• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /netgear-WNDR4500v2-V1.0.0.60_1.0.38/ap/gpl/samba-3.0.13/examples/LDAP/smbldap-tools-0.8.7/
1#!/usr/bin/perl -w
2
3# $Id: configure.pl,v 1.13 2004/06/25 20:57:51 jtournier Exp $
4# $Source: /opt/cvs/samba/smbldap-tools/configure.pl,v $
5
6# This script can help you setting up the smbldap_conf.pl file. It will get all the defaults value
7# that are defined in the smb.conf configuration file. You should then start with this configuration
8# file. You will also need the SID for your samba domain: set up the controler domain before using
9# this script.
10
11#  This code was developped by IDEALX (http://IDEALX.org/) and
12#  contributors (their names can be found in the CONTRIBUTORS file).
13#
14#                 Copyright (C) 2002 IDEALX
15#
16#  This program is free software; you can redistribute it and/or
17#  modify it under the terms of the GNU General Public License
18#  as published by the Free Software Foundation; either version 2
19#  of the License, or (at your option) any later version.
20#
21#  This program is distributed in the hope that it will be useful,
22#  but WITHOUT ANY WARRANTY; without even the implied warranty of
23#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24#  GNU General Public License for more details.
25#
26#  You should have received a copy of the GNU General Public License
27#  along with this program; if not, write to the Free Software
28#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
29#  USA.
30
31
32use strict;
33
34# we need to be root to configure the scripts
35if ($< != 0) {
36	die "Only root can configure the smbldap-tools scripts\n";
37}
38
39print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
40       smbldap-tools script configuration
41       -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
42Before starting, check
43 . if your samba controller is up and running.
44 . if the domain SID is defined (you can get it with the 'net getlocalsid')
45
46 . you can leave the configuration using the Crtl-c key combination
47 . empty value can be set with the \".\" caracter\n";
48print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n";
49print "Looking for configuration files...\n\n";
50my $smb_conf;
51if (-e "/etc/samba/smb.conf") {
52	$smb_conf="/etc/samba/smb.conf";
53} elsif (-e "/usr/local/samba/lib/smb.conf") {
54	$smb_conf="/usr/local/samba/lib/smb.conf";
55}
56print "Samba Config File Location [$smb_conf] > ";
57chomp(my $config_smb=<STDIN>);
58if ($config_smb ne "") {
59	$smb_conf=$config_smb;
60}
61my $smbldap_conf;
62if (-e "/etc/smbldap-tools/smbldap.conf") {
63	$smbldap_conf="/etc/smbldap-tools/smbldap.conf";
64}
65print "smbldap Config file Location (global parameters) [$smbldap_conf] > ";
66chomp(my $config_smbldap=<STDIN>);
67if ($config_smbldap ne "") {
68        $smbldap_conf=$config_smbldap;
69}
70
71my $smbldap_bind_conf;
72if (-e "/etc/smbldap-tools/smbldap_bind.conf") {
73	$smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf";
74}
75print "smbldap Config file Location (bind parameters) [$smbldap_bind_conf] > ";
76chomp(my $config_smbldap_bind=<STDIN>);
77if ($config_smbldap_bind ne "") {
78        $smbldap_bind_conf=$config_smbldap_bind;
79}
80
81
82# Let's read the smb.conf configuration file
83my %config;
84open (CONFIGFILE, "$smb_conf") || die "Unable to open $smb_conf for reading !\n";
85
86while (<CONFIGFILE>) {
87
88        chomp($_);
89
90        ## eat leading whitespace
91        $_=~s/^\s*//;
92
93        ## eat trailing whitespace
94        $_=~s/\s*$//;
95
96
97        ## throw away comments
98        next if (($_=~/^#/) || ($_=~/^;/));
99
100        ## check for a param = value
101        if ($_=~/=/) {
102                #my ($param, $value) = split (/=/, $_);
103                my ($param, $value) = ($_=~/([^=]*)=(.*)/i);
104                $param=~s/./\l$&/g;
105                $param=~s/\s+//g;
106                $value=~s/^\s+//;
107
108		$value=~s/"//g;
109
110                $config{$param} = $value;
111		#print "param=$param\tvalue=$value\n";
112
113                next;
114        }
115}
116close (CONFIGFILE);
117
118print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
119print "Let's start configuring the smbldap-tools scripts ...\n\n";
120
121# This function need 3 parameters:
122# . the description of the parameter
123# . the defaut value of the parameter or the name of the key it is related to in the %config hash
124#   you can get all the available keys using this:
125#   foreach my $tmp (keys %config) {
126#	print "key=$tmp\t value=$config{$tmp}\n";
127#   }
128# . the 'insist' variable: if set to 1, then the script will always call for a value
129#   for the parameter. In other words, there's not default value, and it can't be set
130#   to a null caracter string.
