[Samba] Domain Controller GPO

Taylor, Jonn jonnt at taylortelephone.com
Wed Apr 20 10:03:01 MDT 2011 

/etc/init.d/samba for CentOS or RedHat.

#!/bin/sh
#
# chkconfig: - 91 35
# description: Starts and stops the Samba daemon \
#           used to provide SMB network services.
#
# pidfile: /usr/local/samba/var/run/samba4/smbd.pid
# config:  /usr/local/samba/etc/samba4/smb.conf

SAMBA_NAME=samba

# Source function library.
if [ -f /etc/init.d/functions ] ; then
  . /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
  . /etc/rc.d/init.d/functions
else
  exit 1
fi

# Avoid using root's TMPDIR
unset TMPDIR

# Source networking configuration.
. /etc/sysconfig/network

if [ -f /etc/sysconfig/$SAMBA_NAME ]; then
   . /etc/sysconfig/$SAMBA_NAME
fi

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1

# Check that smb.conf exists.
[ -f /usr/local/samba/etc/smb.conf ] || exit 6

RETVAL=0


start() {
    echo -n $"Starting Samba services: "
    daemon /usr/local/samba/sbin/samba $SMBDOPTIONS
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /usr/local/samba/var/locks/$SAMBA_NAME || \
       RETVAL=1
    return $RETVAL
}   

stop() {
    echo -n $"Shutting down Samba services: "
    killproc samba
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /usr/local/samba/var/locks/$SAMBA_NAME
    return $RETVAL
}   

restart() {
    stop
    start
}   

reload() {
        echo -n $"Reloading smb.conf file: "
    killproc samba -HUP
    RETVAL=$?
    echo
    return $RETVAL
}   

rhstatus() {
    status samba
    return $?
}   


# Allow status as non-root.
if [ "$1" = status ]; then
       rhstatus
       exit $?
fi

# Check that we can write to it... so non-root users stop here
[ -w /usr/local/samba/etc/smb.conf ] || exit 4



case "$1" in
  start)
      start
    ;;
  stop)
      stop
    ;;
  restart)
      restart
    ;;
  reload)
      reload
    ;;
  status)
      rhstatus
    ;;
  condrestart)
      [ -f /usr/local/samba/var/locks/$SAMBA_NAME ] && restart || :
    ;;
  *)
    echo $"Usage: $0 {start|stop|restart|reload|status|condrestart}"
    exit 2
esac

exit $?


