diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e594810 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.rpm +*.log +*spec-20* +*.tar.xz diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..d984de8 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: e-smith-samba +# $Id: Makefile,v 1.1 2016/02/05 17:16:29 stephdl Exp $ +NAME := e-smith-samba +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/README.md b/README.md index a5fb4be..8feb9b1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,15 @@ -# e-smith-samba +# e-smith-samba -SMEServer Koozali developed git repo for e-smith-samba smeserver \ No newline at end of file +SMEServer Koozali developed git repo for e-smith-samba smeserver + +## Wiki +
https://wiki.koozali.org/ + +## Bugzilla +Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-samba&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED) + +## Description + +
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.* +*Once it has been checked, then this comment will be deleted* +
diff --git a/additional/COPYING b/additional/COPYING new file mode 100644 index 0000000..eeb586b --- /dev/null +++ b/additional/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/contriborbase b/contriborbase new file mode 100644 index 0000000..ef36a67 --- /dev/null +++ b/contriborbase @@ -0,0 +1 @@ +sme10 diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..1bb2935 --- /dev/null +++ b/createlinks @@ -0,0 +1,123 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +my $panel = "manager"; +panel_link("workgroup", $panel); + +foreach (qw(samba/smb.conf samba/smbusers)) +{ + templates2events("/etc/$_", qw( + console-save + bootstrap-console-save + ibay-create + ibay-delete + ibay-modify + ibay-modify-servers + network-delete + network-create + post-install + post-upgrade + workgroup-update + e-smith-samba-update + )); +} + +foreach my $file (qw( + /etc/pam.d/samba + /etc/krb5.conf + )) +{ + templates2events($file, qw(console-save bootstrap-console-save e-smith-samba-update)); +} + +foreach (qw(console-save bootstrap-console-save bootstrap-ldap-save + post-install post-upgrade workgroup-update e-smith-samba-update)) +{ + event_link('store-ldap-smbpasswd', $_, "06"); +} + +my $event = "console-save"; + +$event = "bootstrap-ldap-save"; +templates2events("/etc/samba/smb.conf", $event); +event_link("update-domain-group-maps", $event, "56"); + +$event = "group-create"; +event_link("update-domain-group-maps", $event, "56"); +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "group-delete"; +event_link("update-domain-group-maps", $event, "14"); +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "group-modify"; +event_link("update-domain-group-maps", $event, "56"); +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "ibay-create"; +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "ibay-delete"; +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "ibay-modify"; +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "ibay-modify-servers"; +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "network-create"; +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "network-delete"; +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "post-install"; + +$event = "post-upgrade"; +event_link("user-create-profiledir", $event, "20"); + +$event = "user-create"; +event_link("user-create-profiledir", $event, "20"); +event_link("update-domain-group-maps", $event, "56"); +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "user-delete"; +event_link("update-domain-group-maps", $event, "14"); +event_link("user-delete-profiledir", $event, "20"); +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "user-modify"; +event_link("update-domain-group-maps", $event, "56"); +safe_symlink("sighup", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "workgroup-update"; +event_link("update-domain-group-maps", $event, "56"); +event_link("cleanup-domains", $event, "65"); +safe_symlink("sigterm", "root/etc/e-smith/events/$event/services2adjust/dhcpd"); +safe_symlink("sigterm", "root/etc/e-smith/events/$event/services2adjust/smbd"); +safe_symlink("sigterm", "root/etc/e-smith/events/$event/services2adjust/nmbd"); + +$event = "printer-create"; +safe_symlink("sigterm", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "printer-delete"; +event_link("delete_printer_tdb", $event, 15); +safe_symlink("sigterm", "root/etc/e-smith/events/$event/services2adjust/smbd"); + +$event = "machine-account-create"; +event_link("create-machine-account", $event, "10"); + +$event = "pre-restore"; +event_link("delete-smbpasswd", $event, "90"); + +$event = "e-smith-samba-update"; +event_link("user-create-profiledir", $event, "20"); +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/smbd"); +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/nmbd"); +# systemd-specific action mandatory for this package-update event +event_link("systemd-reload", $event, "89"); +event_link("systemd-default", $event, "88"); +templates2events("/etc/rsyslog.conf",$event); +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog"); diff --git a/e-smith-samba.spec b/e-smith-samba.spec new file mode 100644 index 0000000..46d5931 --- /dev/null +++ b/e-smith-samba.spec @@ -0,0 +1,1352 @@ +# $Id: e-smith-samba.spec,v 1.29 2022/11/29 21:28:31 jpp Exp $ + +Summary: e-smith specific Samba configuration files and templates +%define name e-smith-samba +Name: %{name} +%define version 2.6.0 +%define release 28 +Version: %{version} +Release: %{release}%{?dist} +License: GPL +Group: Networking/Daemons +Source: %{name}-%{version}.tar.xz + +Obsoletes: e-smith-netlogon +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch +BuildRequires: e-smith-devtools >= 1.13.1-03 +Obsoletes: e-smith-regedit +Requires: e-smith-lib >= 2.2.0-2 +Requires: e-smith-formmagick >= 1.4.0-9 +Requires: samba >= 3.5.10 +Requires: samba-client >= 3.5.10 +Requires: samba-common >= 3.5.10 +Obsoletes: samba3x +Obsoletes: samba3x-client +Obsoletes: samba3x-common +Obsoletes: samba3x-winbind +Obsoletes: libsmbclient <= 3.0.33 +# Obsolete SerNet packages +Obsoletes: libsmbclient0 +Obsoletes: libwbclient0 +Obsoletes: samba3 +Obsoletes: samba3-cifsmount +Obsoletes: samba3-client +Obsoletes: samba3-doc +Obsoletes: samba3-utils +Obsoletes: samba3-winbind +Requires: /usr/bin/tdbbackup +AutoReqProv: no + +%changelog +* Sat Mar 23 2024 cvs2git.sh aka Brian Read 2.6.0-28.sme +- Roll up patches and move to git repo [SME: 12338] + +* Sat Mar 23 2024 BogusDateBot +- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, + by assuming the date is correct and changing the weekday. + +* Tue Nov 29 2022 Jean-Philippe Pialasse 2.6.0-27.sme +- Fix fail to join the domain [SME: 12231] + patch from bunkobugsy ; Fix from Nico Tiana + +* Wed Nov 03 2021 Terry Fage 2.6.0-26.sme +- samba fix typo in delete v6 profile dir win10 [SME: 11725] + +* Tue Nov 02 2021 Terry Fage 2.6.0-25.sme +- samba delete v6 profile dir win10 [SME: 11725] + +* Mon Nov 01 2021 Terry Fage 2.6.0-24.sme +- samba create v6 profile dir win10 [SME: 11725] + +* Mon Apr 19 2021 Jean-Philippe Pialasse 2.6.0-23.sme +- netlogon.bat +x [SME: 11566] + +* Fri Apr 16 2021 Jean-Philippe Pialasse 2.6.0-21.sme +- add possibility to reenable allow execute always on ibays homes or everywhere [SME: 11555] + +* Fri Apr 16 2021 Jean-Philippe Pialasse 2.6.0-20.sme +- fix double entries for min protocol [SME: 11558] + +* Tue Mar 16 2021 Jean-Philippe Pialasse 2.6.0-19.sme +- clean rsyslog syntax for smbd and nmbd [SME: 11422] + +* Sun Feb 21 2021 Jean-Philipe Pialasse 2.6.0-18.sme +- fix noise in message log from nmbd and smbd redirected to dedicated logs [SME: 11349] + +* Mon Feb 15 2021 Jean-Philipe Pialasse 2.6.0-17.sme +- allow using user-create-profiledir action with temp or package-update events [SME: 11348] + +* Sun Jan 03 2021 Jean-Philipe Pialasse 2.6.0-16.sme +- fix log noise for smb.service [SME: 11157] + +* Sat Jan 02 2021 Jean-Philipe Pialasse 2.6.0-15.sme +- add Restart=always [SME: 11118] +- add Restart=always [SME: 11117] + +* Fri Jan 01 2021 Jean-Philipe Pialasse 2.6.0-14.sme +- migrate nmbd to systemd [SME: 11118] +- migrate smbd to systemd [SME: 11117] + create generik smb.service service +- create e-smith-samba-update event [SME: 11157] + +* Wed Dec 16 2020 John Crisp 2.6.0-13.sme +- Fix mutex locking [SME: 11199] + +* Thu Nov 26 2020 John Crisp 2.6.0-12.sme +- Fix pid directory [SME: 11198] + +* Mon Nov 16 2020 John Crisp 2.6.0-11.sme +- Add /etc/krb5.conf as template using templates from smeserver-samba +- [SME: 11093] + +* Sat Jun 27 2020 Jean-Philipe Pialasse 2.6.0-10.sme +- remove win98pwdcache.reg from server-resources [SME: 9060] + +* Tue Jun 23 2020 Jean-Philipe Pialasse 2.6.0-9.sme +- set min server and client protocol SMB2 [SME: 10576] + add check so max always greater than min +- add port 445 if min server protocol is SMB2 or SMB3 [SME: 10963] + +* Fri Feb 09 2018 Jean-Philipe Pialasse 2.6.0-7.sme +- fix typo in /server-resources/regedit/win10samba.reg [SME: 10515] + +* Fri Mar 24 2017 Jean-Philipe Pialasse 2.6.0-6.sme +- fix outlook error code 0x8004011c [SME: 10169] +- when setting up and email account on a win10 computer joined to a domain (with roaming profiles) + +* Fri Jul 22 2016 Jean-Philipe Pialasse 2.6.0-5.sme +- add systemd skip redirect [SME: 9688] + +* Thu Jul 14 2016 stephane de Labrusse 2.6.0-4.sme +- Fix deprecated syntax '~' in rsyslog [SME: 9398] +- added e-smith-samba-2.6.0.bz9398.DeprecatedRsyslogSyntaxSamba.patch + +* Thu May 12 2016 Daniel Berteaud 2.6.0-3.sme +- Rebuild for [SME: 9393] + +* Tue Apr 12 2016 Jean-Philipe Pialasse 2.6.0-2.sme +- dropped display charset option [SME: 9440] + +* Fri Feb 05 2016 stephane de Labrusse 2.6.0-1.sme +- Initial release to sme10 + +* Wed Sep 16 2015 stephane de Labrusse 2.4.0-22.sme +- The samba performance registry is now added in the win10samba.reg [SME: 9038] + +* Sat Sep 12 2015 stephane de Labrusse 2.4.0-20.sme +- Corrected typo in patch of bad character '“', relative to roaming profile +- e-smith-samba-2.4.0.bz9038.W10_registry.patch [SME: 9038] +- e-smith-samba-2.4.0.bz9048.RoamingProfileForW8.patch [SME: 9048] + +* Wed Sep 9 2015 stephane de Labrusse 2.4.0-18.sme +- Added e-smith-samba-2.4.0.bz9048.RoamingProfileForW8.patch +- Modified the registry file for roaming profile with W8 [SME: 9048] +- Roaming profiles follow Windows version (.V2,.V3,.V4,.V5) [SME: 9038] + +* Fri Sep 4 2015 Daniel Berteaud 2.4.0-17.sme +- Replace syslog template to rsyslog so samba audits are logged in the correct + file [SME: 9037] + +* Fri Sep 4 2015 stephane de Labrusse 2.4.0-16.sme +- added W10 support to SME Domain [SME: 9038] +- e-smith-samba-2.4.0.bz9038.W10_registry.patch + +* Thu Sep 3 2015 Daniel Berteaud 2.4.0-15.sme +- Fix samba audit parameters [SME: 9037] + Patch from Jorge Gonzalez + +* Sun Feb 2 2014 Ian Wells 2.4.0-14.sme +- Remove 20smb as migrating from pre-SME7 is not supported [SME: 7486] + +* Thu Oct 10 2013 Greg Zartman 2.4.0-13.sme +- Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots [SME:7894] + +* Fri Jul 5 2013 Ian Wells 2.4.0-12.sme +- Add template for wide links [SME: 7752] + +* Fri Jul 5 2013 Ian Wells 2.4.0-11.sme +- Add templates for max protocol [SME: 7753] + +* Fri Jul 5 2013 Ian Wells 2.4.0-10.sme +- Add support for Windows 8 domain joining & user login [SME: 7751] + +* Fri Jul 5 2013 Ian Wells 2.4.0-9.sme +- Add windows network performance enhancements registry file. [SME: 7566] + Patch from Greg Zartman. + +* Fri May 24 2013 Ian Wells 2.4.0-8.sme +- Remove 40MachineUID as not needed after e-smith-samba-2.2.0-38 [SME: 7608] + +* Tue May 21 2013 Ian Wells 2.4.0-7.sme +- Update default ServerName in 30smbServerName [SME: 7609] + +* Mon Apr 29 2013 chris burnat 2.4.0-6.sme +- Add ability to configure waiting for network Win7 registry option, patch from Greg. [SME: 7566] + +* Thu Mar 14 2013 Ian Wells 2.4.0-5.sme +- Change default Workgroup and Domain to sme-server [SME: 7482] + +* Mon Mar 11 2013 Shad L. Lords 2.4.0-4.sme +- Obsolete el5 version of libsmbclient [SME: 7273] + +* Thu Feb 21 2013 Ian Wells 2.4.0-3.sme +- Remove samba_audit specific loglotate configuration [SME: 7388] + +* Sat Feb 2 2013 Shad L. Lords 2.4.0-2.sme +- Change tdbbackup12 back to tdbbackup + +* Thu Jan 31 2013 Shad L. Lords 2.4.0-1.sme +- Roll new stream for sme9 + +* Mon Jan 21 2013 Ian Wells 2.2.0-50.sme +- Enable smb auditing per ibay [SME: 6176] + +* Thu Jan 17 2013 Shad L. Lords 2.2.0-49.sme +- Update dependency to /usr/bin/tdbbackup12 [SME: 7210] + +* Sun Jan 29 2012 Ian Wells 2.2.0-48.sme +- Obsolete only SerNet samba packages [SME: 6772] + +* Sat Jan 21 2012 Ian Wells 2.2.0-47.sme +- Obsolete SerNet samba packages, again [SME: 6772] + +* Fri Dec 23 2011 Jonathan Martens 2.2.0-46.sme +- Obsolete SerNet samba packages [SME: 6772] + +* Thu Mar 17 2011 Jonathan Martens 2.2.0-45.sme +- Revert directory requirement from 2.2.0-43 [SME: 6571] + +* Thu Mar 17 2011 Jonathan Martens 2.2.0-44.sme +- Revert changes made in 2.2.0-42 [SME: 6432] + +* Tue Mar 15 2011 Jonathan Martens 2.2.0-43.sme +- Fix separator in general smb.conf section for recycle:exclude* [SME: 6571] + +* Tue Mar 15 2011 Jonathan Martens 2.2.0-42.sme +- recycle:exclude_dir should contain directories [SME: 6432] + +* Sat Mar 12 2011 Gavin Weight 2.2.0-41.sme +- Fix Recycle Bin VFS Excludes syntax. [SME: 6432] + +* Tue Nov 30 2010 Daniel Berteaud 2.2.0-40.sme +- Create samba account during event for machine [SME: 6418] + +* Tue Nov 30 2010 Daniel Berteaud 2.2.0-39.sme +- Migrate existing machine uid in the DB (patch from Shad Lords) [SME: 6415] + +* Tue Nov 30 2010 Daniel Berteaud 2.2.0-38.sme +- Force uid/gid on machine accounts creation [SME: 6415] + +* Wed Nov 10 2010 Daniel Berteaud 2.2.0-37.sme +- Fix create-machine-accounts script [SME: 6358] + +* Fri Nov 5 2010 Shad L. Lords 2.2.0-36.sme +- Call samba-group-mapping after user events too [SME: 6339] + +* Wed Nov 3 2010 Shad L. Lords 2.2.0-35.sme +- Fix cpu critical patch missing ' [SME: 6330] + +* Wed Nov 3 2010 Daniel Berteaud 2.2.0-34.sme +- rename store-ldap-passwd and link it in other events [SME: 6332] + +* Wed Nov 3 2010 Daniel Berteaud 2.2.0-33.sme +- Store the ldap admin pw early in the bootstrap-ldap-save event [SME: 6332] + +* Wed Nov 3 2010 Shad L. Lords 2.2.0-32.sme +- Make cpu calls critical only with ldap{Auth} is enabled [SME: 6330] + +* Tue Nov 2 2010 Shad L. Lords 2.2.0-31.sme +- Always use cpu, do unix if ldap{Auth} is disabled [SME: 6321] + +* Tue Nov 2 2010 Daniel Berteaud 2.2.0-30.sme +- Fix a typo in create-machine-account [SME: 6321] + +* Tue Nov 2 2010 Shad L. Lords 2.2.0-29.sme +- Clean up old domain entries when using ldap [SME: 6322] + +* Mon Nov 1 2010 Shad L. Lords 2.2.0-28.sme +- Auth against ldap if it is master [SME: 6321] + +* Mon Nov 1 2010 Shad L. Lords 2.2.0-27.sme +- Change the way groups are modified on samba3x [SME: 6314] + +* Wed Oct 27 2010 Shad L. Lords 2.2.0-26.sme +- Change the way groups are modified on samba3x [SME: 6314] + +* Thu Oct 14 2010 Daniel Berteaud 2.2.0-25.sme +- Fix anonymous access [SME: 6254] + +* Fri Oct 8 2010 Shad L. Lords 2.2.0-24.sme +- Fix moving secrets.tdb file [SME: 6057] + +* Sat Oct 2 2010 Daniel Berteaud 2.2.0-23.sme +- Empty output when listing sensible attribtues [SME: 6254] + +* Sat Oct 2 2010 Daniel Berteaud 2.2.0-22.sme +- Add sambaSID to the list of sensible attributes [SME: 6254] + +* Sat Oct 2 2010 Daniel Berteaud 2.2.0-21.sme +- Deny access to some attributes for anonymous users [SME: 6254] + +* Thu Sep 23 2010 Daniel Berteaud 2.2.0-20.sme +- povide an option to enable lanman passwords [SME: 6229] + +* Thu Sep 23 2010 Daniel Berteaud 2.2.0-19.sme +- Add slapd support [SME: 6228] + +* Thu Jul 08 2010 Shad L. Lords 2.2.0-18.sme +- Remove require strong key part of regedit file [SME: 6119] + +* Wed Jun 23 2010 Shad L. Lords 2.2.0-17.sme +- Use samba3x package for windows 7 compatibility [SME: 5964] + +* Mon Jun 14 2010 Federico Simoncelli 2.2.0-16.sme +- Backup all the tdb files (thanks Daniel) [SME: 5856] +- Post scriptlet fix [SME: 6057] + +* Tue Mar 30 2010 Filippo Carletti 2.2.0-15.sme +- Explicitly declare samba private dir [SME: 5857] + +* Fri Mar 26 2010 Filippo Carletti 2.2.0-14.sme +- Fix tdb file paths to backup in run script [SME: 5856] + +* Wed Mar 17 2010 Jonathan Martens 2.2.0-13.sme +- Add dependency /usr/bin/tdbbackup [SME: 5851] + +* Sat Mar 6 2010 Jonathan Martens 2.2.0-12.sme +- Add missing comma in previous patch [SME: 5821] +- Silently skip non-existent profile folder [SME: 5821] + +* Sat Mar 6 2010 Jonathan Martens 2.2.0-11.sme +- Properly quote the profile folders manually [SME: 5821] + +* Sat Mar 6 2010 Jonathan Martens 2.2.0-10.sme +- Rework V2 profile