131
132sub read_entry
133{
134	my $description=shift;
135	my $value=shift;
136	my $insist=shift;
137	my $value_tmp;
138	chomp($value);
139	$insist=0 if (! defined $insist);
140			if (defined $config{$value}) {
141				print "$description [$config{$value}] > ";
142				$value_tmp=$config{$value};
143			} else {
144				print "$description [$value] > ";
145				$value_tmp="$value";
146			}
147			chomp(my $get=<STDIN>);
148			if ($get eq "") {
149				$value=$value_tmp;
150			} elsif ($get eq ".") {
151				$value="";
152			} else {
153				$value=$get;
154			}
155	if ($insist == 1 and "$value" eq "") {
156		while ($insist == 1) {
157			print "  Warning: You really need to set this parameter...\n";
158			$description=~s/. /  /;
159			if (defined $config{$value}) {
160				print "$description [$config{$value}] > ";
161				$value_tmp=$config{$value};
162			} else {
163				print "$description [$value] > ";
164				$value_tmp="$value";
165			}
166			chomp(my $get=<STDIN>);
167			if ($get eq "") {
168				$value=$value_tmp;
169			} elsif ($get eq ".") {
170                                $value="";
171                        } else {
172				$value=$get;
173				$insist=0;
174			}
175		}
176	}
177	return $value;
178}
179
180print ". workgroup name: name of the domain Samba act as a PDC\n";
181my $workgroup=read_entry("  workgroup name","workgroup",0);
182
183print ". netbios name: netbios name of the samba controler\n";
184my $netbios_name=read_entry("  netbios name","netbiosname",0);
185
186print ". logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'\n";
187my $logondrive=read_entry("  logon drive","logondrive",0);
188
189print ". logon home: home directory location (for Win95/98 or NT Workstation).\n  (use %U as username) Ex:'\\\\$netbios_name\\home\\%U'\n";
190my $logonhome=read_entry("  logon home (leave blank if you don't want homeDirectory)","\\\\$netbios_name\\home\\%U",0);
191#$logonhome=~s/\\/\\\\/g;
192
193print ". logon path: directory where roaming profiles are stored. Ex:'\\\\$netbios_name\\profiles\\\%U'\n";
194my $logonpath=read_entry("  logon path (leave blank if you don't want roaming profile)","\\\\$netbios_name\\\profiles\\\%U",0);
195#$logonpath=~s/\\/\\\\/g;
196
197my $userHome=read_entry(". home directory prefix (use %U as username)","/home/\%U",0);
198
199my $userScript=read_entry(". default user netlogon script (use %U as username)","\%U.cmd",0);
200
201my $defaultMaxPasswordAge=read_entry("  default password validation time (time in days)","45",0);
202
203#############################
204# ldap directory parameters #
205#############################
206my $ldap_suffix=read_entry(". ldap suffix","ldapsuffix",0);
207my $ldap_group_suffix=read_entry(". ldap group suffix","ldapgroupsuffix",0);
208$ldap_group_suffix=~s/ou=//;
209my $ldap_user_suffix=read_entry(". ldap user suffix","ldapusersuffix",0);
210$ldap_user_suffix=~s/ou=//;
211my $ldap_machine_suffix=read_entry(". ldap machine suffix","ldapmachinesuffix",0);
212$ldap_machine_suffix=~s/ou=//;
213my $ldap_idmap_suffix=read_entry(". Idmap suffix","ldapidmapsuffix",0);
214print ". sambaUnixIdPooldn: object where you want to store the next uidNumber\n";
215print "  and gidNumber available for new users and groups\n";
216my $sambaUnixIdPooldn=read_entry("  sambaUnixIdPooldn object (relative to \${suffix})","cn=NextFreeUnixId",0);
217
218# parameters for the master ldap server
219my ($trash1,$server);
220if (defined $config{passdbbackend}) {
221	($trash1,$server)=($config{passdbbackend}=~m/(.*)ldap:\/\/(.*)\//);
222} else {
223	$server="127.0.0.1";
224}
225my $ldapmasterserver;
226print ". ldap master server: IP adress or DNS name of the master (writable) ldap server\n";
227$ldapmasterserver=read_entry("  ldap master server",$server,0);
228my $ldapmasterport;
