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' |
272 |
# DESC 'NT rid' |
273 |
# EQUALITY integerMatch |
274 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
275 |
|
276 |
#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' |
277 |
# DESC 'NT Group RID' |
278 |
# EQUALITY integerMatch |
279 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
280 |
|
281 |
## |
282 |
## The smbPasswordEntry objectclass has been depreciated in favor of the |
283 |
## sambaAccount objectclass |
284 |
## |
285 |
#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY |
286 |
# DESC 'Samba smbpasswd entry' |
287 |
# MUST ( uid $ uidNumber ) |
288 |
# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) |
289 |
|
290 |
#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL |
291 |
# DESC 'Samba Account' |
292 |
# MUST ( uid $ rid ) |
293 |
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ |
294 |
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ |
295 |
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ |
296 |
# description $ userWorkstations $ primaryGroupID $ domain )) |
297 |
|
298 |
#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY |
299 |
# DESC 'Samba Auxiliary Account' |
300 |
# MUST ( uid $ rid ) |
301 |
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ |
302 |
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ |
303 |
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ |
304 |
# description $ userWorkstations $ primaryGroupID $ domain )) |
305 |
|
306 |
######################################################################## |
307 |
## END OF HISTORICAL ## |
308 |
######################################################################## |
309 |
|
310 |
####################################################################### |
311 |
## Attributes used by Samba 3.0 schema ## |
312 |
####################################################################### |
313 |
|
314 |
## |
315 |
## Password hashes |
316 |
## |
317 |
attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' |
318 |
DESC 'LanManager Password' |
319 |
EQUALITY caseIgnoreIA5Match |
320 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) |
321 |
|
322 |
attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' |
323 |
DESC 'MD4 hash of the unicode password' |
324 |
EQUALITY caseIgnoreIA5Match |
325 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) |
326 |
|
327 |
## |
328 |
## Account flags in string format ([UWDX ]) |
329 |
## |
330 |
attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' |
331 |
DESC 'Account Flags' |
332 |
EQUALITY caseIgnoreIA5Match |
333 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) |
334 |
|
335 |
## |
336 |
## Password timestamps & policies |
337 |
## |
338 |
attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' |
339 |
DESC 'Timestamp of the last password update' |
340 |
EQUALITY integerMatch |
341 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
342 |
|
343 |
attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' |
344 |
DESC 'Timestamp of when the user is allowed to update the password' |
345 |
EQUALITY integerMatch |
346 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
347 |
|
348 |
attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' |
349 |
DESC 'Timestamp of when the password will expire' |
350 |
EQUALITY integerMatch |
351 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
352 |
|
353 |
attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' |
354 |
DESC 'Timestamp of last logon' |
355 |
EQUALITY integerMatch |
356 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
357 |
|
358 |
attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' |
359 |
DESC 'Timestamp of last logoff' |
360 |
EQUALITY integerMatch |
361 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
362 |
|
363 |
attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' |
364 |
DESC 'Timestamp of when the user will be logged off automatically' |
365 |
EQUALITY integerMatch |
366 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
367 |
|
368 |
attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' |
369 |
DESC 'Bad password attempt count' |
370 |
EQUALITY integerMatch |
371 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
372 |
|
373 |
attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' |
374 |
DESC 'Time of the last bad password attempt' |
375 |
EQUALITY integerMatch |
376 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
377 |
|
378 |
attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' |
379 |
DESC 'Logon Hours' |
380 |
EQUALITY caseIgnoreIA5Match |
381 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) |
382 |
|
383 |
## |
384 |
## string settings |
385 |
## |
386 |
attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' |
387 |
DESC 'Driver letter of home directory mapping' |
388 |
EQUALITY caseIgnoreIA5Match |
389 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) |
390 |
|
391 |
attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' |
392 |
DESC 'Logon script path' |
393 |
EQUALITY caseIgnoreMatch |
394 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) |
395 |
|
396 |
attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' |
397 |
DESC 'Roaming profile path' |
398 |
EQUALITY caseIgnoreMatch |
399 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) |
400 |
|
401 |
attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' |
402 |
DESC 'List of user workstations the user is allowed to logon to' |
403 |
EQUALITY caseIgnoreMatch |
404 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) |
405 |
|
406 |
attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' |
407 |
DESC 'Home directory UNC path' |
408 |
EQUALITY caseIgnoreMatch |
409 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) |
410 |
|
411 |
attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' |
412 |
DESC 'Windows NT domain to which the user belongs' |
413 |
EQUALITY caseIgnoreMatch |
414 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) |
415 |
|
416 |
attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' |
417 |
DESC '' |
418 |
EQUALITY caseExactMatch |
419 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) |
420 |
|
421 |
attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' |
422 |
DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' |
423 |
EQUALITY caseIgnoreIA5Match |
424 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) |
425 |
|
426 |
## |
427 |
## SID, of any type |
428 |
## |
429 |
|
430 |
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' |
431 |
DESC 'Security ID' |
432 |
EQUALITY caseIgnoreIA5Match |
433 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) |
434 |
|
435 |
|
436 |
## |
437 |
## Primary group SID, compatible with ntSid |
438 |
## |
439 |
|
440 |
attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' |
441 |
DESC 'Primary Group Security ID' |
442 |
EQUALITY caseIgnoreIA5Match |
443 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) |
444 |
|
445 |
attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' |
446 |
DESC 'Security ID List' |
447 |
EQUALITY caseIgnoreIA5Match |
448 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) |
449 |
|
450 |
## |
451 |
## group mapping attributes |
452 |
## |
453 |
attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' |
454 |
DESC 'NT Group Type' |
455 |
EQUALITY integerMatch |
456 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
457 |
|
458 |
## |
459 |
## Store info on the domain |
460 |
## |
461 |
|
462 |
attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' |
463 |
DESC 'Next NT rid to give our for users' |
464 |
EQUALITY integerMatch |
465 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
466 |
|
467 |
attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' |
468 |
DESC 'Next NT rid to give out for groups' |
469 |
EQUALITY integerMatch |
470 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
471 |
|
472 |
attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' |
473 |
DESC 'Next NT rid to give out for anything' |
474 |
EQUALITY integerMatch |
475 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
476 |
|
477 |
attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' |
478 |
DESC 'Base at which the samba RID generation algorithm should operate' |
479 |
EQUALITY integerMatch |
480 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
481 |
|
482 |
attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' |
483 |
DESC 'Share Name' |
484 |
EQUALITY caseIgnoreMatch |
485 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) |
486 |
|
487 |
attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' |
488 |
DESC 'Option Name' |
489 |
EQUALITY caseIgnoreMatch |
490 |
SUBSTR caseIgnoreSubstringsMatch |
491 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
492 |
|
493 |
attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' |
494 |
DESC 'A boolean option' |
495 |
EQUALITY booleanMatch |
496 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) |
497 |
|
498 |
attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' |
499 |
DESC 'An integer option' |
500 |
EQUALITY integerMatch |
501 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
502 |
|
503 |
attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' |
504 |
DESC 'A string option' |
505 |
EQUALITY caseExactIA5Match |
506 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) |
507 |
|
508 |
attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' |
509 |
DESC 'A string list option' |
510 |
EQUALITY caseIgnoreMatch |
511 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) |
512 |
|
513 |
|
514 |
attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' |
515 |
SUP name ) |
516 |
|
517 |
attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' |
518 |
DESC 'Privileges List' |
519 |
EQUALITY caseIgnoreIA5Match |
520 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) |
521 |
|
522 |
attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' |
523 |
DESC 'Trust Password Flags' |
524 |
EQUALITY caseIgnoreIA5Match |
525 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
526 |
|
527 |
|
528 |
####################################################################### |
529 |
## objectClasses used by Samba 3.0 schema ## |
530 |
####################################################################### |
531 |
|
532 |
## The X.500 data model (and therefore LDAPv3) says that each entry can |
533 |
## only have one structural objectclass. OpenLDAP 2.0 does not enforce |
534 |
## this currently but will in v2.1 |
535 |
|
536 |
## |
537 |
## added new objectclass (and OID) for 3.0 to help us deal with backwards |
538 |
## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry |
539 |
## |
540 |
objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY |
541 |
DESC 'Samba 3.0 Auxilary SAM Account' |
542 |
MUST ( uid $ sambaSID ) |
543 |
MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ |
544 |
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ |
545 |
sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ |
546 |
displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ |
547 |
sambaProfilePath $ description $ sambaUserWorkstations $ |
548 |
sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ |
549 |
sambaBadPasswordCount $ sambaBadPasswordTime $ |
550 |
sambaPasswordHistory $ sambaLogonHours)) |
551 |
|
552 |
## |
553 |
## Group mapping info |
554 |
## |
555 |
objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY |
556 |
DESC 'Samba Group Mapping' |
557 |
MUST ( gidNumber $ sambaSID $ sambaGroupType ) |
558 |
MAY ( displayName $ description $ sambaSIDList )) |
559 |
|
560 |
## |
561 |
## Trust password for trust relationships (any kind) |
562 |
## |
563 |
objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL |
564 |
DESC 'Samba Trust Password' |
565 |
MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) |
566 |
MAY ( sambaSID $ sambaPwdLastSet )) |
567 |
|
568 |
## |
569 |
## Whole-of-domain info |
570 |
## |
571 |
objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL |
572 |
DESC 'Samba Domain Information' |
573 |
MUST ( sambaDomainName $ |
574 |
sambaSID ) |
575 |
MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ |
576 |
sambaAlgorithmicRidBase ) ) |
577 |
|
578 |
## |
579 |
## used for idmap_ldap module |
580 |
## |
581 |
objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY |
582 |
DESC 'Pool for allocating UNIX uids/gids' |
583 |
MUST ( uidNumber $ gidNumber ) ) |
584 |
|
585 |
|
586 |
objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY |
587 |
DESC 'Mapping from a SID to an ID' |
588 |
MUST ( sambaSID ) |
589 |
MAY ( uidNumber $ gidNumber ) ) |
590 |
|
591 |
objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL |
592 |
DESC 'Structural Class for a SID' |
593 |
MUST ( sambaSID ) ) |
594 |
|
595 |
objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY |
596 |
DESC 'Samba Configuration Section' |
597 |
MAY ( description ) ) |
598 |
|
599 |
objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL |
600 |
DESC 'Samba Share Section' |
601 |
MUST ( sambaShareName ) |
602 |
MAY ( description ) ) |
603 |
|
604 |
objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL |
605 |
DESC 'Samba Configuration Option' |
606 |
MUST ( sambaOptionName ) |
607 |
MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ |
608 |
sambaStringListoption $ description ) ) |
609 |
|
610 |
|
611 |
objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY |
612 |
DESC 'Samba Privilege' |
613 |
MUST ( sambaSID ) |
614 |
MAY ( sambaPrivilegeList ) ) |
615 |
|
616 |
|
617 |
|
618 |
|
619 |
1.1 net-fs/samba/files/config/nsswitch.conf-wins |
620 |
|
621 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/nsswitch.conf-wins?rev=1.1&view=markup |
622 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/nsswitch.conf-wins?rev=1.1&content-type=text/plain |
623 |
|
624 |
Index: nsswitch.conf-wins |
625 |
=================================================================== |
626 |
# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/config/nsswitch.conf-wins,v 1.1 2007/09/07 21:07:40 dev-zero Exp $ |
627 |
passwd: files |
628 |
group: files |