patch to fix error on user-delete event [SME: 5821] + +* Sun Feb 7 2010 Shad L. Lords 2.2.0-9.sme +- Create/remove V2 profile directories [SME: 3666] + +* Sun Jan 31 2010 Jonathan Martens 2.2.0-8.sme +- Enable bindinterfaces by default [SME: 3325] + +* Sun Jan 31 2010 Stephen Noble 2.2.0-7.sme +- Set recyle bin permissions [SME: 1734] + +* Sat Dec 26 2009 Jonathan Martens 2.2.0-6.sme +- Add registry file to server-resources to allow windows 7 to + join Samba 3.x domains [SME: 5425] + +* Tue Jun 2 2009 Shad L. Lords 2.2.0-5.sme +- Fix warnings in template expansion [SME: 5309] + +* Sun Nov 23 2008 Shad L. Lords 2.2.0-4.sme +- Fix migrate fragments for samba [SME: 4777] + +* Tue Oct 28 2008 Shad L. Lords 2.2.0-3.sme +- Fix oslevel fragment for server roles [SME: 4730] + +* Mon Oct 13 2008 Shad L. Lords 2.2.0-2.sme +- Add patch to support multiple samba roles [SME: 4172] + +* Tue Oct 7 2008 Shad L. Lords 2.2.0-1.sme +- Roll new stream to separate sme7/sme8 trees [SME: 4633] + +* Sun Aug 3 2008 Jonathan Martens 1.14.1-8 +- Fix oslevel template expansion. [SME: 4470] + +* Thu Apr 3 2008 Charlie Brady 1.14.1-7 +- Disable unix extensions. [SME: 4164] + +* Fri Mar 21 2008 Shad L. Lords 1.14.1-6 +- Hide normally hidden profile files [SME: 4082] + +* Thu Mar 13 2008 Shad L. Lords 1.14.1-5 +- Fix shadowcopy with < 2 ibays/users [SME: 3862] + +* Wed Feb 13 2008 Stephen Noble 1.14.1-4 +- Remove tags now in general [SME: 3925] + +* Wed Jan 09 2008 Stephen Noble 1.14.1-3 +- Allow browsable to be disabled per ibay [SME: 2966] + +* Sat Dec 15 2007 Shad L. Lords 1.14.1-2 +- Only create admin group if Domain Admins exists [SME: 3646] + +* Sat Dec 15 2007 Shad L. Lords 1.14.1-1 +- Roll new tarball and bump version for 3.0.25b version [SME: 3495] + +* Fri Dec 14 2007 Shad L. Lords 1.14.0-36 +- admin user no longer needed in 3.0.25 [SME: 3645] + +* Fri Dec 14 2007 Shad L. Lords 1.14.0-35 +- Expand smb.conf in group events to complete #33 [SME: 3495] +- Add rid to groupmap command to fix 3.0.25b groupmap [SME: 3644] +- Add pam.d/samba to fix broken upstream package [SME: 3641] + +* Fri Nov 30 2007 Gavin Weight 1.14.0-34 +- Removed printer admin template. [SME: 3605] + +* Fri Oct 26 2007 Shad L. Lords 1.14.0-33 +- Add "Domain Admins" to admin users [SME: 3495] + +* Thu Oct 11 2007 Charlie Brady 1.14.0-32 +- Delete smbpasswd file prior to restore. [SME: 2313] + +* Wed Oct 10 2007 Charlie Brady 1.14.0-31 +- Delete printer tdb file on printer delete. [SME: 3336] + +* Sat Jun 2 2007 Shad L. Lords 1.14.0-30 +- revert last change. Breaks sme8 and is caught by pass check lib. + +* Sat Jun 2 2007 Shad L. Lords 1.14.0-29 +- pam_unix requires passwords >= 6 [SME: 3039] + +* Sun Apr 29 2007 Shad L. Lords +- Clean up spec so package can be built by koji/plague + +* Mon Apr 9 2007 Stephen Noble 1.14.0-28 +- remove use client driver in smb.conf [SME: 1583] + +* Fri Feb 16 2007 Shad L. Lords 1.14.0-27 +- Change runsvctrl to sv to support runit v1.7.x [SME: 1179] + +* Tue Jan 30 2007 Charlie Brady 1.14.0-26 +- Use full path to 'net' command consistently in update-domain-group-maps. + [SME: 2400] + +* Fri Jan 26 2007 Shad L. Lords 1.14.0-25 +- Set ServerName to SystemName after inital configuration [SME: 2378] + +* Thu Jan 25 2007 Shad L. Lords 1.14.0-24 +- Allow oplocks to be disabled per ibay [SME: 543] +- Allow veto oplock files per ibay [SME: 1784] + +* Thu Jan 25 2007 Shad L. Lords 1.14.0-23 +- Disable csc policy for roaming profiles and make optional for + ibays [SME: 1507] + +* Thu Jan 11 2007 Shad L. Lords 1.14.0-22 +- Include admin in user groups. [SME: 1950] + +* Wed Jan 10 2007 Shad L. Lords 1.14.0-21 +- Make smb fragment have same logic as copy script. + +* Wed Jan 10 2007 Shad L. Lords 1.14.0-20 +- Initial attempt at shadow copy script. [SME: 1549] + +* Wed Jan 10 2007 Shad L. Lords 1.14.0-19 +- Add success tick to workgroup panel. [SME: 1565] + +* Wed Jan 10 2007 Shad L. Lords 1.14.0-18 +- Allow workgroup name be begin with numbers. [SME: 1607] + +* Sat Jan 06 2007 Shad L. Lords 1.14.0-17 +- Rework vfs modules to allow more then just recycle bin to work. [SME: 1549] + +* Thu Jan 04 2007 Shad L. Lords 1.14.0-16 +- Backup important tdb files. [SME: 2201] + +* Wed Jan 03 2007 Shad L. Lords 1.14.0-15 +- Add template to specify logon drive. [SME: 1155] + +* Thu Dec 14 2006 Shad L. Lords 1.14.0-14 +- Fix patch to map users to groups + +* Tue Dec 12 2006 Federico Simoncelli 1.14.0-13 +- Modified the samba_check_password script to use the new validatePassword + function in esmith::util. [SME: 2100] + +* Thu Dec 07 2006 Shad L. Lords +- Update to new release naming. No functional changes. +- Make Packager generic + +* Thu Dec 07 2006 Shad L. Lords 1.14.0-12 +- Don't delete samba database. Instead rename them. + +* Fri Dec 01 2006 Shad L. Lords 1.14.0-11 +- Map user groups so roaming profiles work [SME: 1950] + +* Tue Aug 22 2006 Gordon Rowell 1.14.0-09 +* Tue Nov 14 2006 Gordon Rowell 1.14.0-10 +- Add Requires: samba{,-client,-common} to complete dependency tree [SME: 2062] + +* Tue Aug 22 2006 Gordon Rowell 1.14.0-09 +- Added templates.metadata/etc/smb.conf so that + expand-template /etc/smb.conf generates the file in /etc/samba/ [SME: 87] + +* Tue Jul 18 2006 Gordon Rowell 1.14.0-08 +- Default smb ports to 139 only to reduce log noise [SME: 1562] + +* Thu Jun 29 2006 Shad L. Lords 1.14.0-07 +- Remove samba caches if getlocalsid fails [SME: 1487] + +* Fri Jun 09 2006 Charlie Brady 1.14.0-06 +- Fix case conversion in last change. [SME: 1523] + +* Fri Jun 09 2006 Charlie Brady 1.14.0-05 +- Add password strength checking to password change via samba (thanks + Federico Simoncelli and Filippo Carletti. [SME: 1523] + +* Wed May 31 2006 Gordon Rowell 1.14.0-04 +- Remove -S flag from smbd so we get useful logs from Samba [SME: 1521] + +* Tue Apr 18 2006 Charlie Brady 1.14.0-03 +- Clean up log noise from migrate fragment. [SME: 1257] +- Clean up prep section of spec file (and renumber patches). + +* Mon Apr 10 2006 Gordon Rowell 1.14.0-02 +- Ensure that Samba notices printer add/delete [SME: 1167] + +* Thu Mar 16 2006 Gordon Rowell 1.14.0-01 +- Roll stable stream version. [SME: 1016] + +* Wed Mar 1 2006 Gordon Rowell 1.13.2-16 +- Revert veto appletalk files change. The patch is still in the SPEC + file so we can apply it later. [SME: 668] + +* Thu Feb 23 2006 Charlie Brady 1.13.2-15 +- Fix problem with creating user profile dir. [SME: 761,874] + +* Tue Feb 21 2006 Gordon Rowell 1.13.2-14 +- Relocate netlogon.bat from old location in post, not pre [SME: 768] +- Remove empty /home/netlogon directory, if we can [SME: 768] + +* Fri Feb 17 2006 Gavin Weight 1.13.2-13 +- Fix Roaming profiles strange permissions problem. [SME: 761] + +* Thu Feb 16 2006 Gavin Weight 1.13.2-12 +- Added veto files line. [SME: 668] + +* Sat Feb 4 2006 Gordon Rowell 1.13.2-11 +- Adjusted passwd chat [SME: 652] + +* Wed Jan 25 2006 Gordon Rowell 1.13.2-10 +- Add passwd and passwd chat definition so that password sync works [SME: 565] + +* Wed Jan 25 2006 Gordon Rowell 1.13.2-09 +- Fix logic in last change w.r.t. KeepVersions [SME: 429] +- Add default smb{KeepVersions} == disabled [SME: 429] + +* Tue Jan 24 2006 Gordon Rowell 1.13.2-08 +- Add fragment to add recycle bin if smb{RecycleBin} == enabled [SME: 429] +- Default smb{RecycleBin} == disabled [SME: 429] + +* Wed Dec 14 2005 Gordon Rowell 1.13.2-07 +- Default smb{OpLocks} == enabled. Setting it to disabled will + disable oplocks [SME: 318] + +* Mon Dec 05 2005 Filippo Carletti 1.13.2-06 +- Better smb.conf readability [SME067] + +* Wed Nov 30 2005 Gordon Rowell 1.13.2-05 +- Bump release number only + +* Sun Nov 20 2005 Gordon Rowell +- [1.13.2-04] +- Correct typo and escape the $ in [print$] in last fix [SF: 1357840] + +* Tue Nov 15 2005 Gordon Rowell +- [1.13.2-03] +- Create and use default for smb{UseClientDriver} [SF: 1357840] + +* Tue Nov 15 2005 Gordon Rowell +- [1.13.2-02] +- Change browsable -> browseable for consistency [SF: 1357840] + +* Fri Oct 14 2005 Gordon Rowell +- [1.13.2-01] +- Remove L10Ns from base packages [SF: 1309520] + +* Fri Oct 14 2005 Gordon Rowell +- [1.13.1-01] +- New dev stream before relocating L10Ns + +* Fri Sep 30 2005 Gordon Rowell +- [1.13.0-28] +- Added Italian L10N - Thanks Filippo Carletti [SF: 1309266] + +* Mon Sep 26 2005 Gordon Rowell +- [1.13.0-27] +- Added German L10N - Thanks Dietmar Berteld [SF: 1293325] + +* Mon Sep 19 2005 Charlie Brady +- [1.13.0-26] +- Fix hosts allow specification. [SF: 1295752] + +* Tue Aug 9 2005 Charlie Brady +- [1.13.0-25] +- Roll in content from e-smith-regedit, and obsolete it. + +* Tue Aug 2 2005 Charlie Brady +- [1.13.0-24] +- Remove redundent and deprecated use of esmith::config and esmith::db + from action scripts. + +* Tue Aug 2 2005 Shad Lords +- [1.13.0-23] +- Add TCPPorts/UDPPorts and access to smbd/nmbd [SF: 1246986] + +* Tue Jul 19 2005 Charlie Brady +- [1.13.0-22] +- Fix missing comma [SF: 1216546] + +* Mon Jul 18 2005 Charlie Brady +- [1.13.0-21] +- Avoid use of deprecated tie interface to accounts db. Use "config" + rather than "db" to fetch status in run script. [SF: 1216546] + +* Mon Jul 18 2005 Charlie Brady +- [1.13.0-20] +- Charset changes from Gordon: on new installs, default to UTF8. +- Default smb{UnixCharSet} == UTF8 +- If smb record exists (i.e. upgrade), but UnixCharSet is not defined, + set it to ISO8859-1 to maintain filenames on upgrade [SF: 1204695] + +* Wed Jun 15 2005 Charlie Brady +- [1.13.0-19] +- Restart nmbd during workgroup-update event. [SF: 1220928] + +* Tue Apr 19 2005 Charlie Brady +- [1.13.0-18] +- Need to open accounts db r/w in create-machine-account script. + +* Thu Mar 31 2005 Charlie Brady +- [1.13.0-17] +- Fix missing "use" in create-machine-account script. + +* Thu Mar 17 2005 Charlie Brady +- [1.13.0-16] +- Last fix was wrong. Real problem was typo in default property setup. +- Remove redundent restart-samba action. + +* Wed Mar 16 2005 Charlie Brady +- [1.13.0-15] +- Fix typo in workgroup property lookup in workgroup panel. + +* Sun Mar 13 2005 Charlie Brady +- [1.13.0-14] +- Group mapping fix from Shad. [MN00070553] + +* Fri Mar 11 2005 Charlie Brady +- [1.13.0-13] +- Add service entries for smbd and nmbd, which slave their own + status from the smb entry. This allows the generic service + restart stuff to work. [MN00065576] +- Fix dangling restart-dhcpd symlink. [MN00064130] + +* Wed Feb 23 2005 Charlie Brady +- [1.13.0-12] +- Unify the three group mapping scripts into one. [MN00070553] + +* Tue Feb 22 2005 Charlie Brady +- [1.13.0-11] +- Fix template expansion location of smb.conf [MN00063515] + +* Tue Feb 22 2005 Charlie Brady +- [1.13.0-10] +- Fix typo in post scriptlet. [MN00063515] + +* Tue Feb 22 2005 Charlie Brady +- [1.13.0-09] +- Add domain group mapping, contributed by Shad/Greg. [MN00070553] +- Remove anachronisms in create-machine-account script. + +* Fri Feb 18 2005 Charlie Brady +- [1.13.0-08] +- Fix small template breakages if $LocalIP is not defined. +- Fix warnings from post install script. [MN00070549] +- Remove obsolete "domain admin group" entry from /etc/smb.conf template. + [MN00063515] +- Revert to standard /etc/samba/smb.conf location for config file. + [MN00063515] + +* Fri Feb 18 2005 Charlie Brady +- [1.13.0-07] +- Fix various smb.conf template expansion probs. [MN00063515] + +* Fri Feb 18 2005 Charlie Brady +- [1.13.0-06] +- Fix typo in template fragment. Commit new files omitted from previous + checkin in error. [MN00063515] + +* Thu Feb 17 2005 Charlie Brady +- [1.13.0-05] +- Update samba configuration to use samba 3 features. Update to + current APIs. [MN00063515] +- Start nmbd before smbd. [MN00070113] + +* Thu Feb 17 2005 Charlie Brady +- [1.13.0-04] +- Use defaults mechanism to initialise database entries, and migrate + fragment to convert from deprecated db entries to current style + Obsolete conf-netlogon script. [MN00062545] +- Use generic_template_expand action where possible, in place + of specific actions. Update e-smith-lib dependency. [MN00064130] +- Use generic service adjust action for reload/restart. [MN00065576] + +* Mon Feb 7 2005 Charlie Brady +- [1.13.0-03] +- Run smbd and nmbd's multilogs as smelog user. [MN00063836] + +* Thu Feb 5 2004 Michael Soulier +- [1.13.0-02] +- Updated build dependencies. [msoulier 10992] + +* Wed Feb 4 2004 Michael Soulier +- [1.13.0-01] +- rolling to dev - 1.13.0 + +* Wed Feb 4 2004 Michael Soulier +- [1.12.0-01] +- rolling to stable - 1.12.0 + +* Wed Feb 4 2004 Mark Knox +- [1.11.0-16] +- Include rc1.d/K35smb symlink for proper shutdown in single user mode + [markk 10958] + +* Tue Nov 25 2003 Michael Soulier +- [1.11.0-15] +- Removing client driver option, to move to [printers] section. + [msoulier 10623] + +* Mon Nov 17 2003 Michael Soulier +- [1.11.0-14] +- Rolling again to pick up genfilelist change. [msoulier 10648] + +* Mon Nov 17 2003 Michael Soulier +- [1.11.0-13] +- Moved the e-smith-smb script to supervise/smb, to plan ahead. + [msoulier 6442] + +* Mon Nov 17 2003 Michael Soulier +- [1.11.0-12] +- Stopped sourcing /etc/sysconfig/samba, and fixed a syntax error in the + initscript. [msoulier 6442] + +* Mon Nov 17 2003 Michael Soulier +- [1.11.0-11] +- Rollback on serviceControl-using scripts. They were not broken. + [msoulier 6442] + +* Mon Nov 17 2003 Michael Soulier +- [1.11.0-10] +- Changed the action script code for the new initscript. [msoulier 6442] + +* Mon Nov 17 2003 Michael Soulier +- [1.11.0-09] +- Tweaked the smbd run script, and e-smith-smb. [msoulier 6442] + +* Mon Nov 17 2003 Michael Soulier +- [1.11.0-08] +- Added e-smith-smb wrapper to manage both services. [msoulier 6442] + +* Sun Nov 16 2003 Michael Soulier +- [1.11.0-07] +- Added run files for multilog. [msoulier 6442] + +* Sun Nov 16 2003 Michael Soulier +- [1.11.0-06] +- Fixing broken specfile resulting in near-empty filelist. [msoulier 6442] + +* Fri Nov 14 2003 Michael Soulier +- [1.11.0-05] +- Added supervision of smbd and nmbd. First attempt. [msoulier 6442] +- Updated createlinks script for new build library. + +* Fri Nov 14 2003 Michael Soulier +- [1.11.0-04] +- Added "use client driver" to printer conf. [msoulier 10623] + +* Fri Nov 7 2003 Michael Soulier +- [1.11.0-03] +- *sigh* Really added this time. TGIF. [msoulier 10486] + +* Fri Nov 7 2003 Michael Soulier +- [1.11.0-02] +- Added a "deadtime" option to kill connections, by default, after one week if + they are no longer active. [msoulier 10486] + +* Fri Nov 7 2003 Michael Soulier +- [1.11.0-01] +- rolling to dev stream - 1.11.0 + +* Thu Sep 11 2003 Gordon Rowell +- [1.10.0-04] +- Relocated /etc/secrets.tdb to /etc/samba [gordonr 9759] + +* Wed Sep 10 2003 Gordon Rowell +- [1.10.0-03] +- Always return "logon path" line, so that we return + "logon path =" if roaming profiles are off [gordonr 9913] + +* Wed Jul 2 2003 Gordon Rowell +- [1.10.0-02] +- Use samba defaults for preferred master and local master [gordonr 9208] +- Turn on wins support if we are the domain master [gordonr 9208] + +* Thu Jun 26 2003 Charlie Brady +- [1.10.0-01] +- Changing version to stable stream number - 1.10.0 + +* Wed Jun 18 2003 Gordon Rowell +- [1.9.0-32] +- Fix confusion in smb{DomainMaster} w.r.t. netlogons [gordonr 9064] + +* Thu Jun 12 2003 Gordon Rowell +- [1.9.0-31] +- Added missing 02setupDomainMaster [gordonr 5053] +- Corrected 11winsServer to deal with WINSServer == me [gordonr 5053] + +* Fri May 30 2003 Michael Soulier +- [1.9.0-30] +- Removed dangling symlink to conf-samba-startup. [msoulier 8808] + +* Wed May 28 2003 Gordon Rowell +- [1.9.0-29] +- Move smbpasswd file to /etc/samba/smbpasswd [gordonr 8747] + +* Mon May 26 2003 Charlie Brady +- [1.9.0-28] +- Added 'type' default fragment for the smb service. [charlieb 8785] + +* Wed May 21 2003 Lijie Deng +- [1.9.0-27] +- fix en-us, fr and es roaming profile text [lijied 5311] + +* Tue May 20 2003 Gordon Rowell +- [1.9.0-26] +- Don't worry if the use doesn't have a profile directory [gordonr 6414] + +* Tue May 20 2003 Michael Soulier +- [1.9.0-25] +- Added a defaults fragment. [msoulier 8785] +- Removed conf-samba-startup. [msoulier 8785] + +* Thu May 15 2003 Gordon Rowell +- [1.9.0-24] +- Made use of esmith::ConfigDB::wins_server [gordonr 5053] + +* Tue May 13 2003 Gordon Rowell +- [1.9.0-23] +- Rationalised smb{WINSServer} and smb{DomainMaster} handling [gordonr 5053] + +* Tue May 6 2003 Lijie Deng +- [1.9.0-22] +- Add Spanish lexicon for workgroup [lijied 3793] + +* Mon Apr 14 2003 Gordon Rowell +- [1.9.0-21] +- preferred master should not be set if WINSServer is set [gordonr 6849] + +* Mon Apr 14 2003 Lijie Deng +- [1.9.0-20] +- Limited the workgroup name to 15 characters [lijied 4971] + +* Fri Apr 11 2003 Lijie Deng +- [1.9.0-19] +- Changed