smeserver/smeserver-samba
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for e-smith-samba on Sat Mar 23 16:28:38 AEDT 2024

Browse Source
This commit is contained in:
Trevor Batley
2024-03-23 16:28:38 +11:00
parent 83e7d8b945
commit d602d07ac3
199 changed files with 3955 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
root/etc/e-smith/templates/etc/krb5.conf/00usedb Normal file
View File

@@ -0,0 +1,3 @@
{
use esmith::db;
}

3
root/etc/e-smith/templates/etc/krb5.conf/02disableprofiledir Normal file
View File

@@ -0,0 +1,3 @@
# Configuration snippets may be placed in this directory as well
# See https://bugs.contribs.org/show_bug.cgi?id=11093
#includedir /etc/krb5.conf.d/

4
root/etc/e-smith/templates/etc/krb5.conf/05logging Normal file
View File

@@ -0,0 +1,4 @@
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

1
root/etc/e-smith/templates/etc/krb5.conf/10libdefaults Normal file
View File

@@ -0,0 +1 @@
[libdefaults]

6
root/etc/e-smith/templates/etc/krb5.conf/15settings Normal file
View File

@@ -0,0 +1,6 @@
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}

8
root/etc/e-smith/templates/etc/krb5.conf/20default_realm Normal file
View File

@@ -0,0 +1,8 @@
{
my $workgroup = $smb{Workgroup} || 'sme-server';
my $realm = $smb{realm} || $workgroup . "." . $DomainName;
my $default_realm = $smb{realm} || $workgroup . "." .$DomainName;
"default_realm = $default_realm";
}

5
root/etc/e-smith/templates/etc/krb5.conf/25dns_lookup_realm Normal file
View File

@@ -0,0 +1,5 @@
{
my $dns_lookup_realm = $krb5{DNSLookupRealm} || 'false';
"dns_lookup_realm = $dns_lookup_realm";
}

5
root/etc/e-smith/templates/etc/krb5.conf/30dns_lookup_kdc Normal file
View File

@@ -0,0 +1,5 @@
{
my $dns_lookup_kdc = $krb5{DNSLookupKDC} || 'true';
"dns_lookup_kdc = $dns_lookup_kdc";
}

5
root/etc/e-smith/templates/etc/krb5.conf/40realms Normal file
View File

@@ -0,0 +1,5 @@
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }

3
root/etc/e-smith/templates/etc/krb5.conf/50domain_realm Normal file
View File

@@ -0,0 +1,3 @@
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/10schemaSamba Normal file
View File

@@ -0,0 +1 @@
include /etc/openldap/schema/samba.schema

4
root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexesSamba Normal file
View File

@@ -0,0 +1,4 @@
index sambaSID eq,pres
index sambaPrimaryGroupSID eq,pres
index sambaDomainName eq,pres

13
root/etc/e-smith/templates/etc/openldap/slapd.conf/94acls10sambaPasswords Normal file
View File

@@ -0,0 +1,13 @@
access to attrs=sambaNTPassword
by self peername.ip="127.0.0.1" read
by self ssf=128 read
by anonymous peername.ip="127.0.0.1" auth
by anonymous ssf=128 auth
by * none
access to attrs=sambaLMPassword
by self peername.ip="127.0.0.1" read
by self ssf=128 read
by anonymous peername.ip="127.0.0.1" auth
by anonymous ssf=128 auth
by * none

8
root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls76sambaSamAccount Normal file
View File

@@ -0,0 +1,8 @@
{
# Sensible attributes related to sambaSamAccount
push @users, qw/sambaAcctFlags sambaBadPasswordCount sambaBadPasswordTime sambaKickoffTime sambaLogoffTime sambaLogonHours sambaPasswordHistory sambaSID sambaPrimaryGroupSID sambaPwdCanChange sambaPwdLastSet sambaPwdMustChange sambaUserWorkstations sambaSIDList sambaGroupType/;
$OUT .= '';
}

4
root/etc/e-smith/templates/etc/pam.d/samba/20auth Normal file
View File

@@ -0,0 +1,4 @@
auth required pam_nologin.so
auth { -f "/lib/security/pam_pwdb.so" ||
-f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" :
"include system-auth" }

3
root/etc/e-smith/templates/etc/pam.d/samba/30account Normal file
View File

@@ -0,0 +1,3 @@
account { -f "/lib/security/pam_pwdb.so" ||
-f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" :
"include system-auth" }