229if (defined $config{ldapport}) {
230	$ldapmasterport=read_entry(". ldap master port","ldapport",0);
231} else {
232	$ldapmasterport=read_entry(". ldap master port",389,0);
233}
234my $ldap_master_admin_dn=read_entry(". ldap master bind dn","ldapadmindn",0);
235system "stty -echo";
236my $ldap_master_bind_password=read_entry(". ldap master bind password","",1);
237print "\n";
238system "stty echo";
239
240# parameters for the slave ldap server
241print ". ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one\n";
242my $ldap_slave_server=read_entry("  ldap slave server",$server,0);
243my $ldap_slave_port;
244if (defined $config{ldapport}) {
245	$ldap_slave_port=read_entry(". ldap slave port","ldapport",0);
246} else {
247	$ldap_slave_port=read_entry(". ldap slave port","389",0);
248}
249my $ldap_slave_admin_dn=read_entry(". ldap slave bind dn","ldapadmindn",0);
250system "stty -echo";
251my $ldap_slave_bind_password=read_entry(". ldap slave bind password","",1);
252print "\n";
253system "stty echo";
254my $ldaptls=read_entry(". ldap tls support (1/0)","0",0);
255my ($cert_verify,$cert_cafile,$cert_clientcert,$cert_clientkey);
256if ($ldaptls == 1) {
257	$cert_verify=read_entry(". How to verify the server's certificate (none, optional or require)","require",0);
258	$cert_cafile=read_entry(". CA certificate file","/etc/smbldap-tools/ca.pem",0);
259	$cert_clientcert=read_entry(". certificate to use to connect to the ldap server","/etc/smbldap-tools/smbldap-tools.pem",0);
260	$cert_clientkey=read_entry(". key certificate to use to connect to the ldap server","/etc/smbldap-tools/smbldap-tools.key",0);
261}
262
263# let's test if any sid is available
264my $sid_tmp=`net getlocalsid \$netbios_name 2>/dev/null | cut -f2 -d: | sed "s/ //g"`;
265print ". SID for domain $config{workgroup}: SID of the domain (can be obtained with 'net getlocalsid $netbios_name')\n";
266my $sid=read_entry("  SID for domain $config{workgroup}",$sid_tmp,0);
267
268print ". unix password encryption: encryption used for unix passwords\n";
269my $cryp_algo=read_entry("  unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)","SSHA",0);
270my $crypt_salt_format;
271if ( $cryp_algo eq "CRYPT" ) {
272  print ". crypt salt format: If hash_encrypt is set to CRYPT, you may set \n";
273  print "  a salt format. The default is \"%s\", but many systems will generate\n";
274  print "  MD5 hashed passwords if you use \"\$1\$\%\.8s\"\n";
275  $crypt_salt_format=read_entry("  crypt salt format","%s",0);
276}
277
278my $default_user_gidnumber=read_entry(". default user gidNumber","513",0);
279
280my $default_computer_gidnumber=read_entry(". default computer gidNumber","515",0);
281
282my $userLoginShell=read_entry(". default login shell","/bin/bash",0);
283
284my $mailDomain=read_entry(". default domain name to append to mail adress", "",0);
285
286### Let's now incorporate our modifications
287open (SMBLDAP, "$smbldap_conf") || die "Unable to open $smbldap_conf for reading!\n";
288my $lines;
289my $begin_parameter=0;
290while (my $line=<SMBLDAP>) {
291	chomp($line);
292	if ($line =~ m /# General Configuration/) {
293		$begin_parameter=1;
294	}
295	if ($begin_parameter == 1) {
296               $line="SID=\"$sid\"" if ($line=~m/^SID/);
297                $line="slaveLDAP=\"$ldap_slave_server\"" if ($line=~m/^slaveLDAP/);
298                $line="slavePort=\"$ldap_slave_port\"" if ($line=~m/^slavePort/);
299                $line="masterLDAP=\"$ldapmasterserver\"" if ($line=~m/^masterLDAP/);
300                $line="masterPort=\"$ldapmasterport\"" if ($line=~m/^masterPort/);
301                $line="ldapTLS=\"$ldaptls\"" if ($line=~m/^ldapTLS/);
302		if ($ldaptls == 1) {
303	                $line="verify=\"$cert_verify\"" if ($line=~m/^verify/);