workgroup and servername to lower case again [lijied 7371] + +* Wed Apr 9 2003 Michael Soulier +- [1.9.0-18] +- Fixed french lexicon for workgroup question. [msoulier 5311] + +* Wed Apr 9 2003 Lijie Deng +- [1.9.0-17] +- Changed workgroup and servername to lower case before validation + and storage [lijied 7371] + +* Mon Apr 7 2003 Gordon Rowell +- [1.9.0-16] +- Create new netlogon directory before trying to relocate netlogon.bat + [gordonr 8060] + +* Thu Apr 3 2003 Lijie Deng +- [1.9.0-15] +- Removed Mitel Networks branding [lijied 8016] + +* Tue Apr 1 2003 Gordon Rowell +- [1.9.0-14] +- Fix c&p error in %pre [gordonr 5241] + +* Tue Apr 1 2003 Gordon Rowell +- [1.9.0-13] +- Do the relocation in the SPEC file so we don't have a stray + directory [gordonr 5241] + +* Tue Apr 1 2003 Gordon Rowell +- [1.9.0-12] +- Relocate netlogon.bat -> /home/e-smith/files/samba/netlogon/netlogon.bat + [gordonr 5241] + +* Tue Apr 1 2003 Gordon Rowell +- [1.9.0-11] +- Removed conf-dhcpd symlinks - now done in run script [gordonr 7771] + +* Fri Mar 28 2003 Michael Soulier +- [1.9.0-10] +- Re-worded the text in the workgroup panel. [msoulier 5311] +- Added french translation of that re-wording. [msoulier 5311] + +* Fri Mar 28 2003 Lijie Deng +- [1.9.0-09] +- Modified French lexicon to use lang="fr", rename the lexicon + directory to fr [lijied 6787] + +* Tue Mar 11 2003 Mike Dickson +- [1.9.0-08] +- restricted length of workgroup entry to 15 characters [miked 4388] + +* Thu Mar 6 2003 Lijie Deng +- [1.9.0-07] +- Modified workgroup panel order [lijied 7356] + +* Wed Mar 5 2003 Lijie Deng +- [1.9.0-06] +- Split en-us lexicon from workgroup panel [lijied 4030] + +* Fri Feb 28 2003 Lijie Deng +- [1.9.0-05] +- Added French lexicon for workgroup. [lijied 5003] + +* Wed Jan 29 2003 Charlie Brady +- [1.9.0-04] +- Delete obsolete special case "primary" fragment in smb.conf. + [charlieb 5652] + +* Thu Jan 2 2003 Gordon Rowell +- [1.9.0-03] +- Split conf-samba-startup from e-smith-base/conf-startup +- Relocated reload-samba from e-smith-base [gordonr 5509] + +* Mon Dec 9 2002 Mike Dickson +- [1.9.0-02] +- updates for new UI [miked 5494] + +* Wed Nov 20 2002 Mike Dickson +- [1.9.0-01] +- Changing to development stream; version upped to 1.9.0 + +* Fri Oct 11 2002 Charlie Brady +- [1.8.0-01] +- Roll to maintained version number to 1.8.0 + +* Tue Oct 8 2002 Mark Knox +- [1.7.2-08] +- Removed stray DESCRIPTION tag from panel [markk 5135] + +* Thu Sep 19 2002 Charlie Brady +- [1.7.2-07] +- Fix i-bay section of smb.conf template [charlieb 4949] + +* Fri Sep 13 2002 Gordon Rowell +- [1.7.2-06] +- Allow smb|WINSServerOverride property which is automagically pushed into + the smb|WINSServer property before expanding Samba templates [gordonr 4590] + +* Fri Sep 13 2002 Gordon Rowell +- [1.7.2-05] +- Allow domain master setting if smb|WINSServer set to this box [gordonr 4840] + +* Tue Sep 10 2002 Mark Knox +- [1.7.2-04] +- Minor refactoring of the last change [markk 3786] + +* Tue Sep 10 2002 Mark Knox +- [1.7.2-03] +- Remove deprecated split on pipe [markk 3786] + +* Fri Aug 23 2002 Charlie Brady +- [1.7.2-02] +- Add -M flag to useradd, to prevent creation of /noexistingpath [charlieb 4660] + +* Wed Aug 7 2002 Charlie Brady +- [1.7.2-01] +- Change default for oplocks from false to true, and add enable of kernel + oplocks (although it's the default anyway. [charlieb 4520] + +* Wed Jul 31 2002 Charlie Brady +- [1.7.1-01] +- Use PAM password change rather than external passwd program and chat + script. [charlieb 4433] + +* Wed Jun 5 2002 Charlie Brady +- [1.7.0-01] +- Changing version to maintained stream number to 1.7.0 + +* Mon Jun 3 2002 Charlie Brady +- [1.6.2-01] +- Add "pid directory" template fragment to smb.conf, to make samba 2.2.4 + happy (it otherwise wants to use the non-existent /var/run/samba). + [charlie 3685] + +* Mon Jun 3 2002 Charlie Brady +- [1.6.1-01] +- Revert the posix locking change to the Profile share. We have rebuilt + samba 2.2.4 under the 2.2.19 kernel as a better fix to the locking problem. + [charlie 3685] + +* Mon Jun 3 2002 Charlie Brady +- [1.6.0-01] +- Changing version to maintained stream number to 1.6.0 + +* Thu May 30 2002 Charlie Brady +- [1.5.11-01] +- Disable posix locking for the Profile share, as a workaround for + some locking wierdness with Win2K when saving roaming profiles. + [charlie 3685] + +* Tue May 28 2002 Kirrily Robert +- [1.5.10-01] +- Fixed servername validation so dots are not allowed [skud 3695] + +* Thu May 23 2002 Gordon Rowell +- [1.5.8-01] +- RPM rebuild forced by cvsroot2rpm + +* Thu May 23 2002 Charlie Brady +- [1.5.7-01] +- Update workgroup panel test code to no longer refer to legacy Samba* + config entries. [charlieb 3160] + +* Wed May 22 2002 Charlie Brady +- [1.5.6-01] +- Migrate obsolete Samba{DomainMaster,Workgroup,ServerName} settings + in conf-samba then delete any of these if found. [charlieb 3160] + +* Tue May 7 2002 Gordon Rowell +- [1.5.5-01] +- Further rework of the 11logon{Home,Path} fragments to allow setting + of smb|LogonPath and smb|LogonHome without having to choose + smb|RoamingProfiles [gordonr 3072] + +* Mon May 6 2002 Gordon Rowell +- [1.5.4-01] +- Localise SAVE button [gordonr 3220] +- Added nav bar entries [gordonr 3155] + +* Fri May 3 2002 Charlie Brady +- [1.5.3-01] +- Woops, create empty /etc/e-smith/tests in %build. [charlieb 3343] + +* Fri May 3 2002 Charlie Brady +- [1.5.2-01] +- Remove /etc/e-smith/tests/.dummy, and instead create empty + /etc/e-smith/tests in %build. [charlieb 3343] + +* Wed May 1 2002 Gordon Rowell +- [1.5.1-01] +- restart-nmbd should exit 0 nicely if smb service is disabled [gordonr 3325] + +* Mon Apr 29 2002 Gordon Rowell +- [1.5.0-01] +- Rolling to development stream +- Always set up logon home and logon path. The Samba defaults are not + particularly useful, and we want them to be defined to empty if + not defined in the config db and we are not domain master [gordonr 3072] + +* Wed Apr 17 2002 Adrian Chung +- [1.4.2-01] +- Stop workgroup panel from getting and setting old legacy Samba* values. +- Panel now gets/sets 'smb' properties. + +* Mon Apr 15 2002 Gordon Rowell +- [1.4.1-01] +- Language en->en-us + +* Wed Apr 10 2002 Adrian Chung +- [1.4.0-01] +- Remerging text change for domain controller setting into i18n'd panel. + [mac #3020] + +* Wed Apr 10 2002 Kirrily Robert +- [1.3.9-01] +- Added i18n'd workgroup panel [skud #3032] + +* Tue Apr 9 2002 Adrian Chung +- [1.3.8-01] +- Change quoting of %u to use single quotes in addUserScript template for + smb.conf. [adrianc #3023] + +* Wed Apr 3 2002 Adrian Chung +- [1.3.7-01] +- Quote %u in add user script directive in smb.conf and remove unnecessary + first line. [adrianc #3023] + +* Tue Apr 02 2002 Gordon Rowell +- [1.3.6-01] +- D'Oh sama -> samba + +* Tue Apr 02 2002 Gordon Rowell +- [1.3.5-01] +- Create missing profiles and printer driver directories + +* Tue Apr 02 2002 Gordon Rowell +- [1.3.4-01] +- fix restart-nmbd to still start if it can't be stopped [tonyc #2764] + +* Tue Mar 26 2002 Adrian Chung +- [1.3.3-01] +- Modify text in web panel to say "leave set to default, or no if another + server is already performing this function" with respect to domain master + setting. [mac - #3020] + +* Tue Mar 12 2002 Adrian Chung +- [1.3.2-01] +- Make WINSServer property override value for DomainMaster, PreferredMaster, + and LocalMaster. + +* Tue Mar 12 2002 Adrian Chung +- [1.3.1-01] +- rollRPM: Rolled version number to 1.3.1-01. Includes patches up to 1.3.0-02. + +* Fri Feb 15 2002 Charlie Brady +- [1.3.0-02] +- Migrate Samba* configuration items to properties of the smb service. + +* Thu Feb 14 2002 Charlie Brady +- [1.3.0-01] +- rollRPM: Rolled version number to 1.3.0-01. Includes patches up to 1.2.0-02. + +* Thu Jan 03 2002 Charlie Brady +- [1.2.0-02] +- Reconfigure and restart dhcpd in workgroup update event, in case a + WINS server has been added. See #2364. +- Purge prep section of lots of stuff which is no longer required + since the rollRPM. + +* Tue Dec 11 2001 Jason Miller +- [1.2.0-01] +- rollRPM: Rolled version number to 1.2.0-01. Includes patches up to 1.1.0-34. + +* Tue Dec 4 2001 Adrian Chung +- [1.1.0-34] +- Adding workgroup panel, removed from e-smith-base. +- Minor text change, s/a Windows server/another server + +* Mon Dec 03 2001 Charlie Brady +- [1.1.0-33] +- Add conf-samba back into post-install event. Required for initial + password set. + +* Fri Nov 30 2001 Gordon Rowell +- [1.1.0-32] +- Check for user-deleted type in user-delete-profiledir + +* Fri Nov 30 2001 Gordon Rowell +- [1.1.0-31] +- Extra slosh required in 11logonPath + +* Fri Nov 30 2001 Gordon Rowell +- [1.1.0-30] +- Changed group of profiles parent directory to shared to make it searchable +- Replaced %N (NIS server) with %L (Netbios name) in 11logon{Home,Path} +- Reinstated [profiles] share and change logon path to use it +- Added action to user-{create,delete} to add/remove the profile subdirectory +- Added action to post-upgrade to create profiles for existing users +- New smb property RoamingProfiles - defaulting to "no" in conf-samba, + which disables logon {home,path} and [profiles] share + +* Wed Nov 28 2001 Gordon Rowell +- [1.1.0-29] +- Reduced "printer admin" and "domain admin group" to the "admin" user + +* Tue Nov 27 2001 Charlie Brady +- [1.1.0-28] +- Undo the "Adminstrator" => "admin" mapping +- Remove smb.conf fragment which adds reference to smbusers +- Replace smbusers fragment so that the file now says "# this + file is not used". + +* Mon Nov 26 2001 Gordon Rowell +- [1.1.0-27] +- Remove /etc/smbusers - created empty in init-passwords, but never used + until now + +* Mon Nov 26 2001 Gordon Rowell +- [1.1.0-26] +- Templated /etc/samba/smbusers +- Map "Administrator" for domain logons -> admin +- Note: a local (non-domain) logon still gets treated/ignored as guest +- The property smb|AdminstratorAccount (default Administrator) can be + used to specify an alternate Administrator account when that account is + renamed on the Win* clients + +* Tue Nov 20 2001 Gordon Rowell +- [1.1.0-25] +- Make printer$ share writable in the normal way, restricted by Unix + permissions (admin:admin) + +* Tue Nov 20 2001 Gordon Rowell +- [1.1.0-24] +- Make /etc/smbpasswd 0600,admin,root - allows "admin" to join domains +- create-machine-account: SUID/SGID root - the script is called as + "admin" by Samba, but needs to be "root" to add Unix accounts +- create-machine-account: setRealToEffective really become root or locking + the Unix account fails with "Only root can do that" +- create-machine-account: Auto-create machine account in accounts database. + This should be fixed by allowing admin to write to the db fragments + +* Mon Nov 19 2001 Gordon Rowell +- [1.1.0-23] +- Added extra slosh to strings in 11logon{Home,Path} and fixed c&p typo + +* Mon Nov 19 2001 Gordon Rowell +- [1.1.0-22] +- Check for smb|...|LogonHome and smb|...|LogonPath in those fragments + Default to ~/._winprofile as before, but allow overrides, for example + set to empty for local profiles. 4.1.2+e-smith-netlogon and 5.0 both + defaulted to roaming profiles +- Explicitly return an empty string from some fragments if + $SambaDomainMaster=no, just to be tidy +- Used new e-smith-devtools to set /home/e-smith/files/samba to + 02755,admin,admin and removed explicit chmod from prep + +* Thu Nov 15 2001 Gordon Rowell +- [1.1.0-21] +- Commented out code in create-machine-account which called smbpasswd. +- Samba does this by itself, but we may want to enable it later if this + script is ever called outside Samba. + +* Wed Nov 14 2001 Gordon Rowell +- [1.1.0-20] +- Moved profiles to ~user/._winprofile - somewhat better that .profile :-) +- Commented out [Profiles] share, since we are no longer using it + +* Wed Nov 14 2001 Gordon Rowell +- [1.1.0-19] +- Made printer driver directories 0755, per "Samba Unleashed" + +* Wed Nov 14 2001 Gordon Rowell +- [1.1.0-18] +- Removed conf-samba from post-install - done in bootstrap-console-save +- Moved all profiles (Win9x and WinNT/2K) under ~user/.profile +- Rewrote machine-account-create as an event +- Note: Unfortunately Samba currently requires the user "root" to + create machine accounts (i.e. enter "root" as the user on the client machine) + A SUID script allows 'admin' to do all of the tasks, but the client gets: + "Unable to add or change accounts on the domain. The account information + entered does not grant sufficient privilege to create or change accounts". +- Made printer driver directories world-writable + +* Mon Nov 12 2001 Gordon Rowell +- [1.1.0-17] +- %L (logon server) -> %N (this server) in 11logonPath (as for 11logonHome) + +* Mon Nov 12 2001 Gordon Rowell +- [1.1.0-16] +- Swapped 11logon{Home,Path}, added extra backslashes - thanks Greg Zartman + and others + +* Fri Nov 9 2001 Gordon Rowell +- [1.1.0-15] +- Left-justified output +- Removed some redundant use esmith::db lines and implied "return" statements + +* Fri Nov 2 2001 Gordon Rowell +- [1.1.0-14] +- Suppressed more comments from output file +- Renamed all [global] fragments to 11* + +* Fri Nov 2 2001 Gordon Rowell +- [1.1.0-13] +- Hid all commented-out parameters from output file (remove fragments later) +- Removed more comments from output file +- Unified indentation + +* Thu Nov 1 2001 Gordon Rowell +- [1.1.0-12] +- Added 11level2Oplocks fragment to disable level2 oplocks +- Removed "share modes" options from [netlogon] share and cleaned up template + +* Thu Nov 1 2001 Gordon Rowell +- [1.1.0-11] +- Added 61Profilesshare fragment + +* Thu Nov 1 2001 Gordon Rowell +- [1.1.0-10] +- Removed netlogon comments from output file + +* Thu Nov 1 2001 Gordon Rowell +- [1.1.0-09] +- Protect logon {home,path} with hard quotes and indent to match others + +* Thu Nov 1 2001 Gordon Rowell +- [1.1.0-08] +- Added printers and profiles directories +- Need to verify permissions on these directories, Darrell had 777 for all + +* Thu Nov 1 2001 Gordon Rowell +- [1.1.0-07] +- Merged in changes from dmc-mitel-samba-2.2.2-0 - Thanks Darrell May +- Moved machine-account-create from e-smith-base + +* Thu Nov 1 2001 Gordon Rowell +- [1.1.0-06] +- Merged (and Obsoleted) e-smith-netlogon + +* Thu Nov 1 2001 Gordon Rowell +- [1.1.0-05] +- guest ok = no, map to guest = never + +* Mon Oct 22 2001 Charlie Brady +- [1.1.0-04] +- Add action scripts and workgroup web panel plus associated symlinks + +* Thu Oct 4 2001 Gordon Rowell +- [1.1.0-03] +- Removed comments from output file + +* Thu Oct 4 2001 Gordon Rowell +- [1.1.0-02] +- Removed template-{begin,end} + +* Thu Oct 4 2001 Gordon Rowell +- [1.1.0-01] +- Split from e-smith-base +- This version only contains the smb.conf template fragments + +%description +Configuration files and templates for the Samba daemon. + +%prep +%setup +rm -rf root/service root/var/service root/etc/rc.d + +%build +perl createlinks + +%install +rm -rf $RPM_BUILD_ROOT +(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) +/sbin/e-smith/genfilelist \ + --file '/sbin/e-smith/systemd/nmbd-prepare' 'attr(0554,root,root)' \ + --file '/sbin/e-smith/systemd/smbd-prepare' 'attr(0554,root,root)' \ + --dir '/var/log/smbd' 'attr(2750,smelog,smelog)' \ + --dir '/var/log/nmbd' 'attr(2750,smelog,smelog)' \ + --file '/sbin/e-smith/samba_check_password' 'attr(0555,root,root)' \ + $RPM_BUILD_ROOT \ + > %{name}-%{version}-filelist +echo "%doc COPYING" >> %{name}-%{version}-filelist + +%pre +if [ $1 -gt 1 ] ; then + if [ -e /var/service/smbd/run ] ; then + /usr/bin/sv d smbd + /usr/bin/sv d smbd/log + fi +fi +if [ $1 -gt 1 ] ; then + if [ -e /var/service/nmbd/run ] ; then + /usr/bin/sv d nmbd + /usr/bin/sv d nmbd/log + fi +fi + + +%clean +rm -rf $RPM_BUILD_ROOT + +%files -f %{name}-%{version}-filelist +%defattr(-,root,root) diff --git a/root/etc/e-smith/db/accounts/defaults/netlogon/Comment b/root/etc/e-smith/db/accounts/defaults/netlogon/Comment new file mode 100644 index 0000000..561e073 --- /dev/null +++ b/root/etc/e-smith/db/accounts/defaults/netlogon/Comment @@ -0,0 +1 @@ +placeholder for netlogon share diff --git a/root/etc/e-smith/db/accounts/defaults/netlogon/type b/root/etc/e-smith/db/accounts/defaults/netlogon/type new file mode 100644 index 0000000..b45f76f --- /dev/null +++ b/root/etc/e-smith/db/accounts/defaults/netlogon/type @@ -0,0 +1 @@ +netlogon diff --git a/root/etc/e-smith/db/configuration/defaults/krb5/DNSLookupKDC b/root/etc/e-smith/db/configuration/defaults/krb5/DNSLookupKDC new file mode 100644 index 0000000..27ba77d --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/krb5/DNSLookupKDC @@ -0,0 +1 @@ +true diff --git a/root/etc/e-smith/db/configuration/defaults/krb5/DNSLookupRealm