629 |
|
630 |
hosts: files dns wins |
631 |
networks: files dns |
632 |
|
633 |
services: db files |
634 |
protocols: db files |
635 |
rpc: db files |
636 |
ethers: db files |
637 |
netmasks: files |
638 |
netgroup: files |
639 |
bootparams: files |
640 |
|
641 |
automount: files |
642 |
aliases: files |
643 |
|
644 |
|
645 |
|
646 |
1.1 net-fs/samba/files/config/smb.conf.example-samba3 |
647 |
|
648 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/smb.conf.example-samba3?rev=1.1&view=markup |
649 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-fs/samba/files/config/smb.conf.example-samba3?rev=1.1&content-type=text/plain |
650 |
|
651 |
Index: smb.conf.example-samba3 |
652 |
=================================================================== |
653 |
# This is the main Samba configuration file. You should read the |
654 |
# smb.conf(5) manual page in order to understand the options listed |
655 |
# here. Samba has a huge number of configurable options (perhaps too |
656 |
# many!) most of which are not shown in this example |
657 |
# |
658 |
# For a step to step guide on installing, configuring and using samba, |
659 |
# read the Samba-HOWTO-Collection. This may be obtained from: |
660 |
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf |
661 |
# |
662 |
# Many working examples of smb.conf files can be found in the |
663 |
# Samba-Guide which is generated daily and can be downloaded from: |
664 |
# http://www.samba.org/samba/docs/Samba-Guide.pdf |
665 |
# |
666 |
# Any line which starts with a ; (semi-colon) or a # (hash) |
667 |
# is a comment and is ignored. In this example we will use a # |
668 |
# for commentry and a ; for parts of the config file that you |
669 |
# may wish to enable |
670 |
# |
671 |
# NOTE: Whenever you modify this file you should run the command "testparm" |
672 |
# to check that you have not made any basic syntactic errors. |
673 |
# |
674 |
#======================= Global Settings ===================================== |
675 |
[global] |
676 |
|
677 |
# 1. Server Naming Options: |
678 |
# workgroup = NT-Domain-Name or Workgroup-Name |
679 |
workgroup = MYGROUP |
680 |
|
681 |
# netbios name is the name you will see in "Network Neighbourhood", |
682 |
# but defaults to your hostname |
683 |
; netbios name = <name_of_this_server> |
684 |
|
685 |
# server string is the equivalent of the NT Description field |
686 |
server string = Samba Server %v |
687 |
|
688 |
# 2. Printing Options: |
689 |
# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK |
690 |
# if you want to automatically load your printer list rather |
691 |
# than setting them up individually then you'll need this |
692 |
printcap name = cups |
693 |
load printers = yes |
694 |
|
695 |
# It should not be necessary to spell out the print system type unless |
696 |
# yours is non-standard. Currently supported print systems include: |
697 |
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups |
698 |
printing = cups |
699 |
|
700 |
# 3. Logging Options: |
701 |
# this tells Samba to use a separate log file for each machine |
702 |
# that connects |
703 |
log file = /var/log/samba/log.%m |
704 |
|
705 |
# Put a capping on the size of the log files (in Kb). |
706 |
max log size = 50 |
707 |
|
708 |
# Set the log (verbosity) level (0 <= log level <= 10) |
709 |
; log level = 3 |
710 |
|
711 |
# 4. Security and Domain Membership Options: |
712 |
# This option is important for security. It allows you to restrict |
713 |
# connections to machines which are on your local network. The |
714 |
# following example restricts access to two C class networks and |
715 |
# the "loopback" interface. For more examples of the syntax see |
716 |
# the smb.conf man page. Do not enable this if (tcp/ip) name resolution does |
717 |
# not work for all the hosts in your network. |
718 |
; hosts allow = 192.168.1. 192.168.2. 127. |
719 |
|
720 |
# Uncomment this if you want a guest account, you must add this to /etc/passwd |
721 |
# otherwise the user "nobody" is used |
722 |
; guest account = pcguest |
723 |
# Allow users to map to guest: |
724 |
map to guest = bad user |
725 |
|
726 |
# Security mode. Most people will want user level security. See |
727 |
# security_level.txt for details. |
728 |
security = user |
729 |
# Use password server option only with security = server or security = domain |
730 |
# When using security = domain, you should use password server = * |
731 |
; password server = <NT-Server-Name> |
732 |
; password server = * |
733 |
|
734 |
# Password Level allows matching of _n_ characters of the password for |
735 |
# all combinations of upper and lower case. |
736 |
; password level = 8 |
737 |
; username level = 8 |
738 |
|
