configure.pl

samba服务器！

my $sid=read_entry("  SID for domain $config{workgroup}","","$sid_tmp",0);

print ". unix password encryption: encryption used for unix passwords\n";
my $cryp_algo=read_entry("  unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)","","SSHA",0);
my $crypt_salt_format="";
if ( $cryp_algo eq "CRYPT" ) {
  print ". crypt salt format: If hash_encrypt is set to CRYPT, you may set \n";
  print "  a salt format. The default is \"\%s\", but many systems will generate\n";
  print "  MD5 hashed passwords if you use \"\$1\$\%\.8s\"\n";
  $crypt_salt_format=read_entry("  crypt salt format","","\%s",0);
}

my $default_user_gidnumber=read_entry(". default user gidNumber","","513",0);

my $default_computer_gidnumber=read_entry(". default computer gidNumber","","515",0);

my $userLoginShell=read_entry(". default login shell","","/bin/bash",0);

my $skeletonDir=read_entry(". default skeleton directory","","/etc/skel",0);

my $mailDomain=read_entry(". default domain name to append to mail adress", "","",0);

print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
my $template_smbldap="
# \$Source: /opt/cvs/samba/smbldap-tools/configure.pl,v $
# \$Id: configure.pl,v 1.17 2005/07/05 09:05:16 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools

#  This code was developped by IDEALX (http://IDEALX.org/) and
#  contributors (their names can be found in the CONTRIBUTORS file).
#
#                 Copyright (C) 2001-2002 IDEALX
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; either version 2
#  of the License, or (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
#  USA.

#  Purpose :
#       . be the configuration file for all smbldap-tools scripts

##############################################################################
#
# General Configuration
#
##############################################################################

# Put your own SID. To obtain this number do: \"net getlocalsid\".
# If not defined, parameter is taking from \"net getlocalsid\" return
SID=\"$sid\"

# Domain name the Samba server is in charged.
# If not defined, parameter is taking from smb.conf configuration file
# Ex: sambaDomain=\"IDEALX-NT\"
sambaDomain=\"$workgroup\"

##############################################################################
#
# LDAP Configuration
#
##############################################################################

# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have 
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
#   (typically a replication directory)

# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
# If not defined, parameter is set to \"127.0.0.1\"
slaveLDAP=\"$ldap_slave_server\"

# Slave LDAP port
# If not defined, parameter is set to \"389\"
slavePort=\"$ldap_slave_port\"

# Master LDAP server: needed for write operations
# Ex: masterLDAP=127.0.0.1
# If not defined, parameter is set to \"127.0.0.1\"
masterLDAP=\"$ldapmasterserver\"

# Master LDAP port
# If not defined, parameter is set to \"389\"
masterPort=\"$ldapmasterport\"

# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
# If not defined, parameter is set to \"1\"
ldapTLS=\"$ldaptls\"

# How to verify the server's certificate (none, optional or require)
# see \"man Net::LDAP\" in start_tls section for more details
verify=\"$cert_verify\"

# CA certificate
# see \"man Net::LDAP\" in start_tls section for more details
cafile=\"$cert_cafile\"

# certificate to use to connect to the ldap server
# see \"man Net::LDAP\" in start_tls section for more details
clientcert=\"$cert_clientcert\"

# key certificate to use to connect to the ldap server
# see \"man Net::LDAP\" in start_tls section for more details
clientkey=\"$cert_clientkey\"

# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix=\"$ldap_suffix\"

# Where are stored Users
# Ex: usersdn=\"ou=Users,dc=IDEALX,dc=ORG\"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn=\"ou=$ldap_user_suffix,\${suffix}\"

# Where are stored Computers
# Ex: computersdn=\"ou=Computers,dc=IDEALX,dc=ORG\"
# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
computersdn=\"ou=$ldap_machine_suffix,\${suffix}\"

# Where are stored Groups
# Ex: groupsdn=\"ou=Groups,dc=IDEALX,dc=ORG\"
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
groupsdn=\"ou=$ldap_group_suffix,\${suffix}\"

# Where are stored Idmap entries (used if samba is a domain member server)
# Ex: groupsdn=\"ou=Idmap,dc=IDEALX,dc=ORG\"
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
idmapdn=\"$ldap_idmap_suffix,\${suffix}\"