b/root/etc/e-smith/db/configuration/defaults/krb5/DNSLookupRealm new file mode 100644 index 0000000..c508d53 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/krb5/DNSLookupRealm @@ -0,0 +1 @@ +false diff --git a/root/etc/e-smith/db/configuration/defaults/krb5/type b/root/etc/e-smith/db/configuration/defaults/krb5/type new file mode 100644 index 0000000..f92f363 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/krb5/type @@ -0,0 +1 @@ +configuration diff --git a/root/etc/e-smith/db/configuration/defaults/nmbd/UDPPorts b/root/etc/e-smith/db/configuration/defaults/nmbd/UDPPorts new file mode 100644 index 0000000..a72d6a2 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/nmbd/UDPPorts @@ -0,0 +1 @@ +137,138 diff --git a/root/etc/e-smith/db/configuration/defaults/nmbd/access b/root/etc/e-smith/db/configuration/defaults/nmbd/access new file mode 100644 index 0000000..3e18ebf --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/nmbd/access @@ -0,0 +1 @@ +private diff --git a/root/etc/e-smith/db/configuration/defaults/nmbd/status b/root/etc/e-smith/db/configuration/defaults/nmbd/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/nmbd/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/nmbd/type b/root/etc/e-smith/db/configuration/defaults/nmbd/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/nmbd/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/defaults/smb/DeadTime b/root/etc/e-smith/db/configuration/defaults/smb/DeadTime new file mode 100644 index 0000000..72058b9 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/DeadTime @@ -0,0 +1 @@ +10080 diff --git a/root/etc/e-smith/db/configuration/defaults/smb/KeepVersions b/root/etc/e-smith/db/configuration/defaults/smb/KeepVersions new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/KeepVersions @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/smb/OpLocks b/root/etc/e-smith/db/configuration/defaults/smb/OpLocks new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/OpLocks @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/smb/OsLevel b/root/etc/e-smith/db/configuration/defaults/smb/OsLevel new file mode 100644 index 0000000..8f92bfd --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/OsLevel @@ -0,0 +1 @@ +35 diff --git a/root/etc/e-smith/db/configuration/defaults/smb/RecycleBin b/root/etc/e-smith/db/configuration/defaults/smb/RecycleBin new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/RecycleBin @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/smb/RoamingProfiles b/root/etc/e-smith/db/configuration/defaults/smb/RoamingProfiles new file mode 100644 index 0000000..7ecb56e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/RoamingProfiles @@ -0,0 +1 @@ +no diff --git a/root/etc/e-smith/db/configuration/defaults/smb/ServerRole b/root/etc/e-smith/db/configuration/defaults/smb/ServerRole new file mode 100644 index 0000000..10b799d --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/ServerRole @@ -0,0 +1 @@ +WS diff --git a/root/etc/e-smith/db/configuration/defaults/smb/ShadowCount b/root/etc/e-smith/db/configuration/defaults/smb/ShadowCount new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/ShadowCount @@ -0,0 +1 @@ +10 diff --git a/root/etc/e-smith/db/configuration/defaults/smb/ShadowDir b/root/etc/e-smith/db/configuration/defaults/smb/ShadowDir new file mode 100644 index 0000000..084dab5 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/ShadowDir @@ -0,0 +1 @@ +/home/e-smith/files/.shadow diff --git a/root/etc/e-smith/db/configuration/defaults/smb/UnixCharSet b/root/etc/e-smith/db/configuration/defaults/smb/UnixCharSet new file mode 100644 index 0000000..f4501e8 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/UnixCharSet @@ -0,0 +1 @@ +UTF8 diff --git a/root/etc/e-smith/db/configuration/defaults/smb/UseClientDriver b/root/etc/e-smith/db/configuration/defaults/smb/UseClientDriver new file mode 100644 index 0000000..7cfab5b --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/UseClientDriver @@ -0,0 +1 @@ +yes diff --git a/root/etc/e-smith/db/configuration/defaults/smb/Workgroup b/root/etc/e-smith/db/configuration/defaults/smb/Workgroup new file mode 100644 index 0000000..8529af5 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/Workgroup @@ -0,0 +1 @@ +sme-server diff --git a/root/etc/e-smith/db/configuration/defaults/smb/status b/root/etc/e-smith/db/configuration/defaults/smb/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/smb/type b/root/etc/e-smith/db/configuration/defaults/smb/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smb/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/defaults/smbd/TCPPorts b/root/etc/e-smith/db/configuration/defaults/smbd/TCPPorts new file mode 100644 index 0000000..f88faf9 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smbd/TCPPorts @@ -0,0 +1 @@ +139,445 diff --git a/root/etc/e-smith/db/configuration/defaults/smbd/access b/root/etc/e-smith/db/configuration/defaults/smbd/access new file mode 100644 index 0000000..3e18ebf --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smbd/access @@ -0,0 +1 @@ +private diff --git a/root/etc/e-smith/db/configuration/defaults/smbd/status b/root/etc/e-smith/db/configuration/defaults/smbd/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smbd/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/smbd/type b/root/etc/e-smith/db/configuration/defaults/smbd/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/smbd/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/migrate/30smbServerName b/root/etc/e-smith/db/configuration/migrate/30smbServerName new file mode 100644 index 0000000..31f392d --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/30smbServerName @@ -0,0 +1,9 @@ +{ +# Set ServerName to SystemName after inital configuration. + my $smb = $DB->get('smb') || return; + my $srvName = $smb->prop('ServerName') || 'sme-server'; + my $sysName = $DB->get('SystemName') || return; + + return unless $srvName =~ m#sme-server#; + $smb->set_prop('ServerName', $sysName->value); +} diff --git a/root/etc/e-smith/db/configuration/migrate/31smbDisplayCharset b/root/etc/e-smith/db/configuration/migrate/31smbDisplayCharset new file mode 100644 index 0000000..428af4a --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/31smbDisplayCharset @@ -0,0 +1,7 @@ +{ + # Display Charset has been dropped in Samba 4 + my $a = $DB->get("smb") or return; + return unless (exists $smb{'DisplayCharSet'}); + $DB->get_prop_and_delete('smb', 'DisplayCharSet'); +} + diff --git a/root/etc/e-smith/events/actions/cleanup-domains b/root/etc/e-smith/events/actions/cleanup-domains new file mode 100644 index 0000000..bc72621 --- /dev/null +++ b/root/etc/e-smith/events/actions/cleanup-domains @@ -0,0 +1,56 @@ +#!/usr/bin/perl -w + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::util; +use Net::LDAP; + +my $c = esmith::ConfigDB->open_ro; + +# Don't attempt to update ldap unles master +exit(0) unless ($c->get('ldap')->prop('Authentication') || 'disabled') eq 'enabled'; + +my $l = $c->get('ldap'); +my $status = $l->prop('status') || "disabled"; +unless ($status eq "enabled" ) +{ + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); +} + +my $domain = $c->get('DomainName') +|| die("Couldn't determine domain name"); +$domain = $domain->value; + +my $base = esmith::util::ldapBase ($domain); +my $pw = esmith::util::LdapPassword(); + +my $ldap = Net::LDAP->new('localhost') + or die "$@"; + +$ldap->bind( + dn => "cn=root,$base", + password => $pw +); + +my $smb = $c->get('smb'); +my $domName = $smb->prop('Workgroup') || 'sme-server'; +if ( ($smb->prop('ServerRole') || 'WS') eq 'WS' ) +{ + $domName = $smb->prop('ServerName') || 'sme-server'; +} + +my $result = $ldap->search( base => $base, + filter => "(&(objectClass=sambaDomain)(!(sambaDomainName=$domName)))", + scope => 'one' +); +die "failed looking up sambaDomainName entry: ", $result->error if $result->code; + +foreach ($result->entries) +{ + $_->delete; + $_->update($ldap); +} diff --git a/root/etc/e-smith/events/actions/create-machine-account b/root/etc/e-smith/events/actions/create-machine-account new file mode 100644 index 0000000..fdd6103 --- /dev/null +++ b/root/etc/e-smith/events/actions/create-machine-account @@ -0,0 +1,140 @@ +#!/usr/bin/perl -w +#---------------------------------------------------------------------- +# copyright (C) 2001 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.e-smith.com for details. +#---------------------------------------------------------------------- +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::AccountsDB; +use esmith::util; + +my $a = esmith::AccountsDB->open || die "Couldn't open accounts db\n"; +my $c = esmith::ConfigDB->open_ro || die "Could not open Config DB"; + +my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled'; +my $x = 0; # exit value + +my $domain = $c->get('DomainName')->value(); +my $base = esmith::util::ldapBase ($domain); + +my $event = $ARGV [0]; +my $machineName = $ARGV [1]; + +die "machine name $machineName is not a valid machine account name" + unless ( $machineName =~ /\$$/ ); + +my $m = $a->get($machineName); +if ($m) +{ + my $type = $m->prop('type'); + die "$machineName is not a machine account" + unless ($type eq "machine"); +} +else +{ + # Auto-create the accounts database entry. This is bad form, but + # the Samba "add user script" is called as the user "admin", who + # does not currently have permissions to write to the config database + $m = $a->new_record($machineName, {type => "machine"}); +} + +my $lock = undef; +my $uid; +unless ($uid = $m->prop('Uid')) +{ + use esmith::lockfile; + + $lock = esmith::lockfile::LockFileOrWait("/home/e-smith/db/accounts"); + $uid = $a->get_next_uid; + $m->set_prop('Uid', $uid); +} +my $gid = $m->prop('Gid') || $uid; + +# We really, really need to be root to run "passwd -l" +esmith::util::setRealToEffective(); + +warn "create-machine-account $machineName: Creating Unix user and group\n"; + +if ($ldapauth ne 'enabled') +{ + # Create the machine's unique group first + system( + "/usr/sbin/groupadd", + "-g", + $gid, + $machineName + ) == 0 or ( $x = 255, warn "Failed to create (unix) group $machineName.\n" ); + + # Now create the machine account + system( + "/usr/sbin/useradd", + "-u", $uid, + "-g", $gid, + "-c", "Hostname account for $machineName", + "-M", + "-d", "/noexistingpath", + "-s", "/bin/false", + "$machineName" + ) == 0 or ( $x = 255, warn "Failed to create (unix) account $machineName.\n" ); + + system("/usr/bin/passwd", "-l", "$machineName") == 0 + or ( $x = 255, warn "Failed locking (unix) password for $machineName\n" ); +} + +# Create the machine's unique group first (in ldap) +system( + "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd", + "-g", $gid, + "-o", + "$machineName" + ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $machineName.\n" ); + +# Now create the machine account (in ldap) +system( + "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd", + "-u", $uid, + "-g", $gid, + "--userbase=ou=Computers,$base", + "-c", "Hostname account for $machineName", + "-o", + "-d", "/noexistingpath", + "-s", "/bin/false", + "$machineName" + ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $machineName.\n" ); + +warn "create-machine-account $machineName: Locking account\n"; + +system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", + "--userbase=ou=Computers,$base", + "-o", + "-L", + "$machineName" +) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed locking (ldap) password for $machineName\n" ); + +if ($ldapauth ne 'enabled') +{ + warn "create-machine-account $machineName: Creating smbpasswd account\n"; + + system("/usr/bin/smbpasswd", "-a", "-m", "$machineName") == 0 + or warn "Could not create smb password entry for $machineName\n"; +} +exit ($x); diff --git a/root/etc/e-smith/events/actions/delete-smbpasswd b/root/etc/e-smith/events/actions/delete-smbpasswd new file mode 100644 index 0000000..28a71b3 --- /dev/null +++ b/root/etc/e-smith/events/actions/delete-smbpasswd @@ -0,0 +1,2 @@ +#! /bin/sh +exec rm -f /etc/samba/smbpasswd diff --git a/root/etc/e-smith/events/actions/delete_printer_tdb b/root/etc/e-smith/events/actions/delete_printer_tdb new file mode 100644 index 0000000..6d4f988 --- /dev/null +++ b/root/etc/e-smith/events/actions/delete_printer_tdb @@ -0,0 +1,6 @@ +#! /bin/sh + +ACTION=$1 +PRINTER=$2 + +exec rm -f /var/cache/samba/printing/$PRINTER.tdb diff --git a/root/etc/e-smith/events/actions/shadow-copy-rotate b/root/etc/e-smith/events/actions/shadow-copy-rotate new file mode 100644 index 0000000..561fe4f --- /dev/null +++ b/root/etc/e-smith/events/actions/shadow-copy-rotate @@ -0,0 +1,130 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use POSIX qw(strftime); +use File::Path; +use File::Basename; +use esmith::ConfigDB; +use esmith::AccountsDB; + +# Routines taken from powershift of rlbackup +sub stagger; +sub powershift; +sub shadowdir; +sub rmshadow; + +my $cdb = esmith::ConfigDB->open_ro; +my $adb = esmith::AccountsDB->open_ro(); + +my $smb = $cdb->get('smb') or die "No smb db entry found\n"; +my $shadowdir = $smb->prop('ShadowDir') || '/home/e-smith/files/.shadow'; +my $shadowcopy = $smb->prop('ShadowCopy') || 'disabled'; +my $offset = ($smb->prop('ShadowCount') || 2) - 2; +$offset = 0 if $offset < 0; + +exit unless -d $shadowdir; +exit if $shadowcopy eq 'disabled'; + +my $filesdir = '/home/e-smith/files'; +my $snapfmt = '@GMT-%Y.%m.%d-%H.%M.%S'; + +# Switch old shadow directories to new format +opendir(SHADOW, $shadowdir); +foreach my $s ( grep { /^\d/ && ! -l "$shadowdir/$_" && -d "$shadowdir/$_" } readdir SHADOW ) { + my @stat = stat("$shadowdir/$s"); + rename "$shadowdir/$s", "$shadowdir/".strftime($snapfmt, gmtime($stat[9])); + symlink strftime($snapfmt, gmtime($stat[9])), "$shadowdir/$s"; +} +closedir(SHADOW); + +# remove old symlinks in ibays +foreach my $ibay ($adb->ibays()) { + my $ibaydir = 'ibays/' . $ibay->key . ( $ibay->prop('PublicAccess') eq 'none' ? '/files' : '' ); + + opendir(IBAY, "$filesdir/$ibaydir") || next; + unlink "$filesdir/$ibaydir/$_" foreach (grep /^\@GMT-/, readdir(IBAY)); + closedir(IBAY); +} + +# remove old symlinks in ibays +foreach my $user ($adb->users()) { + my $userdir = 'users/' . $user->key . '/home'; + + opendir(USER, "$filesdir/$userdir") || next; + unlink "$filesdir/$userdir/$_" foreach (grep /^\@GMT-/, readdir(USER)); + closedir(USER); +} + +# Create sync point if it doesn't already exist +my $snapdir = strftime($snapfmt, gmtime(time)); +if ( -d "$shadowdir/0" ) { + rename "$shadowdir/".readlink("$shadowdir/0"), "$shadowdir/$snapdir"; + unlink "$shadowdir/0"; +} else { + mkdir "$shadowdir/$snapdir"; +} +symlink "$snapdir", "$shadowdir/0"; + +# Create list of ibays and users to shadow +my ($ibays, $users, $link) = ('','',''); +my @ibays = grep { ($_->prop('ShadowCopy') || 'enabled') ne 'disabled' } $adb->ibays(); +$ibays = "$filesdir/./ibays/{" . join(',', map { $_->key } @ibays) . "}/" if scalar @ibays > 1; +$ibays = "$filesdir/./ibays/" . $ibays[0]->key . "/" if scalar @ibays == 1; +my @users = grep { ($_->prop('ShadowCopy') || 'enabled') ne 'disabled' } $adb->users(); +$users = "$filesdir/./users/{" . join(',', map { $_->key } @users) . "}/home/" if scalar @users > 1; +$users = "$filesdir/./users/" . $users[0]->key . "/home/" if scalar @users == 1; +$link = "--link-dest ../1" if -d "$shadowdir/1"; + +# Sync directories to shadow directory +if ( $ibays || $users) { + system("rsync -aHmR --partial --delete --delete-excluded --exclude 'aquota.*' $link $ibays $users $shadowdir/0/") == 0 + or die "Couldn't sync directories"; +} + +# Shift directories using geometric roll-off (only if different) +if ( -d "$shadowdir/1" ) { + if (system("diff -qr $shadowdir/0 $shadowdir/1 &> /dev/null") == 0) { + rmshadow("$shadowdir/0"); + } else { + powershift(2) if -d shadowdir(-$offset); + for (my $i=2; $i >= -$offset; $i--) { + rename shadowdir($i), shadowdir($i+1) + } + } +} else { + rename "$shadowdir/0", "$shadowdir/1"; +} + +sub rmshadow { + my $d = shift; + if ( -l "$d" ) { + rmtree dirname($d)."/".readlink($d); + unlink "$d"; + } elsif ( -d "$d" ) { + rmtree "$d" + } +} + +sub shadowdir { + my $i = shift; + return "$shadowdir/".