739 |
# You may wish to use password encryption. Please read |
740 |
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. |
741 |
# Do not enable this option unless you have read those documents |
742 |
# Encrypted passwords are required for any use of samba in a Windows NT domain |
743 |
# The smbpasswd file is only required by a server doing authentication, thus |
744 |
# members of a domain do not need one. |
745 |
encrypt passwords = yes |
746 |
|
747 |
# The following are needed to allow password changing from Windows to |
748 |
# also update the Linux system password. |
749 |
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. |
750 |
# NOTE2: You do NOT need these to allow workstations to change only |
751 |
# the encrypted SMB passwords. They allow the Unix password |
752 |
# to be kept in sync with the SMB password. |
753 |
; unix password sync = Yes |
754 |
# You either need to setup a passwd program and passwd chat, or |
755 |
# enable pam password change |
756 |
; pam password change = yes |
757 |
; passwd program = /usr/bin/passwd %u |
758 |
; passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \ |
759 |
;*passwd:*all*authentication*tokens*updated*successfully* |
760 |
|
761 |
# Unix users can map to different SMB User names |
762 |
; username map = /etc/samba/smbusers |
763 |
|
764 |
# Using the following line enables you to customise your configuration |
765 |
# on a per machine basis. The %m gets replaced with the netbios name |
766 |
# of the machine that is connecting |
767 |
; include = /etc/samba/smb.conf.%m |
768 |
|
769 |
# Options for using winbind. Winbind allows you to do all account and |
770 |
# authentication from a Windows or samba domain controller, creating |
771 |
# accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's |
772 |
# and gid's. idmap uid and idmap gid are the only required parameters. |
773 |
# |
774 |
# winbind separator is the character a user must use between their domain |
775 |
# name and username, defaults to "\" |
776 |
; winbind separator = + |
777 |
# |
778 |
# winbind use default domain allows you to have winbind return usernames |
779 |
# in the form user instead of DOMAIN+user for the domain listed in the |
780 |
# workgroup parameter. |
781 |
; winbind use default domain = yes |
782 |
# |
783 |
# template homedir determines the home directory for winbind users, with |
784 |
# %D expanding to their domain name and %U expanding to their username: |
785 |
; template homedir = /home/%D/%U |
786 |
|
787 |
# When using winbind, you may want to have samba create home directories |
788 |
# on the fly for authenticated users. Ensure that /etc/pam.d/samba is |
789 |
# using 'service=system-auth-winbind' in pam_stack modules, and then |
790 |
# enable obedience of pam restrictions below: |
791 |
; obey pam restrictions = yes |
792 |
|
793 |
# |
794 |
# template shell determines the shell users authenticated by winbind get |
795 |
; template shell = /bin/bash |
796 |
|
797 |
# 5. Browser Control and Networking Options: |
798 |
# Most people will find that this option gives better performance. |
799 |
# See speed.txt and the manual pages for details |
800 |
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 |
801 |
|
802 |
# Configure Samba to use multiple interfaces |
803 |
# If you have multiple network interfaces then you must list them |
804 |
# here. See the man page for details. |
805 |
; interfaces = 192.168.12.2/24 192.168.13.2/24 |
806 |
|
807 |
# Configure remote browse list synchronisation here |
808 |
# request announcement to, or browse list sync from: |
809 |
# a specific host or from / to a whole subnet (see below) |
810 |
; remote browse sync = 192.168.3.25 192.168.5.255 |
811 |
# Cause this host to announce itself to local subnets here |
812 |
; remote announce = 192.168.1.255 192.168.2.44 |
813 |
|
814 |
# set local master to no if you don't want Samba to become a master |
815 |
# browser on your network. Otherwise the normal election rules apply |
816 |
; local master = no |
817 |
|
818 |
# OS Level determines the precedence of this server in master browser |
819 |
# elections. The default value should be reasonable |
820 |
; os level = 33 |
821 |
|
822 |
# Domain Master specifies Samba to be the Domain Master Browser. This |
823 |
# allows Samba to collate browse lists between subnets. Don't use this |
824 |
# if you already have a Windows NT domain controller doing this job |
825 |
; domain master = yes |
826 |
|
827 |
# Preferred Master causes Samba to force a local browser election on startup |
828 |
# and gives it a slightly higher chance of winning the election |
829 |
; preferred master = yes |
830 |
|
831 |
# 6. Domain Control Options: |
832 |