304        	        $line="cafile=\"$cert_cafile\"" if ($line=~m/^cafile/);
305                	$line="clientcert=\"$cert_clientcert\"" if ($line=~m/^clientcert/);
306	                $line="clientkey=\"$cert_clientkey\"" if ($line=~m/^clientkey/);
307		} else {
308	                $line="verify=\"\"" if ($line=~m/^verify/);
309        	        $line="cafile=\"\"" if ($line=~m/^cafile/);
310                	$line="clientcert=\"\"" if ($line=~m/^clientcert/);
311	                $line="clientkey=\"\"" if ($line=~m/^clientkey/);
312		}
313                $line="suffix=\"$ldap_suffix\"" if ($line=~m/^suffix/);
314                $line="usersdn=\"ou=$ldap_user_suffix,\${suffix}\"" if ($line=~m/^usersdn/);
315                $line="computersdn=\"ou=$ldap_machine_suffix,\${suffix}\"" if ($line=~m/^computersdn/);
316                $line="groupsdn=\"ou=$ldap_group_suffix,\${suffix}\"" if ($line=~m/^groupsdn/);
317                $line="idmapdn=\"$ldap_idmap_suffix,\${suffix}\"" if ($line=~m/^idmap/);
318                $line="sambaUnixIdPooldn=\"$sambaUnixIdPooldn,\${suffix}\"" if ($line=~m/^sambaUnixIdPooldn/);
319                $line="hash_encrypt=\"$cryp_algo\"" if ($line=~m/^hash_encrypt/);
320                $line="crypt_salt_format=\"$crypt_salt_format\"" if (defined($crypt_salt_format) && $line=~m/^?(\s)*crypt_salt_format/);
321                $line="userHome=\"$userHome\"" if ($line=~m/^userHome\s*=/);
322                $line="defaultUserGid=\"$default_user_gidnumber\"" if ($line=~m/^defaultUserGid/);
323                $line="defaultComputerGid=\"$default_computer_gidnumber\"" if ($line=~m/^defaultComputerGid/);
324                $line="defaultMaxPasswordAge=\"$defaultMaxPasswordAge\"" if ($line=~m/^defaultMaxPasswordAge/);
325                $line="userLoginShell=\"$userLoginShell\"" if ($line=~m/^userLoginShell/);
326                $line="userSmbHome=\"$logonhome\"" if ($line=~m/^userSmbHome/);
327                $line="userScript=\"$userScript\"" if ($line=~m/^userScript/);
328                $line="mailDomain=\"$mailDomain\"" if ($line=~m/^mailDomain/);
329                $line="userProfile=\"$logonpath\"" if ($line=~m/^userProfile/);
330                $line="userHomeDrive=\"$logondrive\"" if ($line=~m/^userHomeDrive/);
331	}
332	$lines.="$line\n";
333}
334close(SMBLDAP);
335
336open (SMBLDAP_BIND, "$smbldap_bind_conf") || die "Unable to open $smbldap_bind_conf for reading!\n";
337my $lines_bind;
338while (my $line_bind=<SMBLDAP_BIND>) {
339	chomp($line_bind);
340	$line_bind="masterDN=\"$ldap_master_admin_dn\"" if ($line_bind=~m/^masterDN/);
341	$line_bind="masterPw=\"$ldap_master_bind_password\"" if ($line_bind=~m/^masterPw/);
342	$line_bind="slaveDN=\"$ldap_slave_admin_dn\"" if ($line_bind=~m/^slaveDN/);
343	$line_bind="slavePw=\"$ldap_slave_bind_password\"" if ($line_bind=~m/^slavePw/);
344	$lines_bind.="$line_bind\n";
345}
346close(SMBLDAP_BIND);
347
348print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
349
350print "backup old configuration files:\n";
351print "  $smbldap_conf->$smbldap_conf.old\n";
352print "  $smbldap_bind_conf->$smbldap_bind_conf.old\n";
353rename "$smbldap_conf","$smbldap_conf.old";
354rename "$smbldap_bind_conf","$smbldap_bind_conf.old";
355
356print "writing new configuration file:\n";
357open (SMBLDAP,">$smbldap_conf") || die "Unable to open $smbldap_conf for writing !\n";
358print SMBLDAP "$lines";
359my $mode=0644;
360chmod $mode,"$smbldap_conf","$smbldap_conf.old";
361print "  $smbldap_conf done.\n";
362close(SMBLDAP);
363
364open (SMBLDAP_BIND,">$smbldap_bind_conf") || die "Unable to open $smbldap_bind_conf for writing !\n";
365print SMBLDAP_BIND "$lines_bind";
366$mode=0600;
367chmod $mode,"$smbldap_bind_conf","$smbldap_bind_conf.old";
368print "  $smbldap_bind_conf done.\n";
369close(SMBLDAP_BIND);
370
371
372
373