($i+$offset); +} + +sub stagger { + my $i = shift; + return $i + ($i >> 1); +} + +sub powershift { + my $i = shift; + if ( -d shadowdir(stagger($i)) ) { + my $n = powershift($i << 1); + $i = $n >> 1; + rename shadowdir(stagger($i)), shadowdir($n) if -d shadowdir(stagger($i)); + rmshadow(shadowdir($i)); + } else { + rename shadowdir($i), shadowdir(stagger($i)) if -d shadowdir($i); + } + return $i; +} diff --git a/root/etc/e-smith/events/actions/store-ldap-smbpasswd b/root/etc/e-smith/events/actions/store-ldap-smbpasswd new file mode 100644 index 0000000..a14e706 --- /dev/null +++ b/root/etc/e-smith/events/actions/store-ldap-smbpasswd @@ -0,0 +1,40 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2010 Firewall Services +# daniel@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#---------------------------------------------------------------------- + +use esmith::ConfigDB; +use esmith::util; + +my $c = esmith::ConfigDB->open_ro; +my $l = $c->get('ldap') || die "ldap service not found\n"; +my $s = $l->prop('status') || 'disabled'; +unless ( $s eq 'enabled' ){ + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); +} +exit(0) unless ($l->prop('Authentication') || 'disabled') eq 'enabled'; + +my $domain = $c->get("DomainName") + || die("Could not determine domain name"); +my $base = esmith::util::ldapBase ($domain->value); +my $pw = esmith::util::LdapPassword(); + +die "Error storing LDAP password in secret.tdb\n" unless + system('/usr/bin/smbpasswd', '-w', "$pw") == 0; diff --git a/root/etc/e-smith/events/actions/update-domain-group-maps b/root/etc/e-smith/events/actions/update-domain-group-maps new file mode 100644 index 0000000..32a438e --- /dev/null +++ b/root/etc/e-smith/events/actions/update-domain-group-maps @@ -0,0 +1,106 @@ +#!/usr/bin/perl -w + +package esmith; + +use strict; +use Errno; +use esmith::AccountsDB; +use esmith::ConfigDB; +use esmith::util; + +# events: console-save, bootstrap-console-save, group-modify-samba, group-create +# post-install, post-upgrade, workgroup-update +my $debug = "--debuglevel=1"; + +my $a = esmith::AccountsDB->open_ro or die "Couldn't open accounts db\n"; +my $c = esmith::ConfigDB->open_ro or die "Could not open Config DB"; + +my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled'; +my $pw = esmith::util::LdapPassword(); + +my $g = `/usr/bin/net getlocalsid`; +unless ($g =~ /SID.*is: (.+)/) { + warn "Unable to determine SID. Clearning cache to see if it helps."; + rename '/etc/samba/secrets.tdb','/etc/samba/secrets.'.time; + rename '/var/cache/samba/gencache.tdb','/var/cache/samba/gencache.'.time; + rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time; + $g = `/usr/bin/net getlocalsid`; + $g =~ /SID.*is: (.+)/ or die "Could not get current sid\n"; + if ($ldapauth eq 'enabled') + { + # Add the LDAP admin password in secret.tdb + warn "Couldn't add LDAP password in secret.tdb\n" unless + system("/usr/bin/smbpasswd", "-w", "$pw") == 0; + } +} +my $local_sid = $1; + +my %mappings = ( + 'Domain Admins' => 'admin', + 'Domain Users' => 'shared', + 'Domain Guests' => 'nobody', + (map { $_->prop('FirstName')." ".$_->prop('LastName'), $_->key } $a->users()), + (map { $_->prop('Description'), $_->key } $a->groups())); + +$mappings{$a->get_prop('admin','FirstName')." ".$a->get_prop('admin','LastName')} = 'admin' unless $mappings{'Domain Admins'} eq 'admin'; + +my %ridmap = ( + 'Domain Admins' => '512', + 'Domain Users' => '513', + 'Domain Guests' => '514'); + +my %sidmap = (); +foreach (`/usr/bin/net groupmap list`) +{ + chomp; + if (/^(.*?) \((S-.*-(\d+))\) -> (.*)$/) + { + my ($nt, $sid, $rid, $group) = ($1, $2, $3, $4); + + # Skip local groups + next if ($sid =~ /^S-1-5-32-\d+$/); + + if (exists $mappings{$nt}) + { + if ($ridmap{$nt} && $ridmap{$nt} ne $rid) + { + # Wrong (old?) sid + system('/usr/bin/net','groupmap','delete',"sid=$sid"); + } + elsif ($sid =~ /^$local_sid-/) + { + my $ug = $mappings{$nt}; + if ($group eq $ug) + { + $sidmap{$nt} = 'done'; + } + else + { + system('/usr/bin/net','groupmap','delete',"sid=$sid"); + } + } + else + { + # Wrong (old?) sid + system('/usr/bin/net','groupmap','delete',"sid=$sid"); + } + } + else + { + # Non existant group + system('/usr/bin/net','groupmap','delete',"sid=$sid"); + } + } +} + +foreach (keys %mappings) +{ + next if $sidmap{$_} && $sidmap{$_} eq 'done'; + system('/usr/bin/net',$debug, + 'groupmap','add', + "ntgroup=$_", + "unixgroup=" . $mappings{$_}, + $ridmap{$_} ? "rid=$ridmap{$_}" : (), + $sidmap{$_} && ! $ridmap{$_} ? "sid=$sidmap{$_}" : (), + 'type=d'); +} diff --git a/root/etc/e-smith/events/actions/user-create-profiledir b/root/etc/e-smith/events/actions/user-create-profiledir new file mode 100644 index 0000000..af6d961 --- /dev/null +++ b/root/etc/e-smith/events/actions/user-create-profiledir @@ -0,0 +1,59 @@ +#!/usr/bin/perl -w +#---------------------------------------------------------------------- +# copyright (C) 2001-2005 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +#---------------------------------------------------------------------- +package esmith; + +use strict; +use Errno; +use esmith::util; + +use esmith::AccountsDB; +my $adb = esmith::AccountsDB->open_ro(); + +my $event = $ARGV [0]; + +my @users = ('admin', map { $_->key } $adb->users); + +my @newusers = ( not defined $ARGV[1] ) ? @users : $ARGV[1] ; + +foreach my $user ( @newusers ) +{ + die "$user is not a user account\n" + unless ( grep /^$user$/, @users ); + + my @dirs = ("/home/e-smith/files/samba/profiles/$user","/home/e-smith/files/samba/profiles/${user}.V2", + "/home/e-smith/files/samba/profiles/${user}.V3","/home/e-smith/files/samba/profiles/${user}.V4", + "/home/e-smith/files/samba/profiles/${user}.V5","/home/e-smith/files/samba/profiles/${user}.V6"); + + foreach my $dir (@dirs) + { + my $pre_existing = ( -d $dir ); + + $pre_existing || mkdir $dir, 700 || die "Couldn't create directory $dir\n"; + + chmod 0700, $dir; # Remove setgid bit + + next if $pre_existing; + + esmith::util::chownFile($user, $user, $dir) || + die "Couldn't change ownership of $dir\n"; + } +} + +exit (0); diff --git a/root/etc/e-smith/events/actions/user-delete-profiledir b/root/etc/e-smith/events/actions/user-delete-profiledir new file mode 100644 index 0000000..c8ab8dd --- /dev/null +++ b/root/etc/e-smith/events/actions/user-delete-profiledir @@ -0,0 +1,50 @@ +#!/usr/bin/perl -w +#---------------------------------------------------------------------- +# copyright (C) 1999-2005 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +#---------------------------------------------------------------------- +package esmith; + +use strict; +use Errno; +use File::Path; + +use esmith::AccountsDB; +my $adb = esmith::AccountsDB->open_ro(); + +my $event = $ARGV [0]; +my $account = $ARGV [1]; + +$a = $adb->get($account) || undef; +unless ( defined $a && $a->prop('type') eq "user-deleted" ) +{ + warn "$account is not a user account\n"; + exit (0); +} + +my @dirs = ("/home/e-smith/files/samba/profiles/$account","/home/e-smith/files/samba/profiles/$account.V2", + "/home/e-smith/files/samba/profiles/$account.V3","/home/e-smith/files/samba/profiles/$account.V4", + "/home/e-smith/files/samba/profiles/$account.V5","/home/e-smith/files/samba/profiles/$account.V6"); + +foreach (@dirs) { + + next unless -d $_; + rmtree( $_ ) || die "Couldn't remove tree $_\n"; + +} + +exit (0); diff --git a/root/etc/e-smith/events/bootstrap-console-save/.gitignore b/root/etc/e-smith/events/bootstrap-console-save/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/console-save/.gitignore b/root/etc/e-smith/events/console-save/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/group-create/.gitignore b/root/etc/e-smith/events/group-create/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/group-delete/.gitignore b/root/etc/e-smith/events/group-delete/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/group-modify/.gitignore b/root/etc/e-smith/events/group-modify/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/ibay-create/.gitignore b/root/etc/e-smith/events/ibay-create/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/ibay-delete/.gitignore b/root/etc/e-smith/events/ibay-delete/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/ibay-modify-servers/.gitignore b/root/etc/e-smith/events/ibay-modify-servers/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/ibay-modify/.gitignore b/root/etc/e-smith/events/ibay-modify/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/machine-account-create/.gitignore b/root/etc/e-smith/events/machine-account-create/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/network-create/.gitignore b/root/etc/e-smith/events/network-create/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/network-delete/.gitignore b/root/etc/e-smith/events/network-delete/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/post-install/.gitignore b/root/etc/e-smith/events/post-install/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/post-upgrade/.gitignore b/root/etc/e-smith/events/post-upgrade/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/printer-create/.gitignore b/root/etc/e-smith/events/printer-create/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/printer-delete/.gitignore b/root/etc/e-smith/events/printer-delete/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/user-create/.gitignore b/root/etc/e-smith/events/user-create/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/user-delete/.gitignore b/root/etc/e-smith/events/user-delete/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/user-modify/.gitignore b/root/etc/e-smith/events/user-modify/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/events/workgroup-update/.gitignore b/root/etc/e-smith/events/workgroup-update/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/workgroup b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/workgroup new file mode 100644 index 0000000..4a71510 --- /dev/null +++ b/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/workgroup @@ -0,0 +1,85 @@ + + + + FORM_TITLE + Change workgroup settings + + + DESC_WORKGROUP + + + + + + LABEL_WORKGROUP + Windows workgroup + + + DESC_SERVERNAME + Enter the name that this server should use for + Windows and Macintosh file sharing. + + + LABEL_SERVERNAME + Server Name + + + DESC_PDC + No if another server is already performing this + role on your network.]]> + + + + LABEL_PDC + Workgroup and Domain Controller + + + DESC_ROAM + No unless you have + experience administering server-based Windows roaming profiles and + know that this feature is required. + ]]> + + + + LABEL_ROAM + Roaming profiles + + + SUCCESS + + The new workgroup settings have been saved + + + + INVALID_WORKGROUP + The workgroup name must begin with a letter (upper or lower + case), followed by any combination of letters, numbers, + underscores, periods and hyphens. + + + + INVALID_SERVERNAME + The server name must begin with a letter (upper or lower case), + followed by any combination of letters, numbers, underscores and + hyphens. + + + + INVALID_WORKGROUP_MATCHES_SERVERNAME + The server and workgroup names match, when compared in lower case. + These values must be different in order for filesharing to be turned on. + + + + Workgroup + Workgroup + + diff --git a/root/etc/e-smith/templates.metadata/etc/samba/smb.conf b/root/etc/e-smith/templates.metadata/etc/samba/smb.conf new file mode 100644 index 0000000..9326e78 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/samba/smb.conf @@ -0,0 +1,2 @@ +TEMPLATE_PATH="/etc/smb.conf" +OUTPUT_FILENAME="/etc/samba/smb.conf" diff --git a/root/etc/e-smith/templates.metadata/etc/smb.conf b/root/etc/e-smith/templates.metadata/etc/smb.conf new file mode 100644 index 0000000..9326e78 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/smb.conf @@ -0,0 +1,2 @@ +TEMPLATE_PATH="/etc/smb.conf" +OUTPUT_FILENAME="/etc/samba/smb.conf" diff --git a/root/etc/e-smith/templates/etc/krb5.conf/00usedb b/root/etc/e-smith/templates/etc/krb5.conf/00usedb new file mode 100644 index 0000000..c585982 --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/00usedb @@ -0,0 +1,3 @@ +{ + use esmith::db; +} diff --git a/root/etc/e-smith/templates/etc/krb5.conf/02disableprofiledir b/root/etc/e-smith/templates/etc/krb5.conf/02disableprofiledir new file mode 100644 index 0000000..1b478af --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/02disableprofiledir @@ -0,0 +1,3 @@ +# Configuration snippets may be placed in this directory as well +# See https://bugs.contribs.org/show_bug.cgi?id=11093 +#includedir /etc/krb5.conf.d/ diff --git a/root/etc/e-smith/templates/etc/krb5.conf/05logging b/root/etc/e-smith/templates/etc/krb5.conf/05logging new file mode 100644 index 0000000..d3813ae --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/05logging @@ -0,0 +1,4 @@ +[logging] + default = FILE:/var/log/krb5libs.log + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log diff --git a/root/etc/e-smith/templates/etc/krb5.conf/10libdefaults b/root/etc/e-smith/templates/etc/krb5.conf/10libdefaults new file mode 100644 index 0000000..c7793c5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/10libdefaults @@ -0,0 +1 @@ +[libdefaults] diff --git a/root/etc/e-smith/templates/etc/krb5.conf/15settings b/root/etc/e-smith/templates/etc/krb5.conf/15settings new file mode 100644 index 0000000..b46d859 --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/15settings @@ -0,0 +1,6 @@ + ticket_lifetime = 24h + renew_lifetime = 7d + forwardable = true + rdns = false + default_ccache_name = KEYRING:persistent:%{uid} + \ No newline at end of file diff --git a/root/etc/e-smith/templates/etc/krb5.conf/20default_realm b/root/etc/e-smith/templates/etc/krb5.conf/20default_realm new file mode 100644 index 0000000..8a3f474 --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/20default_realm @@ -0,0 +1,8 @@ +{ + my $workgroup = $smb{Workgroup} || 'sme-server'; + my $realm = $smb{realm} || $workgroup . "." . $DomainName; + + my $default_realm = $smb{realm} || $workgroup . "." .$DomainName; + + "default_realm = $default_realm"; +} diff --git a/root/etc/e-smith/templates/etc/krb5.conf/25dns_lookup_realm b/root/etc/e-smith/templates/etc/krb5.conf/25dns_lookup_realm new file mode 100644 index 0000000..9dc43d4 --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/25dns_lookup_realm @@ -0,0 +1,5 @@ +{ + my $dns_lookup_realm = $krb5{DNSLookupRealm} || 'false'; + + "dns_lookup_realm = $dns_lookup_realm"; +} diff --git a/root/etc/e-smith/templates/etc/krb5.conf/30dns_lookup_kdc b/root/etc/e-smith/templates/etc/krb5.conf/30dns_lookup_kdc new file mode 100644 index 0000000..79b9c90 --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/30dns_lookup_kdc @@ -0,0 +1,5 @@ +{ + my $dns_lookup_kdc = $krb5{DNSLookupKDC} || 'true'; + + "dns_lookup_kdc = $dns_lookup_kdc"; +} diff --git a/root/etc/e-smith/templates/etc/krb5.conf/40realms b/root/etc/e-smith/templates/etc/krb5.conf/40realms new file mode 100644 index 0000000..6da6be1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/40realms @@ -0,0 +1,5 @@ +[realms] +# EXAMPLE.COM = { +# kdc = kerberos.example.com +# admin_server = kerberos.example.com +# } diff --git a/root/etc/e-smith/templates/etc/krb5.conf/50domain_realm b/root/etc/e-smith/templates/etc/krb5.conf/50domain_realm new file mode 100644 index 0000000..a3cd7b9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/krb5.conf/50domain_realm @@ -0,0 +1,3 @@ +[domain_realm] +# .example.com = EXAMPLE.COM +# example.com = EXAMPLE.COM diff --git a/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schemaSamba b/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schemaSamba new file mode 100644 index 0000000..4d883bb --- /dev/null +++ b/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schemaSamba @@ -0,0 +1 @@ +include /etc/openldap/schema/samba.schema diff --git a/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexesSamba b/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexesSamba new file mode 100644 index 0000000..946b3a6 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexesSamba @@ -0,0 +1,4 @@ +index sambaSID eq,pres +index sambaPrimaryGroupSID eq,pres +index sambaDomainName eq,pres + diff --git a/root/etc/e-smith/templates/etc/openldap/slapd.conf/94acls10sambaPasswords b/root/etc/e-smith/templates/etc/openldap/slapd.conf/94acls10sambaPasswords new file mode 100644 index 0000000..e9a80f8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openldap/slapd.conf/94acls10sambaPasswords @@ -0,0 +1,13 @@ +access to attrs=sambaNTPassword + by self peername.ip="127.0.0.1" read + by self ssf=128 read + by anonymous peername.ip="127.0.0.1" auth + by anonymous ssf=128 auth + by * none +access to attrs=sambaLMPassword + by self peername.ip="127.0.0.1" read + by self ssf=128 read + by anonymous peername.ip="127.0.0.1" auth + by anonymous ssf=128 auth + by * none + diff --git a/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls76sambaSamAccount b/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls76sambaSamAccount new file mode 100644 index 0000000..fb8dce7 --- /dev/null +++ b/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls76sambaSamAccount @@ -0,0 +1,8 @@ +{ + +# Sensible attributes related to sambaSamAccount +push @users, qw/sambaAcctFlags sambaBadPasswordCount sambaBadPasswordTime sambaKickoffTime sambaLogoffTime sambaLogonHours sambaPasswordHistory sambaSID sambaPrimaryGroupSID sambaPwdCanChange sambaPwdLastSet sambaPwdMustChange sambaUserWorkstations sambaSIDList sambaGroupType/; + +$OUT .