1# $Source: /ramdisk/repositories/20_cvs_clean_up/2011-02-11_sj/src/router/samba/samba-3.0.25b/examples/LDAP/smbldap-tools-0.9.2/INSTALL,v $ 2# 3## How To Install SMBLDAP-TOOLS 4 5DEPENDANCIES : 6-=-=-=-=-=-=-= 7. scripts now use the Crypt::SmbHash perl module 8 9INSTALLATION from the tar.gz archive 10=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 11. Copy all those scripts in /usr/local/sbin/ 12. Modify smbldap.conf and smbldap_bind.conf to match your configuration, and copy 13 them in /etc/smbldap-tools/ 14. set proper permissions on those files: 15 $ chmod 644 /etc/smbldap-tools/smbldap.conf 16 $ chmod 600 /etc/smbldap-tools/smbldap_bind.conf 17. update the 2 first declaration of /usr/local/sbin/smbldap_tools.pm to define the 18 PATH to the configuration file, for example 19 > my $smbldap_conf="/etc/smbldap-tools/smbldap.conf"; 20 > my $smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf"; 21. if upgrading, add these lines in smbldap.conf configuration file: 22 > # Allows not tu use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) 23 > # but prefer Crypt:: libraries 24 > with_slappasswd="0" 25 > slappasswd="/usr/sbin/slappasswd" 26 If 'with_slappasswd' is set to 0, password will be hashed with appropriate perl module 27 (to not use anymore external programm) 28. initialize the ldap directory 29 $ smbldap-populate 30. If not already done : "smbpasswd -w secret" to set up 31 the ldap admin password in secrets.tdb 32 33INSTALLATION from RedHat RPM: 34=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 35. install the package 36 $ rpm -Uvh smbldap-tools-0.8.6-1.noarch.rpm 37. Modify /etc/opt/IDEALX/smbldap-tools/smbldap.conf and /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf 38 to match you configuration. 39. initialize the ldap directory 40 $ smbldap-populate 41. If not already done : "smbpasswd -w secret" to set up 42 the ldap admin password in secrets.tdb 43 44UPGRADE TO RELEASE 0.8.8 : 45-=-=-=-=-=-=-=-=-=-=-=-=-= 46you need to add the new parameter userHomeDirectoryMode in smbldap.conf. For example : 47=> # Default mode used for user homeDirectory 48=> userHomeDirectoryMode="700" 49 50UPGRADE TO RELEASE 0.8.7 : 51-=-=-=-=-=-=-=-=-=-=-=-=-= 52. configuration files are now stored in /etc/opt/IDEALX/smbldap-tools/ 53. Next uidNumber and gidNumber available are _not_ stored anymore in cn=NextFreeUnixId 54 by default, but you can still continue to use your entry. 55 They are now store in the sambaDomain entry. 56. If your sambaDomain entry already exist, you can securely execute the smbldap-populate script to 57 update it and add the uidNumber and gidNumber attribut. 58 59 60UPGRADE TO RELEASE 0.8.5 : 61-=-=-=-=-=-=-=-=-=-=-=-=-= 62. Change the variable name userHomePrefix to userHome in /etc/smbldap-tools/smbldap.conf 63. Next uidNumber and gidNumber available are now stored in cn=NextFreeUnixId 64 When upgrading, you need to create this object manually. You can use for example 65 an add.ldif life containing the following lines: 66 > dn: cn=NextFreeUnixId,dc=idealx,dc=org 67 > objectClass: inetOrgPerson 68 > objectClass: sambaUnixIdPool 69 > uidNumber: 1000 70 > gidNumber: 1000 71 > cn: NextFreeUnixId 72 > sn: NextFreeUnixId 73 and then add the object with the ldapadd utility: 74 $ ldapadd -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f add.ldif 75 note: . $firstuidNumber and $firstgidNumber are the first uidNumber and gidNumber 76 available (previously called UID_START and GID_START in the configuration file) 77 . here, 1000 is the first available value for uidNumber and gidNumber (of course, if 78 this value is already used by a user or a group, the first available after 1000 will 79 be used). 80. Next, you have to update the configuration file to defined the object where are sotred 81 the next uidNumber and gidNumber available. In our example, you have to add a new entry in 82 /etc/smbldap-tools/smbldap.conf containing : 83 > # Where to store next uidNumber and gidNumber available 84 > sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" 85. Update, if necessary, the configuration file that defined users, groups and computers dn. 86 Those parameters must not be relative to the suffix parameter. A typical configuration look 87 like this : 88 > usersdn="ou=Users,${suffix}" 89 > computersdn="ou=Computers,${suffix}" 90 > groupsdn="ou=Groups,${suffix}" 91. the "Domain Computers" gidNumber should be set to 515 (see wellknown rid). Check if 92 you need to update the smbldap-tools configuration file /etc/smbldap-tools/smbldap.conf : 93 > defaultComputerGid="515" 94. the new version adds mail-forwarding and mail-alias capabilities to 95 the user's ldap-records. Those new attributes may be used for mail 96 delievry by MTAs like sendmail or postfix. Two new options "-M" and "-T" 97 allow specifying mail-aliases and mail-forward addresses in 98 smbldap-useradd and smbldap-usermod. If those options are used, the 99 objectclass "inetLocalMailRecipient" is used. 100 This objectclass is part of the misc.schema schema given with the OpenLDAP package 101 You then have to update the configuration file to set the domain name to append to mail. 102 For example, you can add a new entry in /etc/smbldap-tools/smbldap.conf containing : 103 > # Domain appended to the users "mail"-attribute 104 > # when smbldap-useradd -M is used 105 > mailDomain="idealx.com" 106 107UPGRADE TO RELEASE 0.8.4 : 108-=-=-=-=-=-=-=-=-=-=-=-=-= 109. configuration is now set in two different files: 110 - /etc/smbldap-tools/smbldap.conf for global parameters 111 - /etc/smbldap-tools/smbldap_bind.conf for connection parameters 112. scripts does not have any more the .pl extension. The call of the 113 scripts in the smb.conf file must then be updated. 114 115 116 117 118# - The End 119