# Where to store next uidNumber and gidNumber available for new users and groups
# If not defined, entries are stored in sambaDomainName object.
# Ex: sambaUnixIdPooldn=\"sambaDomainName=\${sambaDomain},\${suffix}\"
# Ex: sambaUnixIdPooldn=\"cn=NextFreeUnixId,\${suffix}\"
sambaUnixIdPooldn=\"$sambaUnixIdPooldn,\${suffix}\"

# Default scope Used
scope=\"sub\"

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt=\"$cryp_algo\"

# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is \"\%s\", but many systems will generate MD5 hashed
# passwords if you use \"\$1\$\%\.8s\". This parameter is optional!
crypt_salt_format=\"$crypt_salt_format\"

##############################################################################
# 
# Unix Accounts Configuration
# 
##############################################################################

# Login defs
# Default Login Shell
# Ex: userLoginShell=\"/bin/bash\"
userLoginShell=\"$userLoginShell\"

# Home directory
# Ex: userHome=\"/home/\%U\"
userHome=\"$userHome\"

# Default mode used for user homeDirectory
userHomeDirectoryMode=\"$userHomeDirectoryMode\"

# Gecos
userGecos=\"System User\"

# Default User (POSIX and Samba) GID
defaultUserGid=\"$default_user_gidnumber\"

# Default Computer (Samba) GID
defaultComputerGid=\"$default_computer_gidnumber\"

# Skel dir
skeletonDir=\"$skeletonDir\"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge=\"$defaultMaxPasswordAge\"

##############################################################################
#
# SAMBA Configuration
#
##############################################################################

# The UNC path to home drives location (\%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
# Ex: userSmbHome=\"\\\\PDC-SMB3\\%U\"
userSmbHome=\"$logonhome\"

# The UNC path to profiles locations (\%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
# Ex: userProfile=\"\\\\PDC-SMB3\\profiles\\\%U\"
userProfile=\"$logonpath\"

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: userHomeDrive=\"H:\"
userHomeDrive=\"$logondrive\"

# The default user netlogon script name (\%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: userScript=\"startup.cmd\" # make sure script file is edited under dos
userScript=\"$userScript\"

# Domain appended to the users \"mail\"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain=\"idealx.com\"
mailDomain=\"$mailDomain\"

##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################

# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer Crypt::SmbHash library
with_smbpasswd=\"0\"
smbpasswd=\"/usr/bin/smbpasswd\"

# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
# but prefer Crypt:: libraries
with_slappasswd=\"0\"
slappasswd=\"/usr/sbin/slappasswd\"

# comment out the following line to get rid of the default banner
# no_banner=\"1\"
";

my $template_smbldap_bind="
############################
# Credential Configuration #
############################
# Notes: you can specify two differents configuration if you use a
# master ldap for writing access and a slave ldap server for reading access
# By default, we will use the same DN (so it will work for standard Samba
# release)
slaveDN=\"$ldap_master_admin_dn\"
slavePw=\"$ldap_master_bind_password\"
masterDN=\"$ldap_slave_admin_dn\"
masterPw=\"$ldap_slave_bind_password\"
";

print "backup old configuration files:\n";
print "  $smbldap_conf->$smbldap_conf.old\n";
print "  $smbldap_bind_conf->$smbldap_bind_conf.old\n";
rename "$smbldap_conf","$smbldap_conf.old";
rename "$smbldap_bind_conf","$smbldap_bind_conf.old";

print "writing new configuration file:\n";
open (SMBLDAP,'>',"$smbldap_conf") || die "Unable to open $smbldap_conf for writing !\n";
print SMBLDAP "$template_smbldap";
close(SMBLDAP);
print "  $smbldap_conf done.\n";
my $mode=0644;
chmod $mode,"$smbldap_conf","$smbldap_conf.old";

open (SMBLDAP_BIND,'>',"$smbldap_bind_conf") || die "Unable to open $smbldap_bind_conf for writing !\n";
print SMBLDAP_BIND "$template_smbldap_bind";
close(SMBLDAP_BIND);
print "  $smbldap_bind_conf done.\n";
$mode=0600;
chmod $mode,"$smbldap_bind_conf","$smbldap_bind_conf.old";