1# $Source: /ramdisk/repositories/20_cvs_clean_up/2011-02-11_sj/src/router/samba/samba-3.0.25b/examples/LDAP/smbldap-tools-0.9.2/smbldap.conf,v $ 2# $Id: smbldap.conf,v 1.1.1.1 2010-07-16 07:33:12 winniec Exp $ 3# 4# smbldap-tools.conf : Q & D configuration file for smbldap-tools 5 6# This code was developped by IDEALX (http://IDEALX.org/) and 7# contributors (their names can be found in the CONTRIBUTORS file). 8# 9# Copyright (C) 2001-2002 IDEALX 10# 11# This program is free software; you can redistribute it and/or 12# modify it under the terms of the GNU General Public License 13# as published by the Free Software Foundation; either version 2 14# of the License, or (at your option) any later version. 15# 16# This program is distributed in the hope that it will be useful, 17# but WITHOUT ANY WARRANTY; without even the implied warranty of 18# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19# GNU General Public License for more details. 20# 21# You should have received a copy of the GNU General Public License 22# along with this program; if not, write to the Free Software 23# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 24# USA. 25 26# Purpose : 27# . be the configuration file for all smbldap-tools scripts 28 29############################################################################## 30# 31# General Configuration 32# 33############################################################################## 34 35# Put your own SID. To obtain this number do: "net getlocalsid". 36# If not defined, parameter is taking from "net getlocalsid" return 37SID="S-1-5-21-4205727931-4131263253-1851132061" 38 39# Domain name the Samba server is in charged. 40# If not defined, parameter is taking from smb.conf configuration file 41# Ex: sambaDomain="IDEALX-NT" 42sambaDomain="IDEALX-NT" 43 44############################################################################## 45# 46# LDAP Configuration 47# 48############################################################################## 49 50# Notes: to use to dual ldap servers backend for Samba, you must patch 51# Samba with the dual-head patch from IDEALX. If not using this patch 52# just use the same server for slaveLDAP and masterLDAP. 53# Those two servers declarations can also be used when you have 54# . one master LDAP server where all writing operations must be done 55# . one slave LDAP server where all reading operations must be done 56# (typically a replication directory) 57 58# Slave LDAP server 59# Ex: slaveLDAP=127.0.0.1 60# If not defined, parameter is set to "127.0.0.1" 61slaveLDAP="127.0.0.1" 62 63# Slave LDAP port 64# If not defined, parameter is set to "389" 65slavePort="389" 66 67# Master LDAP server: needed for write operations 68# Ex: masterLDAP=127.0.0.1 69# If not defined, parameter is set to "127.0.0.1" 70masterLDAP="127.0.0.1" 71 72# Master LDAP port 73# If not defined, parameter is set to "389" 74masterPort="389" 75 76# Use TLS for LDAP 77# If set to 1, this option will use start_tls for connection 78# (you should also used the port 389) 79# If not defined, parameter is set to "1" 80ldapTLS="1" 81 82# How to verify the server's certificate (none, optional or require) 83# see "man Net::LDAP" in start_tls section for more details 84verify="require" 85 86# CA certificate 87# see "man Net::LDAP" in start_tls section for more details 88cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem" 89 90# certificate to use to connect to the ldap server 91# see "man Net::LDAP" in start_tls section for more details 92clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem" 93 94# key certificate to use to connect to the ldap server 95# see "man Net::LDAP" in start_tls section for more details 96clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key" 97 98# LDAP Suffix 99# Ex: suffix=dc=IDEALX,dc=ORG 100suffix="dc=idealx,dc=org" 101 102# Where are stored Users 103# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" 104# Warning: if 'suffix' is not set here, you must set the full dn for usersdn 105usersdn="ou=Users,${suffix}" 106 107# Where are stored Computers 108# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG" 109# Warning: if 'suffix' is not set here, you must set the full dn for computersdn 110computersdn="ou=Computers,${suffix}" 111 112# Where are stored Groups 113# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG" 114# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn 115groupsdn="ou=Groups,${suffix}" 116 117# Where are stored Idmap entries (used if samba is a domain member server) 118# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG" 119# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn 120idmapdn="ou=Idmap,${suffix}" 121 122# Where to store next uidNumber and gidNumber available for new users and groups 123# If not defined, entries are stored in sambaDomainName object. 124# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" 125# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" 126sambaUnixIdPooldn="sambaDomainName=IDEALX-NT,${suffix}" 127 128# Default scope Used 129scope="sub" 130 131# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) 132hash_encrypt="SSHA" 133 134# if hash_encrypt is set to CRYPT, you may set a salt format. 135# default is "%s", but many systems will generate MD5 hashed 136# passwords if you use "$1$%.8s". This parameter is optional! 137crypt_salt_format="%s" 138 139############################################################################## 140# 141# Unix Accounts Configuration 142# 143############################################################################## 144 145# Login defs 146# Default Login Shell 147# Ex: userLoginShell="/bin/bash" 148userLoginShell="/bin/bash" 149 150# Home directory 151# Ex: userHome="/home/%U" 152userHome="/home/%U" 153 154# Default mode used for user homeDirectory 155userHomeDirectoryMode="700" 156 157# Gecos 158userGecos="System User" 159 160# Default User (POSIX and Samba) GID 161defaultUserGid="513" 162 163# Default Computer (Samba) GID 164defaultComputerGid="515" 165 166# Skel dir 167skeletonDir="/etc/skel" 168 169# Default password validation time (time in days) Comment the next line if 170# you don't want password to be enable for defaultMaxPasswordAge days (be 171# careful to the sambaPwdMustChange attribute's value) 172defaultMaxPasswordAge="45" 173 174############################################################################## 175# 176# SAMBA Configuration 177# 178############################################################################## 179 180# The UNC path to home drives location (%U username substitution) 181# Just set it to a null string if you want to use the smb.conf 'logon home' 182# directive and/or disable roaming profiles 183# Ex: userSmbHome="\\PDC-SMB3\%U" 184userSmbHome="\\PDC-SRV\%U" 185 186# The UNC path to profiles locations (%U username substitution) 187# Just set it to a null string if you want to use the smb.conf 'logon path' 188# directive and/or disable roaming profiles 189# Ex: userProfile="\\PDC-SMB3\profiles\%U" 190userProfile="\\PDC-SRV\profiles\%U" 191 192# The default Home Drive Letter mapping 193# (will be automatically mapped at logon time if home directory exist) 194# Ex: userHomeDrive="H:" 195userHomeDrive="H:" 196 197# The default user netlogon script name (%U username substitution) 198# if not used, will be automatically username.cmd 199# make sure script file is edited under dos 200# Ex: userScript="startup.cmd" # make sure script file is edited under dos 201userScript="logon.bat" 202 203# Domain appended to the users "mail"-attribute 204# when smbldap-useradd -M is used 205# Ex: mailDomain="idealx.com" 206mailDomain="idealx.com" 207 208############################################################################## 209# 210# SMBLDAP-TOOLS Configuration (default are ok for a RedHat) 211# 212############################################################################## 213 214# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but 215# prefer Crypt::SmbHash library 216with_smbpasswd="0" 217smbpasswd="/usr/bin/smbpasswd" 218 219# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) 220# but prefer Crypt:: libraries 221with_slappasswd="0" 222slappasswd="/usr/sbin/slappasswd" 223 224# comment out the following line to get rid of the default banner 225# no_banner="1" 226 227