[Samba] BDC and password change program
kent
kent at mail.wareham.mec.edu
Wed Aug 31 10:15:29 GMT 2005
Hello,
How are you doing? I just switched this summer from RedHat 8.0 with compiled
versions of Samba, OpenLDAP and Berkeley DB to Fedora Core 4 with precompiled
Samba, OpenLDAP and BerkeleyDB. Here is the smb.conf from one school that is a
BDC:
[global]
workgroup = WarehamPS
encrypt passwords = Yes
time offset = 60
time server = Yes
# log level = 5
socket options = TCP_NODELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = user
username map = /etc/samba/smbusers
logon script = whs1.bat
writable = Yes
interfaces = eth0 eth1
directory mask = 02770
preferred master = yes
netbios name = whs1
server string = Fedora Core 4 SAMBA server
passdb backend = ldapsam:ldap://127.0.0.1
ldap passwd sync = Yes
machine password timeout = 604800
passwd program = /usr/bin/smbpasswd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba/%m.log
debug level = 2
max log size = 50
add machine script = /usr/sbin/addmachine.sh "%u"
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 64
domain master = No
dns proxy = no
admin users = @domain_admins
wins support = no
wins server = 172.16.0.13
wins proxy = yes
local master = yes
name resolve order = hosts wins bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no
[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
# valid users = %S
[netlogon]
root preexec = /accounts/netlogon/prelogon.pl %U
path = /accounts/netlogon
comment = Netlogon share
locking = no
browseable = yes
valid users = @whsstaff, @whsstudent, @whs-cafe, navinstall, kent
read only = yes
hide files = /.*/*dll/*DLL/*.bat/*.kix/*.rap/*pl/
write list = @domain_admins
[staff]
comment = Staff directory
path = /accounts/common
create mode = 0660
browseable = no
write list = @whsstaff
valid users = @whsstaff
[programs]
comment = Applications
path = /accounts/programs
browseable = no
create mode = 0660
write list = @whsstaff
valid users = @whsstaff
[cafeteria]
path = /accounts/cafeteria/data
browseable = no
valid users = @whs-cafe, dperry
force group = whs-cafe
create mode = 0660
directory mode = 0770
Here is the smb.conf for the PDC:
[global]
workgroup = WarehamPS
encrypt passwords = Yes
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = user
writable = Yes
interfaces = eth0 eth1
directory mask = 02770
preferred master = yes
local master = Yes
username map = /etc/samba/smbusers
netbios name = wms1
server string = Fedora Core 4 SAMBA Server
passdb backend = ldapsam:ldap://172.16.0.24
ldap passwd sync = Yes
machine password timeout = 604800
passwd program = /usr/bin/smbpasswd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
log file = /var/log/samba/%m.log
debug level = 2
max log size = 30
# add machine script = /usr/bin/smbpasswd -m %u
add machine script = /usr/sbin/addmachine.sh "%u"
logon script = wms1.bat
logon path =
logon drive = H:
logon home =
domain logons = Yes
os level = 255
domain master = Yes
dns proxy = Yes
admin users = @domain_admins
wins support = Yes
remote browse sync = 172.16.0.3 172.16.0.19 172.16.0.15 172.16.0.26
172.16.0.20 172.16.80.1
name resolve order = hosts wins bcast
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
ldap ssl = no
[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
path = %H
hide files = /.*/
[netlogon]
comment = Netlogon share
root preexec = /accounts/netlogon/prelogon.pl %U
path = /accounts/netlogon
valid users = @wmsstaff, @wmsstudent, @domain_users, @wms-cafe,
navinstall
locking = no
browseable = no
read only = yes
write list = @domain_admins
hide files = /*.dll/*.rap/*.kix/*.bat/*.pl/
[cafeteria]
path = /accounts/cafeteria/data
browseable = yes
valid users = @wms-cafe, dperry
force group = wms-cafe
create mode = 0660
directory mode = 0770
[staff]
path = /accounts/common
browseable = no
valid users = @wmsstaff
force group = wmsstaff
write list = @domain_admins, @wmsstaff
create mode = 0660
directory mode = 0770
[programs]
path = /accounts/programs
browseable = no
valid users = @wmsstaff, @techstaff
create mode = 0660
[tech]
path = /accounts/tech
browseable = no
valid users = @techstaff
force group = techstaff
write list = @techstaff
create mode = 0660
directory mode = 0770
The addmachine.sh script is my own version of an add machine. All users, groups,
computers have corresponding posix accounts in LDAP as well as Samba objectClass
and attributes. I don't use any Windows utilities to manipulate user group
information in LDAP, I have my own set of routines tailored to our system that
allows individual control of LDAP info or we can batch add/delete accounts and
user attributes by interactive shell scripts.
My question to the Samba community is still: should the password program on the
BDC talk to the PDC by smbpasswd -r <PDC address>? I'm having a little password
out of sync problem.
Kent N.
Marcio Luciano Donada <mdonada at auroraalimentos.com.br> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> kent wrote:
>
> | Hello, Just wondering what I should be using for the password
> | change program on a BDC. Should it be: passwd program =
> | /usr/bin/smbpasswd -r <PDC address> %u
> |
> | I'm having a problem with passwords not staying in sync between the
> | PDC and BDC with pass backend ldap.
> |
> | The systems are all Fedora Core 4, Samba 3.0.14a, openldap 2.2.23
> |
> | Kent N
> |
> Ola, I am trying to configure the BDC. How voce this making to add
> them you scheme in the base ldap? Voce can supply its configures
> (smb.conf) for me to give one analyzed and smbldap.conf?
>
> thank's
>
> - --
> Márcio Luciano Donada
> T.I. Aurora Alimentos Chapecó(SC)
> Cooperativa Central Oeste Catarinense
> mdonada at auroraalimentos dot com dot br
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (FreeBSD)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDFK8uyJq2hZEymxcRAlKbAJ9zHBrhgypVI1s7U5mpm/Frsan+mgCfT+Sa
> AAQEnZuvd72KHjQU5KML1mc=
> =1iV1
> -----END PGP SIGNATURE-----
>
>
More information about the samba
mailing list