= ''; + +} diff --git a/root/etc/e-smith/templates/etc/pam.d/samba/20auth b/root/etc/e-smith/templates/etc/pam.d/samba/20auth new file mode 100644 index 0000000..30a751f --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/samba/20auth @@ -0,0 +1,4 @@ +auth required pam_nologin.so +auth { -f "/lib/security/pam_pwdb.so" || + -f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" : + "include system-auth" } diff --git a/root/etc/e-smith/templates/etc/pam.d/samba/30account b/root/etc/e-smith/templates/etc/pam.d/samba/30account new file mode 100644 index 0000000..6b209c2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/samba/30account @@ -0,0 +1,3 @@ +account { -f "/lib/security/pam_pwdb.so" || + -f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" : + "include system-auth" } diff --git a/root/etc/e-smith/templates/etc/pam.d/samba/40password b/root/etc/e-smith/templates/etc/pam.d/samba/40password new file mode 100644 index 0000000..3025f3e --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/samba/40password @@ -0,0 +1,3 @@ +password { -f "/lib/security/pam_pwdb.so" || + -f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" : + "include system-auth" } diff --git a/root/etc/e-smith/templates/etc/pam.d/samba/50session b/root/etc/e-smith/templates/etc/pam.d/samba/50session new file mode 100644 index 0000000..56cccaa --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/samba/50session @@ -0,0 +1,3 @@ +session { -f "/lib/security/pam_pwdb.so" || + -f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" : + "include system-auth" } diff --git a/root/etc/e-smith/templates/etc/pam.d/samba/template-begin b/root/etc/e-smith/templates/etc/pam.d/samba/template-begin new file mode 100644 index 0000000..9d5a11a --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/samba/template-begin @@ -0,0 +1,8 @@ +{ + $OUT = <wins_server; + + ""; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/10globals b/root/etc/e-smith/templates/etc/smb.conf/10globals new file mode 100644 index 0000000..c15107a --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/10globals @@ -0,0 +1,17 @@ +{ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not many any basic syntactic errors. +# +#======================= Global Settings ===================================== +} +[global] diff --git a/root/etc/e-smith/templates/etc/smb.conf/10recyclebin b/root/etc/e-smith/templates/etc/smb.conf/10recyclebin new file mode 100644 index 0000000..0989ff2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/10recyclebin @@ -0,0 +1,11 @@ +{ + $OUT = ""; + return unless (($smb{'RecycleBin'} || 'disabled') eq 'enabled'); + + $vfs->{recycle}->{versions} = ($smb{'KeepVersions'} || 'disabled') eq 'enabled' ? "True" : "False"; + $vfs->{recycle}->{repository} = "Recycle Bin"; + $vfs->{recycle}->{keeptree} = "True"; + $vfs->{recycle}->{touch} = "True"; + $vfs->{recycle}->{exclude} = "*.tmp,*.temp,*.o,*.obj,~\$*"; + $vfs->{recycle}->{exclude_dir} = "tmp,temp,cache"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/10shadowcopy b/root/etc/e-smith/templates/etc/smb.conf/10shadowcopy new file mode 100644 index 0000000..d7107fe --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/10shadowcopy @@ -0,0 +1,8 @@ +{ + $OUT = ""; + return unless (($smb{'ShadowCopy'} || 'disabled') eq 'enabled'); + + $vfs->{shadow_copy2}->{snapdir} = $smb{ShadowDir} || '/home/e-smith/files/.shadow'; + $vfs->{shadow_copy2}->{basedir} = "/home/e-smith/files"; + $vfs->{shadow_copy2}->{fixinodes} = 'yes'; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11addMachineScript b/root/etc/e-smith/templates/etc/smb.conf/11addMachineScript new file mode 100644 index 0000000..54bfda7 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11addMachineScript @@ -0,0 +1,4 @@ +{ +# Script to setup machine accounts +} +add machine script = /sbin/e-smith/signal-event machine-account-create '%u' diff --git a/root/etc/e-smith/templates/etc/smb.conf/11bindInterfacesOnly b/root/etc/e-smith/templates/etc/smb.conf/11bindInterfacesOnly new file mode 100644 index 0000000..f8fc963 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11bindInterfacesOnly @@ -0,0 +1,5 @@ +{ +# This global parameter allows the Samba admin to limit what +# interfaces on a machine will serve smb requests. +} +bind interfaces only = yes diff --git a/root/etc/e-smith/templates/etc/smb.conf/11caseSensitive b/root/etc/e-smith/templates/etc/smb.conf/11caseSensitive new file mode 100644 index 0000000..c9835c7 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11caseSensitive @@ -0,0 +1,4 @@ +{ +# Be very careful with case sensitivity - it can break things! +} +case sensitive = no diff --git a/root/etc/e-smith/templates/etc/smb.conf/11deadtime b/root/etc/e-smith/templates/etc/smb.conf/11deadtime new file mode 100644 index 0000000..ea0e3d9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11deadtime @@ -0,0 +1,7 @@ +{ + $OUT = ""; + if ($smb{DeadTime}) + { + $OUT .= "deadtime = $smb{DeadTime}"; + } +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11defaultCase b/root/etc/e-smith/templates/etc/smb.conf/11defaultCase new file mode 100644 index 0000000..42acddd --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11defaultCase @@ -0,0 +1,4 @@ +{ +# Default case is normally upper case for all DOS files +# ; default case = lower +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11dnsProxy b/root/etc/e-smith/templates/etc/smb.conf/11dnsProxy new file mode 100644 index 0000000..4f8f050 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11dnsProxy @@ -0,0 +1,6 @@ +{ +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. +} +dns proxy = no diff --git a/root/etc/e-smith/templates/etc/smb.conf/11domainController b/root/etc/e-smith/templates/etc/smb.conf/11domainController new file mode 100644 index 0000000..fa58b05 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11domainController @@ -0,0 +1,5 @@ +{ +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +# ; domain controller = +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11domainLogons b/root/etc/e-smith/templates/etc/smb.conf/11domainLogons new file mode 100644 index 0000000..c840c53 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11domainLogons @@ -0,0 +1,3 @@ +{ + "domain logons = " . ( $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$} ? "yes" : "no" ); +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11domainMaster b/root/etc/e-smith/templates/etc/smb.conf/11domainMaster new file mode 100644 index 0000000..6a93a1d --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11domainMaster @@ -0,0 +1,3 @@ +{ + "domain master = " . ( $smb{ServerRole} =~ m{^(PDC|ADS)$} ? "yes" : "no" ); +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11dosCharSet b/root/etc/e-smith/templates/etc/smb.conf/11dosCharSet new file mode 100644 index 0000000..71677a9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11dosCharSet @@ -0,0 +1,5 @@ +{ + my $DosCharSet = $smb{'DosCharSet'} || "850"; + + "dos charset = $DosCharSet"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11encryptPasswords b/root/etc/e-smith/templates/etc/smb.conf/11encryptPasswords new file mode 100644 index 0000000..4b1b47e --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11encryptPasswords @@ -0,0 +1,6 @@ +{ +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +} +encrypt passwords = yes diff --git a/root/etc/e-smith/templates/etc/smb.conf/11execute b/root/etc/e-smith/templates/etc/smb.conf/11execute new file mode 100644 index 0000000..0959b45 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11execute @@ -0,0 +1,5 @@ +{ + $OUT = ""; + $OUT .= "acl allow execute always = yes\n" if ( ( $smb{'AllowExecute'} || 'disabled') eq "enabled" ); +} + diff --git a/root/etc/e-smith/templates/etc/smb.conf/11guestAccount b/root/etc/e-smith/templates/etc/smb.conf/11guestAccount new file mode 100644 index 0000000..a1d176c --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11guestAccount @@ -0,0 +1,5 @@ +{ +# This is a username which will be used for access to services which +# are specified as 'guest ok'. +} +guest account = public diff --git a/root/etc/e-smith/templates/etc/smb.conf/11guestOk b/root/etc/e-smith/templates/etc/smb.conf/11guestOk new file mode 100644 index 0000000..be87cbb --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11guestOk @@ -0,0 +1,5 @@ +{ +# If this parameter is 'yes' for a service, then no password is +# required to connect to the service. +} +guest ok = no diff --git a/root/etc/e-smith/templates/etc/smb.conf/11hostsAllow b/root/etc/e-smith/templates/etc/smb.conf/11hostsAllow new file mode 100644 index 0000000..007bc88 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11hostsAllow @@ -0,0 +1,12 @@ +{ +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page + + use esmith::NetworksDB; + my $ndb = esmith::NetworksDB->open_ro; + my @access = $ndb->local_access_spec; + "hosts allow = @access"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11include b/root/etc/e-smith/templates/etc/smb.conf/11include new file mode 100644 index 0000000..4d60982 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11include @@ -0,0 +1,6 @@ +{ +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +# ; include = /etc/smb.conf.%m +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11interfaces b/root/etc/e-smith/templates/etc/smb.conf/11interfaces new file mode 100644 index 0000000..e3a2c30 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11interfaces @@ -0,0 +1,10 @@ +{ +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +} +interfaces = 127.0.0.1 { + defined $LocalIP ? + "$LocalIP/$LocalNetmask" : + "" +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11lanmanPasswords b/root/etc/e-smith/templates/etc/smb.conf/11lanmanPasswords new file mode 100644 index 0000000..51c29fd --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11lanmanPasswords @@ -0,0 +1,5 @@ +{ + +$OUT .= "lanman auth = $smb{'LanManPasswords'}\n" if $smb{'LanManPasswords'}; + +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11logFile b/root/etc/e-smith/templates/etc/smb.conf/11logFile new file mode 100644 index 0000000..7b26cf3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11logFile @@ -0,0 +1,5 @@ +{ +# this tells Samba to use a separate log file for each machine +# that connects +} +log file = /var/log/samba/log.%m diff --git a/root/etc/e-smith/templates/etc/smb.conf/11logonDrive b/root/etc/e-smith/templates/etc/smb.conf/11logonDrive new file mode 100644 index 0000000..28b8263 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11logonDrive @@ -0,0 +1,4 @@ +{ + $drive = $smb{LogonDrive} || 'Z'; + return "logon drive = ${drive}:"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11logonHome b/root/etc/e-smith/templates/etc/smb.conf/11logonHome new file mode 100644 index 0000000..2e364dd --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11logonHome @@ -0,0 +1,20 @@ +{ +# Where to store roving profiles +# %L substitutes for this logon servers name +# %N substitutes for this servers netbios name +# %U is username +# WinNT/W2K uses logon path +# Win9x uses logon home + + return "" unless $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$}; + + my $roamingProfiles = $smb{RoamingProfiles} || "no"; + + my $default = ($roamingProfiles eq "yes") ? '\\\%L\%U\._winprofile' : ''; + + my $logonHome = $smb{LogonHome} || $default; + + return "" unless $logonHome; + + return "logon home = $logonHome"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11logonPath b/root/etc/e-smith/templates/etc/smb.conf/11logonPath new file mode 100644 index 0000000..a048556 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11logonPath @@ -0,0 +1,18 @@ +{ +# Where to store roving profiles +# %L substitutes for this logon servers name +# %N substitutes for this servers netbios name +# %U is username +# WinNT/W2K uses logon path +# Win9x uses logon home + + return "" unless $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$}; + + my $roamingProfiles = $smb{RoamingProfiles} || "no"; + + my $default = ($roamingProfiles eq "yes") ? '\\\%L\Profiles\%U' : ''; + + my $logonPath = $smb{LogonPath} || $default; + + return "logon path = $logonPath"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11logonScript b/root/etc/e-smith/templates/etc/smb.conf/11logonScript new file mode 100644 index 0000000..eb6787c --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11logonScript @@ -0,0 +1,12 @@ +{ +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +# ; logon script = %m.bat\n +# run a specific logon batch file per username +# ; logon script = %U.bat\n\n"; + + return "" unless $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$}; + + 'logon script = netlogon.bat'; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11mapToGuest b/root/etc/e-smith/templates/etc/smb.conf/11mapToGuest new file mode 100644 index 0000000..aeb16bd --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11mapToGuest @@ -0,0 +1,5 @@ +{ +# If unknown user logs in, treat as guest. (In older versions of +# Samba this was a compile-time option.) +} +map to guest = never diff --git a/root/etc/e-smith/templates/etc/smb.conf/11maxLogSize b/root/etc/e-smith/templates/etc/smb.conf/11maxLogSize new file mode 100644 index 0000000..3bf80ad --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11maxLogSize @@ -0,0 +1,4 @@ +{ +# Put a capping on the size of the log files (in Kb). +} +max log size = 50 diff --git a/root/etc/e-smith/templates/etc/smb.conf/11maxProtocol b/root/etc/e-smith/templates/etc/smb.conf/11maxProtocol new file mode 100644 index 0000000..050944e --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11maxProtocol @@ -0,0 +1,27 @@ +{ +# Normally this should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropiate protocol. + $OUT = ""; + our %ProtocolOrder = ( CORE => 1, # samba client default without explicit option; not available for server + COREPLUS => 2, # not available for server + LANMAN1 => 3, #samba server default without explicit option + LANMAN2 => 4, + NT1 => 5, # CIFS or SMB1 + SMB2_02 => 6, + SMB2_10 => 7, + SMB2 => 7, # yes SMB2 default to 2_10 + SMB2_22 => 8, + SMB2_24 => 9, + SMB3_00 => 10, + SMB3_02 => 11, + SMB3_10 => 12, + SMB3_11 => 13, + 'SMB3' => 13 # yes SMB3 default to SMB3_11 + ); + $clientMaxProt = $smb{ClientMaxProtocol} || "SMB3"; + $serverMaxProt = $smb{ServerMaxProtocol} || "SMB3"; + #checking option is possible + $clientMaxProt = ( exists($ProtocolOrder{$clientMaxProt}) ) ? $clientMaxProt : "SMB3"; + $serverMaxProt = ( exists($ProtocolOrder{$serverMaxProt}) && $ProtocolOrder{$serverMaxProt} >= 3) ? $serverMaxProt : "SMB3"; + $OUT .= "client max protocol = $clientMaxProt\n"; + $OUT .= "server max protocol = $serverMaxProt"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11minProtocol b/root/etc/e-smith/templates/etc/smb.conf/11minProtocol new file mode 100644 index 0000000..1222314 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11minProtocol @@ -0,0 +1,16 @@ +{ +# Normally this should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropiate protocol. + $OUT = ""; + $clientMinProt = $smb{ClientMinProtocol} || "SMB2"; + $serverMinProt = $smb{ServerMinProtocol} || "SMB2"; + $clientMinProt = ( exists($ProtocolOrder{$clientMinProt}) ) ? $clientMinProt : "SMB2"; + $serverMinProt = ( exists($ProtocolOrder{$serverMinProt}) && $ProtocolOrder{$serverMinProt} >= 3) ? $serverMinProt : "SMB3"; + #checking min prot is not higher + $clientMinProt = ( $ProtocolOrder{$clientMaxProt} >= $ProtocolOrder{$clientMinProt} ) ? $clientMinProt : $clientMaxProt; + $serverMinProt = ( $ProtocolOrder{$serverMaxProt} >= $ProtocolOrder{$serverMinProt} ) ? $serverMinProt : $serverMaxProt; + + $OUT .= "client min protocol = $clientMinProt\n"; + $OUT .= "server min protocol = $serverMinProt"; + +} + diff --git a/root/etc/e-smith/templates/etc/smb.conf/11nameResolveOrder b/root/etc/e-smith/templates/etc/smb.conf/11nameResolveOrder new file mode 100644 index 0000000..12106b7 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11nameResolveOrder @@ -0,0 +1,14 @@ +{ +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +} +name resolve order = wins lmhosts bcast diff --git a/root/etc/e-smith/templates/etc/smb.conf/11netbiosName b/root/etc/e-smith/templates/etc/smb.conf/11netbiosName new file mode 100644 index 0000000..a516b51 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11netbiosName @@ -0,0 +1,4 @@ +{ +# this sets the NetBIOS name by which a Samba server is known +} +netbios name = { $smb{ServerName} } diff --git a/root/etc/e-smith/templates/etc/smb.conf/11oplocks b/root/etc/e-smith/templates/etc/smb.conf/11oplocks new file mode 100644 index 0000000..f52595a --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11oplocks @@ -0,0 +1,10 @@ +{ + my $oplocks = (($smb{OpLocks} || 'enabled') eq 'enabled') + ? 