# Enable this if you want Samba to be a domain logon server for |
833 |
# Windows95 workstations or Primary Domain Controller for WinNT and Win2k |
834 |
; domain logons = yes |
835 |
|
836 |
# if you enable domain logons then you may want a per-machine or |
837 |
# per user logon script |
838 |
# run a specific logon batch file per workstation (machine) |
839 |
; logon script = %m.bat |
840 |
# run a specific logon batch file per username |
841 |
; logon script = %U.bat |
842 |
|
843 |
# Where to store roaming profiles for WinNT and Win2k |
844 |
# %L substitutes for this servers netbios name, %U is username |
845 |
# You must uncomment the [Profiles] share below |
846 |
; logon path = \\%L\Profiles\%U |
847 |
|
848 |
# Where to store roaming profiles for Win9x. Be careful with this as it also |
849 |
# impacts where Win2k finds it's /HOME share |
850 |
; logon home = \\%L\%U\.profile |
851 |
|
852 |
|
853 |
# The add user script is used by a domain member to add local user accounts |
854 |
# that have been authenticated by the domain controller, or when adding |
855 |
# users via the Windows NT Tools (ie User Manager for Domains). |
856 |
|
857 |
# Scripts for file (passwd, smbpasswd) backend: |
858 |
; add user script = /usr/sbin/useradd -s /bin/false '%u' |
859 |
; delete user script = /usr/sbin/userdel '%s' |
860 |
; add user to group script = /usr/bin/gpasswd -a '%u' '%g' |
861 |
; delete user from group script = /usr/bin/gpasswd -d '%u' '%g' |
862 |
; set primary group script = /usr/sbin/usermod -g '%g' '%u' |
863 |
; add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}' |
864 |
; delete group script = /usr/sbin/groupdel '%g' |
865 |
|
866 |
# Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller. |
867 |
# Needs IDEALX scripts, and configuration in smbldap_conf.pm. |
868 |
# This assumes you've installed the IDEALX scripts into /usr/share/samba/scripts... |
869 |
; add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u' |
870 |
; delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u' |
871 |
; add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g' |
872 |
; delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g' |
873 |
; set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u' |
874 |
; add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}' |
875 |
; delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g' |
876 |
|
877 |
|
878 |
# The add machine script is use by a samba server configured as a domain |
879 |
# controller to add local machine accounts when adding machines to the domain. |
880 |
# The script must work from the command line when replacing the macros, |
881 |
# or the operation will fail. Check that groups exist if forcing a group. |
882 |
# Script for domain controller for adding machines: |
883 |
; add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false '%u' |
884 |
# Script for domain controller with LDAP backend for adding machines (You need |
885 |
# the IDEALX scripts, and to configure the smbldap_conf.pm first): |
886 |
; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false '%u' |
887 |
|
888 |
# Domain groups: |
889 |
# Domain groups are now configured by using the 'net groupmap' tool |
890 |
|
891 |
# Samba Password Database configuration: |
892 |
# Samba now has runtime-configurable password database backends. |
893 |
# smbpasswd is for backwards compatibility only Default (not recommended), |
894 |
# new installations should use tdbsam or ldap. |
895 |
; passdb backend = smbpasswd |
896 |
# TDB backend |
897 |
; passdb backend = tdbsam |
898 |
# LDAP with fallback to smbpasswd guest |
899 |
# Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below. |
900 |
; passdb backend = ldapsam:ldaps://ldap.mydomain.com |
901 |
# Use the samba2 LDAP schema: |
902 |
; passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com |
903 |
|
904 |
# idmap uid account range: |
905 |
# This is a range of unix user-id's that samba will map non-unix RIDs to, |
906 |
# such as when using Winbind |
907 |
; idmap uid = 10000-20000 |
908 |
; idmap gid = 10000-20000 |
909 |
|
910 |
# LDAP configuration for Domain Controlling: |
911 |
# The account (dn) that samba uses to access the LDAP server |
912 |
# This account needs to have write access to the LDAP tree |
913 |
# You will need to give samba the password for this dn, by |
914 |
# running 'smbpasswd -w mypassword' |
915 |
; ldap admin dn = cn=root,dc=mydomain,dc=com |
916 |
; ldap ssl = start_tls |
917 |
# start_tls should run on 389, but samba defaults incorrectly to 636 |
918 |
; ldap port = 389 |
919 |
; ldap suffix = dc=mydomain,dc=com |
920 |
; ldap server = ldap.mydomain.com |
921 |
# Seperate suffixes are available for machines, users, groups, and idmap, if |
922 |
