Home - Projects - Publications - Partners - Contact Us

S91smb

Synopsys

# 
# Configure Samba
# 

Script

mv /etc/samba/smb.conf /etc/samba/smb.conf-$VERSION
cat >/etc/samba/smb.conf <<EOF
[global]
          workgroup = $SAMBADOMAIN
       netbios name = shuttle
    netbios aliases = ntinstall
            comment = $DOMAINNAME  Disk Store (Samba 3.x)
           security = user
           os level = 65
        syslog only = no
          log level = 1 passdb:1 auth:1
   preferred master = yes
      domain master = yes
       local master = yes
      domain logons = yes
        time server = yes
#
# PLEASE NOTE.. LDAP related things must not be in \"\"
# this appears to break the smb parsing library
      ldap admin dn = cn=Directory Manager,$DITNAME
     ldap delete dn = no
       #ldap filter = (&(uid=%u)(objectclass=sambaAccount))
        ldap suffix = $DITNAME
ldap group suffix   = ou=Groups
ldap machine suffix = ou=hosts
ldap user suffix    = ou=People
ldap idmap suffix   = ou=idmap,o=samba.org,ou=Software
          idmap uid = 10000-20000
          idmap gid = 10000-20000
   ldap passwd sync = yes
  encrypt passwords = yes
     passdb backend = ldapsam:"ldap://127.0.0.1"
      idmap backend = ldap:"ldap://127.0.0.1"
       logon script = logon.cmd
        logon drive = M:
          keepalive = 30
           deadtime = 15
      guest account = nobody
       map to guest = Bad User
    map acl inherit = yes
          smb ports = 139 445

#obey pam restrictions = yes
#/etc/pam.d/samba has then to contain
# auth    required pam_permit.so
# account required pam_unix.so
# session required pam_mkhomedir.so umask=022
[IPC$]
path=/tmp
hosts allow = 172.16.0.0/16 127.0.0.1
hosts deny = 0.0.0.0/0

[NETLOGON]
comment = Network Logon Service
path =  $FSROOT/OS/Microsoft/NETLOGON/current
guest ok = yes
browseable = no
locking = no

[SYSVOL]
comment = Network Logon Service
path =  $FSROOT/OS/Microsoft/SYSVOL/current
guest ok = yes
browseable = no
locking = no

[printers]
comment = SMB Printer Spool
path = /var/tmp
guest ok = yes
printable = yes
use client driver = yes
default devmode = yes
browseable = no

[home]
comment = Our Home Directories
path = $FSROOT/home/%u
guest ok = no
read only = no
browseable = no

[profiles]
comment = Profile Share
path = $FSROOT/home/%u/.ntprofile
read only = no
profile acls = yes
browseable = no

[install]
path = $FSROOT/OS/Microsoft/unattended/current/install
guest ok = yes
read only = yes
browseable = yes
 
EOF
echo "%Post: smb smb.conf install complete"
/usr/bin/smbpasswd -w `cat /etc/ldap.secret`
echo "%Post: smb ldap admin password set"
/usr/bin/net setlocalsid $SAMBASID
echo "%Post: smb localsid set"
chkconfig --level 345 smb on
echo "%Post: smb finished"

Examples and Testing

#
# For the passwd command to sync we need to edit /etc/pam.d/system-auth
# and ensure /etc/samba/smb.conf must have  "ldap passwd sync = yes"
# and do 
#
#password  sufficient  /lib/security/$ISA/pam_smbpass.so debug nullok\
#                                                 use_authtok try_first_pass
#password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok

Marked up in XHTML - ©2005 Thoughtful Solutions Ltd.