'true' : 'false'; + + $OUT =< + return "" unless $smb{ServerRole} =~ m{^(DM|ADM)$}; + + return "password server = $SMB_WINSServer"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11pidDirectory b/root/etc/e-smith/templates/etc/smb.conf/11pidDirectory new file mode 100644 index 0000000..07acb78 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11pidDirectory @@ -0,0 +1 @@ +pid directory = /run diff --git a/root/etc/e-smith/templates/etc/smb.conf/11preferredMaster b/root/etc/e-smith/templates/etc/smb.conf/11preferredMaster new file mode 100644 index 0000000..09d9f14 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11preferredMaster @@ -0,0 +1,3 @@ +{ + "preferred master = " . ( $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$} ? "yes" : "auto" ); +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11preserveCase b/root/etc/e-smith/templates/etc/smb.conf/11preserveCase new file mode 100644 index 0000000..240821f --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11preserveCase @@ -0,0 +1,5 @@ +{ +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +} +preserve case = yes diff --git a/root/etc/e-smith/templates/etc/smb.conf/11privateDir b/root/etc/e-smith/templates/etc/smb.conf/11privateDir new file mode 100644 index 0000000..03263a8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11privateDir @@ -0,0 +1 @@ +private dir = /etc/samba diff --git a/root/etc/e-smith/templates/etc/smb.conf/11remoteAnnounce b/root/etc/e-smith/templates/etc/smb.conf/11remoteAnnounce new file mode 100644 index 0000000..00212d0 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11remoteAnnounce @@ -0,0 +1,7 @@ +{ +# Cause this host to announce itself to local subnets here +# ; remote announce = 192.168.1.255 192.168.2.44 + return "" unless defined $SMB_WINSServer and $SMB_WINSServer ne $LocalIP; + + return "remote announce = $SMB_WINSServer"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11remoteBrowseSync b/root/etc/e-smith/templates/etc/smb.conf/11remoteBrowseSync new file mode 100644 index 0000000..9c7a623 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11remoteBrowseSync @@ -0,0 +1,9 @@ +{ +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +# ; remote browse sync = 192.168.3.25 192.168.5.255 + return "" unless defined $SMB_WINSServer and $SMB_WINSServer ne $LocalIP; + + return "remote browse sync = $SMB_WINSServer"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11security b/root/etc/e-smith/templates/etc/smb.conf/11security new file mode 100644 index 0000000..cda918b --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11security @@ -0,0 +1,13 @@ +{ +# Security mode. Most people will want user level security. See +# security_level.txt for details. +} +security = { + if ($smb{ServerRole} eq "DM") { + "domain"; + } elsif ($smb{ServerRole} eq "ADS") { + "ADS"; + } else { + "user"; + } +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11serverString b/root/etc/e-smith/templates/etc/smb.conf/11serverString new file mode 100644 index 0000000..3bc5d67 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11serverString @@ -0,0 +1,7 @@ +{ +# server string is the equivalent of the NT Description field + + my $server_string = $smb{ServerString} || 'SME Server'; + + "server string = $server_string"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11shortPreserveCase b/root/etc/e-smith/templates/etc/smb.conf/11shortPreserveCase new file mode 100644 index 0000000..318d3b8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11shortPreserveCase @@ -0,0 +1 @@ +short preserve case = yes diff --git a/root/etc/e-smith/templates/etc/smb.conf/11smbPasswdFile b/root/etc/e-smith/templates/etc/smb.conf/11smbPasswdFile new file mode 100644 index 0000000..1c5c980 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11smbPasswdFile @@ -0,0 +1 @@ +smb passwd file = /etc/samba/smbpasswd diff --git a/root/etc/e-smith/templates/etc/smb.conf/11smbPorts b/root/etc/e-smith/templates/etc/smb.conf/11smbPorts new file mode 100644 index 0000000..20ba849 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11smbPorts @@ -0,0 +1,7 @@ +{ + my $smb_ports = $smb{SMBPorts} || "139 445"; + + $smb_ports = "$smb_ports 445" unless ( $smb_ports =~ /445/ || $ProtocolOrder{$serverMaxProt} <= 5 ); + + "smb ports = $smb_ports"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11socketOptions b/root/etc/e-smith/templates/etc/smb.conf/11socketOptions new file mode 100644 index 0000000..4f10f1e --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11socketOptions @@ -0,0 +1,5 @@ +{ +# Most people will find that this option gives better performance. +# See speed.txt and the manual pages for details +} +socket options = TCP_NODELAY diff --git a/root/etc/e-smith/templates/etc/smb.conf/11strictLocking b/root/etc/e-smith/templates/etc/smb.conf/11strictLocking new file mode 100644 index 0000000..5edf6c1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11strictLocking @@ -0,0 +1,5 @@ +{ +# This is a boolean that controls the handling of file locking in the +# server. +} +strict locking = no diff --git a/root/etc/e-smith/templates/etc/smb.conf/11unixCharSet b/root/etc/e-smith/templates/etc/smb.conf/11unixCharSet new file mode 100644 index 0000000..f1fdaee --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11unixCharSet @@ -0,0 +1,5 @@ +{ + my $UnixCharSet = $smb{'UnixCharSet'} || "UTF8"; + + "unix charset = $UnixCharSet"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync b/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync new file mode 100644 index 0000000..2cde6fc --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync @@ -0,0 +1,27 @@ +{ +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. + + if ( ($ldap{Authentication} || 'disabled') eq 'enabled') + { + $OUT .= < 'shadow', + posix_eadb => 'posix' + }; + + $OUT = "vfs objects = " . (join " ", keys %$vfs) . "\n"; + foreach $mod (keys %$vfs) { + $mod2 = $vfs_module_prefix_map->{$mod} || $mod; + foreach $opt (keys %{$vfs->{$mod}}) { + $OUT .= " $mod2:$opt=$vfs->{$mod}->{$opt}\n"; + } + } +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/61Profilesshare b/root/etc/e-smith/templates/etc/smb.conf/61Profilesshare new file mode 100644 index 0000000..47da8e1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/61Profilesshare @@ -0,0 +1,18 @@ +{ +# This is the WinNT/W2K Profiles share +# WinNT/W2K profiles are stored in /home/e-smith/files/samba/profiles/~user +# Win9x profiles are stored in ~user/._winprofile + return "" + unless ($smb{RoamingProfiles} eq "yes"); + + $OUT .= <open_ro(); + + foreach my $ibay ($adb->ibays) + { + $OUT .= esmith::templates::processTemplate ( + { + MORE_DATA => { + ibay => $ibay, + }, + TEMPLATE_PATH => "/etc/smb.conf/ibays", + OUTPUT_TYPE => 'string', + }); + } +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/00Setup b/root/etc/e-smith/templates/etc/smb.conf/ibays/00Setup new file mode 100644 index 0000000..bc89da2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/00Setup @@ -0,0 +1,11 @@ +{ + use esmith::AccountsDB; + # Convert the passed hash for the ibay object back into an object. + $ibay = bless \%ibay, 'esmith::DB::db::Record'; + + $key = $ibay->key; + $OUT .= "\n[$key]\n"; + $OUT .= "comment = " . $ibay->prop('Name'); + + $ibay_vfs = (); +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/10recyclebin b/root/etc/e-smith/templates/etc/smb.conf/ibays/10recyclebin new file mode 100644 index 0000000..5c55dfb --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/10recyclebin @@ -0,0 +1,12 @@ +{ + $OUT = ""; + return unless (($ibay->prop('RecycleBin') || 'disabled') eq 'enabled'); + + $ibay_vfs->{recycle}->{versions} = ($ibay->prop('KeepVersions') || 'disabled') eq 'enabled' ? "True" : "False"; + $ibay_vfs->{recycle}->{repository} = "Recycle Bin"; + $ibay_vfs->{recycle}->{keeptree} = "True"; + $ibay_vfs->{recycle}->{touch} = "True"; + $ibay_vfs->{recycle}->{exclude} = "*.tmp,*.temp,*.o,*.obj,~\$*,.~lock.*"; + $ibay_vfs->{recycle}->{exclude_dir} = "tmp,temp,cache"; + $ibay_vfs->{recycle}->{directory_mode} = "0770"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/10shadowcopy b/root/etc/e-smith/templates/etc/smb.conf/ibays/10shadowcopy new file mode 100644 index 0000000..115c784 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/10shadowcopy @@ -0,0 +1,9 @@ +{ + $OUT = ""; + return if (($smb{'ShadowCopy'} || 'disabled') eq 'disabled'); + return if (($ibay->prop('ShadowCopy') || 'enabled') eq 'disabled'); + + $ibay_vfs->{shadow_copy2}->{snapdir} = $smb{ShadowDir} || '/home/e-smith/files/.shadow'; + $ibay_vfs->{shadow_copy2}->{basedir} = "/home/e-smith/files"; + $ibay_vfs->{shadow_copy2}->{fixinodes} = 'yes'; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit b/root/etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit new file mode 100644 index 0000000..b8ca71b --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit @@ -0,0 +1,12 @@ +{ + $OUT = ""; + return unless (($ibay->prop('Audit') || 'disabled') eq 'enabled'); + + $ibay_vfs->{full_audit}->{prefix} = "%u|%I|%S"; + $ibay_vfs->{full_audit}->{failure} = "connect"; + $ibay_vfs->{full_audit}->{success} = "opendir mkdir rmdir open write rename unlink"; + $ibay_vfs->{full_audit}->{facility} = "local5"; + $ibay_vfs->{full_audit}->{priority} = "notice"; +} + + diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/15path b/root/etc/e-smith/templates/etc/smb.conf/ibays/15path new file mode 100644 index 0000000..a0bed40 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/15path @@ -0,0 +1,12 @@ +{ + #--------------------------------------- + # If no public access, have the share go directly to the files + # subdirectory (for easier drive mappings) + # Otherwise, have the share mapping show all three subfolders + #--------------------------------------- + $OUT .= "path = /home/e-smith/files/ibays/$key"; + if ($ibay->prop('PublicAccess') eq 'none') + { + $OUT .= "/files"; + } +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/20readonly b/root/etc/e-smith/templates/etc/smb.conf/ibays/20readonly new file mode 100644 index 0000000..2bb0dfc --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/20readonly @@ -0,0 +1,3 @@ +{ + $OUT .= "read only = no"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/20writable b/root/etc/e-smith/templates/etc/smb.conf/ibays/20writable new file mode 100644 index 0000000..cc14ad5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/20writable @@ -0,0 +1,3 @@ +{ + $OUT .= "writable = yes"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/25printable b/root/etc/e-smith/templates/etc/smb.conf/ibays/25printable new file mode 100644 index 0000000..73ea073 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/25printable @@ -0,0 +1,3 @@ +{ + $OUT .= "printable = no"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/30permissions b/root/etc/e-smith/templates/etc/smb.conf/ibays/30permissions new file mode 100644 index 0000000..c52e5ea --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/30permissions @@ -0,0 +1,12 @@ +{ + # Make the defaults really stupid + my %perms = ( + 'wr-admin-rd-group' => '0640', + 'wr-group-rd-group' => '0660', + 'wr-group-rd-everyone' => '0664', + ); + my $fmode = $perms{$ibay->prop('UserAccess')} || "0000"; + + $OUT .= "inherit permissions = yes\n"; + $OUT .= "create mode = $fmode"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/35cscPolicy b/root/etc/e-smith/templates/etc/smb.conf/ibays/35cscPolicy new file mode 100644 index 0000000..c5a0ae1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/35cscPolicy @@ -0,0 +1,4 @@ +{ + $policy = $ibay->prop('cscPolicy') || return ''; + $OUT = "csc policy = $policy"; +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/40browseable b/root/etc/e-smith/templates/etc/smb.conf/ibays/40browseable new file mode 100644 index 0000000..4892c49 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/40browseable @@ -0,0 +1,5 @@ +{ + if ( ($ibay->prop('Browseable') || 'yes') eq 'disabled') { + $OUT .= "browseable = no\n"; + } +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/40vetoOplock b/root/etc/e-smith/templates/etc/smb.conf/ibays/40vetoOplock new file mode 100644 index 0000000..f22a8b9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/40vetoOplock @@ -0,0 +1,9 @@ +{ + if ( ($ibay->prop('OpLocks') || 'enabled') eq 'disabled') { + $OUT .= "oplocks = no\n"; + $OUT .= "level2 oplocks = no"; + } else { + $vetofiles = $ibay->prop('VetoOplockFiles') || return ''; + $OUT = "veto oplock files = $vetofiles"; + } +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/90vfs b/root/etc/e-smith/templates/etc/smb.conf/ibays/90vfs new file mode 100644 index 0000000..7831922 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/90vfs @@ -0,0 +1,16 @@ +{ + return "" unless scalar keys %$ibay_vfs; + + my $vfs_module_prefix_map = { + shadow_copy2 => 'shadow', + posix_eadb => 'posix' + }; + + $OUT = "vfs objects = " . (join " ", keys %$ibay_vfs) . "\n"; + foreach $mod (keys %$ibay_vfs) { + $mod2 = $vfs_module_prefix_map->{$mod} || $mod; + foreach $opt (keys %{$ibay_vfs->{$mod}}) { + $OUT .= " $mod2:$opt=$ibay_vfs->{$mod}->{$opt}\n"; + } + } +} diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/91execute b/root/etc/e-smith/templates/etc/smb.conf/ibays/91execute new file mode 100644 index 0000000..5ce0a6a --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/ibays/91execute @@ -0,0 +1,6 @@ + +{ + $OUT = ""; + $OUT .= "acl allow execute always = yes\n" if ( ( $ibay->prop('AllowExecute') || 'disabled') eq "enabled" ); +} + diff --git a/root/etc/e-smith/templates/etc/smb.conf/ibays/template-begin b/root/etc/e-smith/templates/etc/smb.conf/ibays/template-begin new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/tests/.gitignore b/root/etc/e-smith/tests/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/web/functions/workgroup b/root/etc/e-smith/web/functions/workgroup new file mode 100644 index 0000000..719d133 --- /dev/null +++ b/root/etc/e-smith/web/functions/workgroup @@ -0,0 +1,148 @@ +#!/usr/bin/perl -wT +# vim: ft=xml: +#---------------------------------------------------------------------- +# heading : Configuration +# description : Workgroup +# navigation : 6000 6200 +# +# Copyright (c) 2001 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from e-smith, inc. +# Please visit our web site www.e-smith.com for details. +#---------------------------------------------------------------------- + + + +use strict; +use esmith::FormMagick::Panel::workgroup; +my $f = esmith::FormMagick::Panel::workgroup->new(); +$f->display(); + +=head1 TESTING + +=begin testing + +use esmith::FormMagick::Tester; +use esmith::TestUtils; +use esmith::ConfigDB; + +my $panel = 'workgroup'; +my $panel_path = "/etc/e-smith/web/functions/".$panel; +my $ua = esmith::FormMagick::Tester->new(); + +is (mode($panel_path), '4750', "Check permissions on script"); +my @stat = stat($panel_path); +is (getpwuid($stat[4]), 'root', "File is owned by root"); +is (getgrgid($stat[5]), 'admin', "File is owned by group admin"); +ok ($ua->get_panel($panel), "ABOUT TO RUN L10N TESTS"); +is ($ua->{status}, 200, "200 OK"); +like($ua->{content}, qr/FORM_TITLE/, "Saw untranslated form title"); +ok ($ua->set_language("en-us"), "Set language to U.S. English"); +ok ($ua->get_panel($panel), "Get panel"); +is ($ua->{status}, 200, "200 OK"); +like($ua->{content}, qr/Change workgroup settings/, "Saw translated form title"); + +# +# Testing password changing + +my $new_pass = "default"; + +ok ($ua->get_panel($panel), "Testing panel retrieval"); +can_ok($ua, "field"); +ok ($ua->{form}->find_input('Workgroup'), + 'Finding the Samba Workgroup field'); +ok ($ua->{form}->find_input('RoamingProfiles'), + 'Finding the Samba RoamingProfiles field'); +ok ($ua->{form}->find_input('ServerName'), + 'Finding the Samba ServerName field'); +ok ($ua->{form}->find_input('ServerRole'), + 'Finding the Samba ServerRole field'); + +SKIP: { + skip 7, "Unsafe!" unless destruction_ok(); + + $ua->field('Workgroup' => 'foo'); + $ua->field('RoamingProfiles' => 'yes'); + $ua->field('ServerName' => 'Blah'); + $ua->field('ServerRole' => 'PDC'); + + + ok ($ua->click("Save"), "Click Save"); + is ($ua->{status}, 200, "200 OK"); + like($ua->{content}, qr/settings have been saved/, "Saw validation messages"); + +# Gotta open this later, so we don't cache stale data + my $db = esmith::ConfigDB->open; + + is ($db->get('smb')->value('Workgroup'), 'foo', 'Validated value for Samba Workgroup'); + is ($db->get('smb')->prop('RoamingProfiles'), 'yes', 'Validated value for Samba RoamingProfiles'); + is ($db->get('smb')->prop('ServerName'), 'Blah', 'Validated value for Samba ServerName'); + is ($db->get('smb')->prop('ServerRole'), 'PDC', 'Validated value for Samba ServerRole'); +} + +ok ($ua->get_panel($panel), "Testing panel retrieval"); +$ua->field('Workgroup' => 'foo'); +$ua->field('ServerName' => 'foo'); +ok ($ua->click("Save"), "Click Save"); +is ($ua->{status}, 200, "200 OK"); +like($ua->{content}, qr/server and workgroup names match/, "Saw error messages for matching server and wg names"); + +ok ($ua->get_panel($panel), "Testing panel retrieval"); +$ua->field('Workgroup' => 'f!oo'); +$ua->field('ServerName' => 'f!oo'); +ok ($ua->click("Save"), "Click Save"); +is ($ua->{status}, 200, "200 OK"); +like($ua->{content}, qr/server name must begin with a letter/, "Saw error messages bad server name"); +like($ua->{content}, qr/workgroup name must begin with a letter/, "Saw error messages for bad wg name"); +=end testing + +=cut + +__DATA__ +