On 04/20/2011 09:47 AM, Ryan Leimenstoll wrote:
> Ok, I appreciate your suggestion. Would you be able to provide an Init
> script for Samba4 Alpha15? I am not certain on how to make one. Also, Is
> there a way to maintain my existing Samba4 powered AD Domain when upgrading?
> Thanks.
>
> On Wed, Apr 20, 2011 at 10:23 AM, timothy mcdaniel <timnboys333 at live.com>wrote:
>
>> I would redownload the git source and download the latest version of samba4
>> and compile it and provision it and then when you get the latest verison of
>> samba4(which I think is samba4 alpha 15) and then how you would change the
>> password complexity requirements in the latest version of samba4 you would
>> use samba-tool or if you do not have the samba4 bin and sbin folders in
>> your
>> path: /usr/local/samba/bin/samba-tool(this is assuming that you installed
>> the latest version of samba4 to your /usr/local folder) and you put this
>> command like this: "/usr/local/samba/bin/samba-tool pwsettings
>> --complexity=off --history-length=0 --min-pwd-length=0
>> --min-pwd-age=0" and then press enter and then it will disable the password
>> complexity on the latest version of samba4
>>> Thanks for your assistance, however the options are not recognized by the
>>> net command. Is there any other variation of those it could be?
>>> On Tue, Apr 19, 2011 at 2:49 AM, Daniel Müller <
>> mueller at tropenklinik.de>wrote:
>>
>>> Refer to my thread this list: HOWTO samba4 centos5.5 named dnsupdate drbd
>>> simple failover
>>>
>>>
>>> Password Policy Settings!!
>>>
>>> Along with Samba4 the Password Policy you can only set from console, with
>>> 'net  pwsettings ' command.
>>> net  pwsettings  –help:
>>>
>>> usage: (show | set <options>)
>>>
>>> options:
>>>  -h, --help            show this help message and exit
>>>  -H H                  LDB URL for database or target server
>>>  --quiet               Be quiet
>>>   --complexity=COMPLEXITY
>>>                        The password complexity (on | off | default).
>>> Default
>>>                        is 'on'
>>>  --history-length=HISTORY_LENGTH
>>>                        The password history length (<integer> | default).
>>>                        Default is 24.
>>>  --min-pwd-length=MIN_PWD_LENGTH
>>>                        The minimum password length (<integer> | default).
>>>                        Default is 7.
>>>  --min-pwd-age=MIN_PWD_AGE
>>>                        The minimum password age (<integer in days> |
>>>                        default).  Default is 1.
>>>  --max-pwd-age=MAX_PWD_AGE
>>>                        The maximum password age (<integer in days> |
>>>                        default).  Default is 43.
>>>
>>>   Samba Common Options:
>>>    -s FILE, --configfile=FILE
>>>                        Configuration file
>>>    -d DEBUGLEVEL, --debuglevel=DEBUGLEVEL
>>>                        debug level
>>>    --option=OPTION     set smb.conf option from command line
>>>    --realm=REALM       set the realm name
>>>
>>>  Credentials Options:
>>>    --simple-bind-dn=DN
>>>                        DN to use for a simple bind
>>>    --password=PASSWORD
>>>                        Password
>>>    -U USERNAME, --username=USERNAME
>>>                        Username
>>>    -W WORKGROUP, --workgroup=WORKGROUP
>>>                        Workgroup
>>>    -N, --no-pass       Don't ask for a password
>>>    -k KERBEROS, --kerberos=KERBEROS
>>>                        Use Kerberos
>>>
>>>  Version Options:
>>>    --version           Display version number
>>>
>>> So I set my Password Policy:
>>>
>>> net  pwsettings  set –--complexity=off
>>> net  pwsettings  set ---max-pwd-age=60 #<---60 Days
>>> net  pwsettings  set –min-pwd-length=5
>>>
>>> net  pwsettings  show:
>>>
>>> [root at node1 ~]# net pwsettings show
>>> Password informations for domain 'DC=tuebingen,DC=tst,DC=loc'
>>>
>>> Password complexity: off
>>> Password history length: 24
>>> Minimum password length: 5
>>> Minimum password age (days): 1
>>>
>>> -----------------------------------------------
>>> EDV Daniel Müller
>>>
>>> Leitung EDV
>>> Tropenklinik Paul-Lechler-Krankenhaus
>>> Paul-Lechler-Str. 24
>>> 72076 Tübingen
>>>
>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> eMail: mueller at tropenklinik.de
>>> Internet: www.tropenklinik.de
>>> -----------------------------------------------
>>> -----Ursprüngliche Nachricht-----
>>> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org
>> ]
>>> Im
>>> Auftrag von Christophe Dezé
>>> Gesendet: Dienstag, 19. April 2011 07:58
>>> An: samba at lists.samba.org
>>> Betreff: Re: [Samba] Domain Controller GPO
>>>
>>> Le 18/04/2011 21:15, Ryan Leimenstoll a écrit :
>>>> Hi All,
>>>>    I am using Samba4 Alpha12, and i am trying to edit the password
>> policy
>>>> (which I believe is derived from the PDC's policy), but I am trying to
>>>> figure out whether Samba4 can respond to GPOs. If It cannot, how would
>> I
>>>> define the password policy for the domain? Thanks.
>>> it 's maybe because 4.0.0alpha12 - wasn't released
>>>
>>>
>>> :)
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

More information about the samba mailing list