# ldap suffix appears first, it is appended to the specific suffix. |
923 |
# Example for a unix-ish directory layout: |
924 |
; ldap machine suffix = ou=Hosts |
925 |
; ldap user suffix = ou=People |
926 |
; ldap group suffix = ou=Group |
927 |
; ldap idmap suffix = ou=Idmap |
928 |
# Example for AD-ish layout: |
929 |
; ldap machine suffix = cn=Computers |
930 |
; ldap user suffix = cn=Users |
931 |
; ldap group suffix = cn=Groups |
932 |
; ldap idmap suffix = cn=Idmap |
933 |
|
934 |
|
935 |
# 7. Name Resolution Options: |
936 |
# All NetBIOS names must be resolved to IP Addresses |
937 |
# 'Name Resolve Order' allows the named resolution mechanism to be specified |
938 |
# the default order is "host lmhosts wins bcast". "host" means use the unix |
939 |
# system gethostbyname() function call that will use either /etc/hosts OR |
940 |
# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf |
941 |
# and the /etc/resolv.conf file. "host" therefore is system configuration |
942 |
# dependant. This parameter is most often of use to prevent DNS lookups |
943 |
# in order to resolve NetBIOS names to IP Addresses. Use with care! |
944 |
# The example below excludes use of name resolution for machines that are NOT |
945 |
# on the local network segment |
946 |
# - OR - are not deliberately to be known via lmhosts or via WINS. |
947 |
; name resolve order = wins host lmhosts bcast |
948 |
|
949 |
# Windows Internet Name Serving Support Section: |
950 |
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server |
951 |
; wins support = yes |
952 |
|
953 |
# WINS Server - Tells the NMBD components of Samba to be a WINS Client |
954 |
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both |
955 |
; wins server = w.x.y.z |
956 |
|
957 |
# WINS Proxy - Tells Samba to answer name resolution queries on |
958 |
# behalf of a non WINS capable client, for this to work there must be |
959 |
# at least one WINS Server on the network. The default is NO. |
960 |
; wins proxy = yes |
961 |
|
962 |
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names |
963 |
# via DNS nslookups. The built-in default for versions 1.9.17 is yes, |
964 |
# this has been changed in version 1.9.18 to no. |
965 |
dns proxy = no |
966 |
|
967 |
# 8. File Naming Options: |
968 |
# Case Preservation can be handy - system default is _no_ |
969 |
# NOTE: These can be set on a per share basis |
970 |
; preserve case = no |
971 |
; short preserve case = no |
972 |
# Default case is normally upper case for all DOS files |
973 |
; default case = lower |
974 |
# Be very careful with case sensitivity - it can break things! |
975 |
; case sensitive = no |
976 |
|
977 |
# Enabling internationalization: |
978 |
# you can match a Windows code page with a UNIX character set. |
979 |
# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European), |
980 |
# 852 (Czech), 861 (???), 932 (Japanese), |
981 |
# 936 (Simplified Chin.), 949 (Korean Hangul), |
982 |
# 950 (Trad. Chin.). |
983 |
# More detail about code page is in |
984 |
# "http://www.microsoft.com/globaldev/reference/oslocversion.mspx" |
985 |
# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.), |
986 |
# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.) |
987 |
# This is an example for french users: |
988 |
; dos charset = 850 |
989 |
; unix charset = ISO8859-1 |
990 |
|
991 |
|
992 |
#============================ Share Definitions ============================== |
993 |
[homes] |
994 |
comment = Home Directories |
995 |
browseable = no |
996 |
writable = yes |
997 |
# You can enable VFS recycle bin on a per share basis: |
998 |
# Uncomment the next 2 lines (make sure you create a |
999 |
# .recycle folder in the base of the share and ensure |
1000 |
# all users will have write access to it. See |
1001 |
# examples/VFS/recycle/REAME in the samba docs for details |
1002 |
; vfs object = /usr/lib/samba/vfs/recycle.so |
1003 |
|
1004 |
# Un-comment the following and create the netlogon directory for Domain Logons |
1005 |
; [netlogon] |
1006 |
; comment = Network Logon Service |
1007 |
; path = /var/lib/samba/netlogon |
1008 |
; guest ok = yes |
1009 |
; writable = no |
1010 |
|
1011 |
# Un-comment the following to provide a specific roving profile share |
1012 |
# the default is to use the user's home directory |
1013 |
;[Profiles] |
1014 |
; path = /var/lib/samba/profiles |
1015 |
; browseable = no |
1016 |
; guest ok = yes |
1017 |
# This script can be enabled to create profile directories on the fly |
1018 |
# You may want to turn off guest acces if you enable this, as it |
1019 |
# hasn't been thoroughly tested. |
1020 |
;root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \ |
1021 |
; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi |
1022 |
|
1023 |
# NOTE: If you have a CUPS print system there is no need to |
1024 |
# specifically define each individual printer. |
1025 |
# You must configure the samba printers with the appropriate Windows |
1026 |
# drivers on your Windows clients. On the Samba server no filtering is |
1027 |
# done. If you wish that the server provides the driver and the clients |
1028 |
# send PostScript ("Generic PostScript Printer" under Windows), you have |
1029 |
# to swap the 'print command' line below with the commented one. |
1030 |
[printers] |
1031 |
comment = All Printers |
1032 |
path = /var/spool/samba |
1033 |
browseable = no |
1034 |
# set to yes to allow user 'guest account' to print. |
1035 |
guest ok = no |
1036 |
writable = no |
1037 |
printable = yes |
1038 |
|
1039 |
# This share is used for Windows NT-style point-and-print support. |
1040 |
# To be able to install drivers, you need to be either root, or listed |
1041 |
# in the printer admin parameter above. Note that you also need write access |
1042 |
# to the directory and share definition to be able to upload the drivers. |
1043 |
# For more information on this, please see the Printing Support Section of |
1044 |
# /usr/share/doc/samba-<version>/Samba-HOWTO-Collection.pdf |
1045 |
[print$] |
1046 |
path = /var/lib/samba/printers |
1047 |
browseable = yes |
1048 |
read only = yes |
1049 |
write list = @adm root |
1050 |
guest ok = yes |
1051 |
|
1052 |
# This one is useful for people to share files |
1053 |
;[tmp] |
1054 |
; comment = Temporary file space |
1055 |
; path = /tmp |
1056 |
; read only = no |
1057 |
; public = yes |
1058 |
|
1059 |
# A publicly accessible directory, but read only, except for people in |
1060 |
# the "staff" group |
1061 |
;[public] |
1062 |
; comment = Public Stuff |
1063 |
; path = /home/samba/public |
1064 |
; public = yes |
1065 |
; writable = no |
1066 |
; write list = @staff |
1067 |
# Audited directory through experimental VFS audit.so module: |
1068 |
# Uncomment next line. |
1069 |
; vfs object = /usr/lib/samba/vfs/audit.so |
1070 |
|
1071 |
# Other examples. |
1072 |
# |
1073 |
# A private printer, usable only by Fred. Spool data will be placed in Fred's |
1074 |
# home directory. Note that fred must have write access to the spool directory, |
1075 |
# wherever it is. |
1076 |
;[fredsprn] |
1077 |
; comment = Fred's Printer |
1078 |
; valid users = fred |
1079 |
; path = /homes/fred |
1080 |
; printer = freds_printer |
1081 |
; public = no |
1082 |
; writable = no |
1083 |
; printable = yes |
1084 |
|
1085 |
# A private directory, usable only by Fred. Note that Fred requires write |
1086 |
# access to the directory. |
1087 |
;[fredsdir] |
1088 |
; comment = Fred's Service |
1089 |
; path = /usr/somewhere/private |
1090 |
; valid users = fred |
1091 |
; public = no |
1092 |
; writable = yes |
1093 |
; printable = no |
1094 |
|
1095 |
# a service which has a different directory for each machine that connects |
1096 |
# this allows you to tailor configurations to incoming machines. You could |
1097 |
# also use the %u option to tailor it by user name. |
1098 |
# The %m gets replaced with the machine name that is connecting. |
1099 |
;[pchome] |
1100 |
; comment = PC Directories |
1101 |
; path = /usr/pc/%m |
1102 |
; public = no |
1103 |
; writable = yes |
1104 |
|
1105 |
# A publicly accessible directory, read/write to all users. Note that all files |
1106 |
# created in the directory by users will be owned by the default user, so |
1107 |
# any user with access can delete any other user's files. Obviously this |
1108 |
# directory must be writable by the default user. Another user could of course |
1109 |
# be specified, in which case all files would be owned by that user instead. |
1110 |
;[public] |
1111 |
; path = /usr/somewhere/else/public |
1112 |
; public = yes |
1113 |
; only guest = yes |
1114 |
; writable = yes |
1115 |
; printable = no |
1116 |
|
1117 |
# The following two entries demonstrate how to share a directory so that two |
1118 |
# users can place files there that will be owned by the specific users. In this |
1119 |
# setup, the directory should be writable by both users and should have the |
1120 |
# sticky bit set on it to prevent abuse. Obviously this could be extended to |
1121 |
# as many users as required. |
1122 |
;[myshare] |
1123 |
; comment = Mary's and Fred's stuff |
1124 |
; path = /usr/somewhere/shared |
1125 |
; valid users = mary fred |
1126 |
; public = no |
1127 |
; writable = yes |
1128 |
; printable = no |
1129 |
; create mask = 0765 |
1130 |
|
1131 |
|
1132 |
|
1133 |
|
1134 |
-- |
1135 |
gentoo-commits@g.o mailing list |