+ + + + DESC_WORKGROUP + + + + + DESC_SERVERNAME + + + + DESC_PDC + + + + + + DESC_ROAM + + + + +
diff --git a/root/etc/e-smith/web/panels/manager/cgi-bin/.gitignore b/root/etc/e-smith/web/panels/manager/cgi-bin/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/logrotate.d/samba-sme b/root/etc/logrotate.d/samba-sme new file mode 100644 index 0000000..9737a9d --- /dev/null +++ b/root/etc/logrotate.d/samba-sme @@ -0,0 +1,8 @@ +/var/log/nmbd/nmbd.log /var/log/smbd/smbd.log { + notifempty + olddir /var/log/samba/old + missingok + sharedscripts + copytruncate +} + diff --git a/root/home/e-smith/files/.shadow/.gitignore b/root/home/e-smith/files/.shadow/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/home/e-smith/files/samba/netlogon/netlogon.bat b/root/home/e-smith/files/samba/netlogon/netlogon.bat new file mode 100644 index 0000000..82e013a --- /dev/null +++ b/root/home/e-smith/files/samba/netlogon/netlogon.bat @@ -0,0 +1,5 @@ +REM To set the time when clients logon to the domain: +REM net time \\servername /set /yes +REM +REM To map a home directory to drive h: +REM net use h: /home diff --git a/root/home/e-smith/files/samba/printers/W32ALPHA/.gitignore b/root/home/e-smith/files/samba/printers/W32ALPHA/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/home/e-smith/files/samba/printers/W32MIPS/.gitignore b/root/home/e-smith/files/samba/printers/W32MIPS/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/home/e-smith/files/samba/printers/W32PPC/.gitignore b/root/home/e-smith/files/samba/printers/W32PPC/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/home/e-smith/files/samba/printers/W32X86/.gitignore b/root/home/e-smith/files/samba/printers/W32X86/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/home/e-smith/files/samba/printers/WIN40/.gitignore b/root/home/e-smith/files/samba/printers/WIN40/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/home/e-smith/files/samba/profiles/.gitignore b/root/home/e-smith/files/samba/profiles/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/home/e-smith/files/server-resources/regedit/win10samba.reg b/root/home/e-smith/files/server-resources/regedit/win10samba.reg new file mode 100644 index 0000000..a46654c --- /dev/null +++ b/root/home/e-smith/files/server-resources/regedit/win10samba.reg @@ -0,0 +1,23 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] +"DNSNameResolutionRequired"=dword:00000000 +"DomainCompatibilityMode"=dword:00000001 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] +"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters] +"UseProfilePathExtensionVersion"=dword:00000001 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] +"SlowLinkDetectEnabled"=dword:00000000 +"DeleteRoamingCache"=dword:00000001 +"WaitForNetwork"=dword:00000000 +"CompatibleRUPSecurity"=dword:00000001 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb] +"ProtectionPolicy"=dword:00000001 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] +"NetJoinLegacyAccountReuse"=dword:00000001 diff --git a/root/home/e-smith/files/server-resources/regedit/win7samba.reg b/root/home/e-smith/files/server-resources/regedit/win7samba.reg new file mode 100644 index 0000000..5cf93bd --- /dev/null +++ b/root/home/e-smith/files/server-resources/regedit/win7samba.reg @@ -0,0 +1,5 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] +"DNSNameResolutionRequired"=dword:00000000 +"DomainCompatibilityMode"=dword:00000001 diff --git a/root/home/e-smith/files/server-resources/regedit/win8samba.reg b/root/home/e-smith/files/server-resources/regedit/win8samba.reg new file mode 100644 index 0000000..36411ae --- /dev/null +++ b/root/home/e-smith/files/server-resources/regedit/win8samba.reg @@ -0,0 +1,8 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] +"DNSNameResolutionRequired"=dword:00000000 +"DomainCompatibilityMode"=dword:00000001 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters] +"UseProfilePathExtensionVersion"=dword:00000001 diff --git a/root/home/e-smith/files/server-resources/regedit/windows_samba_performance.reg b/root/home/e-smith/files/server-resources/regedit/windows_samba_performance.reg new file mode 100644 index 0000000..dd33332 --- /dev/null +++ b/root/home/e-smith/files/server-resources/regedit/windows_samba_performance.reg @@ -0,0 +1,7 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] +"SlowLinkDetectEnabled"=dword:00000000 +"DeleteRoamingCache"=dword:00000001 +"WaitForNetwork"=dword:00000000 +"CompatibleRUPSecurity"=dword:00000001 diff --git a/root/home/e-smith/files/server-resources/regedit/winxplogon.reg b/root/home/e-smith/files/server-resources/regedit/winxplogon.reg new file mode 100644 index 0000000..2a040ba --- /dev/null +++ b/root/home/e-smith/files/server-resources/regedit/winxplogon.reg @@ -0,0 +1,5 @@ +REGEDIT4 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters] +"RequireSignOrSeal"=dword:00000000 + diff --git a/root/sbin/e-smith/samba_check_password b/root/sbin/e-smith/samba_check_password new file mode 100644 index 0000000..a23f0e8 --- /dev/null +++ b/root/sbin/e-smith/samba_check_password @@ -0,0 +1,18 @@ +#!/usr/bin/perl -T + +use strict; +use warnings; +use esmith::ConfigDB; +use esmith::util; + +our $db = esmith::ConfigDB->open or + die "Couldn't open configuration database (permissions problems?)"; + +my $strength = $db->get_prop('passwordstrength', 'Users'); +my $password = <>; +chomp $password; + +my $reason = esmith::util::validatePassword($password, $strength); + +exit 0 if (lc($reason) eq "ok"); +exit 1; diff --git a/root/sbin/e-smith/systemd/nmbd-prepare b/root/sbin/e-smith/systemd/nmbd-prepare new file mode 100644 index 0000000..3200798 --- /dev/null +++ b/root/sbin/e-smith/systemd/nmbd-prepare @@ -0,0 +1,31 @@ +#!/bin/sh + +# Source networking configuration. +. /etc/sysconfig/network + +#if [ -f /etc/sysconfig/samba ]; then +# . /etc/sysconfig/samba +#fi +# We currently don't care about /etc/sysconfig/samba, but that may change. + +status=$(/sbin/e-smith/config getprop smb status) +if [ "$status" = "disabled" ] +then + /sbin/e-smith/config setprop nmbd status disabled + exit 1 +fi + +nmbd=/usr/sbin/nmbd + +[ -f $nmbd ] || exit 1 + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 1 + +# Check that smb.conf exists. +[ -f /etc/samba/smb.conf ] || exit 1 + +# Check that we can write to it... so non-root users stop here +[ -w /etc/samba/smb.conf ] || exit 1 + +exit 0 diff --git a/root/sbin/e-smith/systemd/smbd-prepare b/root/sbin/e-smith/systemd/smbd-prepare new file mode 100644 index 0000000..064c4d3 --- /dev/null +++ b/root/sbin/e-smith/systemd/smbd-prepare @@ -0,0 +1,43 @@ +#!/bin/sh + +# Source networking configuration. +. /etc/sysconfig/network + +#if [ -f /etc/sysconfig/samba ]; then +# . /etc/sysconfig/samba +#fi +# We currently don't care about /etc/sysconfig/samba, but that may change. + +ldapauth=$(/sbin/e-smith/config getprop ldap Authentication || echo disabled) + +status=$(/sbin/e-smith/config getprop smb status) +if [ "$status" = "disabled" ] +then + /sbin/e-smith/config setprop smbd status disabled + exit 1 +fi + +smbd=/usr/sbin/smbd + +[ -f $smbd ] || exit 1 + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 1 + +# Check that smb.conf exists. +[ -f /etc/samba/smb.conf ] || exit 1 + +# Check that we can write to it... so non-root users stop here +[ -w /etc/samba/smb.conf ] || exit 1 + +# Delete the printing.tdb file if it exists to force it to rebuild. +rm -f /var/cache/samba/printing.tdb + +# Backup critical tdb files +for tdb in /etc/samba/*.tdb \ + /var/lib/samba/*.tdb +do + [ -r "$tdb" ] && tdbbackup -l "$tdb" .bak +done + +exit 0 diff --git a/root/usr/lib/systemd/system/nmb.service.d/50koozali.conf b/root/usr/lib/systemd/system/nmb.service.d/50koozali.conf new file mode 100644 index 0000000..7fd0a90 --- /dev/null +++ b/root/usr/lib/systemd/system/nmb.service.d/50koozali.conf @@ -0,0 +1,10 @@ +# disabled as conlfict with KOOZALI SME SERVER samba +[Service] +Type=oneshot +ExecStart= +ExecStart=/bin/false +ExecReload= + +[Install] +WantedBy= + diff --git a/root/usr/lib/systemd/system/nmbd.service b/root/usr/lib/systemd/system/nmbd.service new file mode 100644 index 0000000..7c08422 --- /dev/null +++ b/root/usr/lib/systemd/system/nmbd.service @@ -0,0 +1,23 @@ +[Unit] +# When systemd stops or restarts the smb.service, the action is propagated to this unit +PartOf=smb.service +# Start this unit after the smb.service start +After=smb.service + +[Service] +Type=notify +NotifyAccess=all +PIDFile=/run/nmbd.pid +EnvironmentFile=-/etc/sysconfig/samba +ExecStartPre=/sbin/e-smith/service-status nmbd +ExecStartPre=-/sbin/e-smith/expand-template /etc/samba/smb.conf +ExecStartPre=-/sbin/e-smith/expand-template /etc/samba/smbusers +ExecStartPre=/sbin/e-smith/systemd/nmbd-prepare +ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS +ExecReload=/bin/kill -HUP $MAINPID +LimitCORE=infinity +Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba +Restart=always + +[Install] +WantedBy=sme-server.target diff --git a/root/usr/lib/systemd/system/smb.service.d/50koozali.conf b/root/usr/lib/systemd/system/smb.service.d/50koozali.conf new file mode 100644 index 0000000..3667eb5 --- /dev/null +++ b/root/usr/lib/systemd/system/smb.service.d/50koozali.conf @@ -0,0 +1,25 @@ +[Unit] +Description=Samba SMB Daemon global service for Koozali SME Server + +[Service] +Type=oneshot +#NotifyAccess= +#PIDFile= +#LimitNOFILE= +#EnvironmentFile= +ExecStartPre=/sbin/e-smith/service-status smb +ExecStartPre=-/sbin/e-smith/expand-template /etc/samba/smb.conf +ExecStartPre=-/sbin/e-smith/expand-template /etc/samba/smbusers +ExecStart= +# Execute a dummy program +ExecStart=/bin/true + +ExecReload= +#LimitCORE= +# This service shall be considered active after start +RemainAfterExit=yes + +[Install] +WantedBy= +WantedBy=sme-server.target + diff --git a/root/usr/lib/systemd/system/smbd.service b/root/usr/lib/systemd/system/smbd.service new file mode 100644 index 0000000..fa0d819 --- /dev/null +++ b/root/usr/lib/systemd/system/smbd.service @@ -0,0 +1,28 @@ +[Unit] +Description=Samba SMB Daemon +Documentation=man:smbd(8) man:samba(7) man:smb.conf(5) +Wants=network-online.target +After=network.target network-online.target nmb.service winbind.service +# When systemd stops or restarts the smb.service, the action is propagated to this unit +PartOf=smb.service +# Start this unit after the smb.service start +After=smb.service + +[Service] +Type=notify +NotifyAccess=all +PIDFile=/run/smbd.pid +LimitNOFILE=16384 +EnvironmentFile=-/etc/sysconfig/samba +ExecStartPre=/sbin/e-smith/service-status smbd +ExecStartPre=-/sbin/e-smith/expand-template /etc/samba/smb.conf +ExecStartPre=-/sbin/e-smith/expand-template /etc/samba/smbusers +ExecStartPre=/sbin/e-smith/systemd/smbd-prepare +ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS +ExecReload=/bin/kill -HUP $MAINPID +LimitCORE=infinity +Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba +Restart=always + +[Install] +WantedBy=sme-server.target diff --git a/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/workgroup.pm b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/workgroup.pm new file mode 100755 index 0000000..34cee61 --- /dev/null +++ b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/workgroup.pm @@ -0,0 +1,196 @@ +#!/usr/bin/perl -w + +# +# $Id: workgroup.pm,v 1.4 2002/05/28 19:22:13 skud Exp $ +# + +package esmith::FormMagick::Panel::workgroup; + +use strict; +use esmith::ConfigDB; +use esmith::FormMagick; +use esmith::util; +use File::Basename; +use Exporter; +use Carp; + +our @ISA = qw(esmith::FormMagick Exporter); + +our @EXPORT = qw( validate_workgroup validate_servername change_settings + get_value get_prop +); + + + +our $VERSION = sprintf '%d.%03d', q$Revision: 1.4 $ =~ /: (\d+).(\d+)/; +our $db = esmith::ConfigDB->open; + + +# {{{ header + +=pod + +=head1 NAME + +esmith::FormMagick::Panels::workgroup - useful panel functions + +=head1 SYNOPSIS + + use esmith::FormMagick::Panels::workgroup; + + my $panel = esmith::FormMagick::Panel::workgroup->new(); + $panel->display(); + +=head1 DESCRIPTION + +=cut + +# {{{ new + +=head2 new(); + +Exactly as for esmith::FormMagick + +=begin testing + + +use_ok('esmith::FormMagick::Panel::workgroup'); +use vars qw($panel); +ok($panel = esmith::FormMagick::Panel::workgroup->new(), "Create panel object"); +isa_ok($panel, 'esmith::FormMagick::Panel::workgroup'); + +=end testing + +=cut + + + +sub new { + shift; + my $self = esmith::FormMagick->new(); + $self->{calling_package} = (caller)[0]; + bless $self; + return $self; +} + +# }}} + +=head2 get_prop ITEM PROP + +A simple accessor for esmith::ConfigDB::Record::prop + +=cut + +sub get_prop { + my $fm = shift; + my $item = shift; + my $prop = shift; + return $db->get($item)->prop($prop); +} + +=head2 get_value ITEM + +A simple accessor for esmith::ConfigDB::Record::value + +=cut + +sub get_value { + my $fm = shift; + my $item = shift; + return ($db->get('smb')->prop($item)); +} + +# {{{ Validation + +=head1 VALIDATION ROUTINES + +=head2 validate_servername + +Returns OK if servername is valid. + +Returns servername_VALIDATION_ERROR and pushes us back to the first page otherwise. + +=begin testing + +is(validate_servername('','foo_com'), 'OK', 'foo.com is not a valid host'); +isnt(validate_servername('','foo.com'), 'OK', 'foo.com is not a valid host'); +ok(validate_servername('','') eq 'INVALID_SERVERNAME', 'undef is not a valid host'); +ok(validate_servername('','flees ble') eq 'INVALID_SERVERNAME', '"flees ble" is not a valid host'); + + +=end testing + +=cut + +sub validate_servername { + my $fm = shift; + my $servername = shift; + + return ('OK') if ( $servername =~ /^([a-zA-Z][\-\w]*)$/ ); + + return "INVALID_SERVERNAME"; +} + +=head2 validate_workgroup + +Returns OK if workgroup is valid. + +Returns workgroup_VALIDATION_ERROR and pushes us back to the first page otherwise. + +=begin testing + +$panel->{cgi} = CGI->new(""); +ok(validate_workgroup($panel,'foo.com') eq 'OK', 'foo.com is a valid host'); +ok(validate_workgroup($panel,'') eq 'INVALID_WORKGROUP', 'undef is not a valid host'); +ok(validate_workgroup($panel,'flees ble') eq 'INVALID_WORKGROUP', '"flees ble" is not a valid host'); + + +=end testing + +=cut + +sub validate_workgroup { + my $fm = shift; + my $workgroup = lc(shift); + + my $server = lc($fm->cgi->param('ServerName')); + return "INVALID_WORKGROUP" unless ( $workgroup =~ /^([a-zA-Z0-9][\-\w\.]*)$/ ); + return 'INVALID_WORKGROUP_MATCHES_SERVERNAME' if ( $server eq $workgroup); + return ('OK'); + +} + + +# }}} + +=head1 ACTION + +=head2 change_settings + + If everything has been validated, properly, go ahead and set the new settings + +=cut + + + +sub change_settings { + my $self = shift; + my $q = $self->{'cgi'}; + + my $RoamingProfiles = ($q->param('RoamingProfiles') || 'no'); + my $ServerRole = ($q->param('ServerRole') || 'WS'); + + $db->get('smb')->set_prop('Workgroup', $q->param('Workgroup')); + $db->get('smb')->set_prop('ServerRole', $ServerRole); + $db->get('smb')->set_prop('ServerName', $q->param('ServerName')); + $db->get('smb')->set_prop("RoamingProfiles", $RoamingProfiles); + + system( "/sbin/e-smith/signal-event", "workgroup-update" ) == 0 + or return $self->error('ERROR_UPDATING'); + + return $self->success('SUCCESS'); +} + + +1; + diff --git a/root/var/log/nmbd/.gitignore b/root/var/log/nmbd/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/var/log/smbd/.gitignore b/root/var/log/smbd/.gitignore new file mode 100644 index 0000000..e69de29