3
root/etc/e-smith/templates/etc/pam.d/samba/40password Normal file
View File

@@ -0,0 +1,3 @@
password { -f "/lib/security/pam_pwdb.so" ||
-f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" :
"include system-auth" }

3
root/etc/e-smith/templates/etc/pam.d/samba/50session Normal file
View File

@@ -0,0 +1,3 @@
session { -f "/lib/security/pam_pwdb.so" ||
-f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" :
"include system-auth" }

8
root/etc/e-smith/templates/etc/pam.d/samba/template-begin Normal file
View File

@@ -0,0 +1,8 @@
{
$OUT = <<HERE;
#%PAM-1.0
HERE
$OUT .=
Text::Template::_load_text("/etc/e-smith/templates-default/template-begin");
}

9
root/etc/e-smith/templates/etc/rsyslog.conf/32samba Normal file
View File

@@ -0,0 +1,9 @@
#smbd
:programname, isequal, "smbd" /var/log/smbd/smbd.log
& stop
#nmbd
:programname, isequal, "nmbd" /var/log/nmbd/nmbd.log
& stop

2
root/etc/e-smith/templates/etc/rsyslog.conf/46smbAudit Normal file
View File

@@ -0,0 +1,2 @@
local5.notice /var/log/samba/samba_audit
local5.notice stop

1
root/etc/e-smith/templates/etc/samba/smbusers/10unused Normal file
View File

@@ -0,0 +1 @@
# This file is currently unused

5
root/etc/e-smith/templates/etc/smb.conf/00usedb Normal file
View File

@@ -0,0 +1,5 @@
{
use esmith::db;
$vfs = ();
}

8
root/etc/e-smith/templates/etc/smb.conf/00yesno Normal file
View File

@@ -0,0 +1,8 @@
{
sub _yesno
{
my $arg = shift;
return (defined $arg) ? "yes" : "no";
}
}

5
root/etc/e-smith/templates/etc/smb.conf/02setupWinsServer Normal file
View File

@@ -0,0 +1,5 @@
{
$SMB_WINSServer = $DB->wins_server;
"";
}

17
root/etc/e-smith/templates/etc/smb.conf/10globals Normal file
View File

@@ -0,0 +1,17 @@
{
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings =====================================
}
[global]

11
root/etc/e-smith/templates/etc/smb.conf/10recyclebin Normal file
View File

@@ -0,0 +1,11 @@
{
$OUT = "";
return unless (($smb{'RecycleBin'} || 'disabled') eq 'enabled');
$vfs->{recycle}->{versions} = ($smb{'KeepVersions'} || 'disabled') eq 'enabled' ? "True" : "False";
$vfs->{recycle}->{repository} = "Recycle Bin";
$vfs->{recycle}->{keeptree} = "True";
$vfs->{recycle}->{touch} = "True";
$vfs->{recycle}->{exclude} = "*.tmp,*.temp,*.o,*.obj,~\$*";
$vfs->{recycle}->{exclude_dir} = "tmp,temp,cache";
}

8
root/etc/e-smith/templates/etc/smb.conf/10shadowcopy Normal file
View File

@@ -0,0 +1,8 @@
{
$OUT = "";
return unless (($smb{'ShadowCopy'} || 'disabled') eq 'enabled');
$vfs->{shadow_copy2}->{snapdir} = $smb{ShadowDir} || '/home/e-smith/files/.shadow';
$vfs->{shadow_copy2}->{basedir} = "/home/e-smith/files";
$vfs->{shadow_copy2}->{fixinodes} = 'yes';
}

4
root/etc/e-smith/templates/etc/smb.conf/11addMachineScript Normal file
View File

@@ -0,0 +1,4 @@
{
# Script to setup machine accounts
}
add machine script = /sbin/e-smith/signal-event machine-account-create '%u'

5
root/etc/e-smith/templates/etc/smb.conf/11bindInterfacesOnly Normal file
View File

@@ -0,0 +1,5 @@
{
# This global parameter allows the Samba admin to limit what
# interfaces on a machine will serve smb requests.
}
bind interfaces only = yes

4
root/etc/e-smith/templates/etc/smb.conf/11caseSensitive Normal file
View File

@@ -0,0 +1,4 @@
{
# Be very careful with case sensitivity - it can break things!
}
case sensitive = no

7
root/etc/e-smith/templates/etc/smb.conf/11deadtime Normal file
View File

@@ -0,0 +1,7 @@
{
$OUT = "";
if ($smb{DeadTime})
{
$OUT .= "deadtime = $smb{DeadTime}";
}
}

4
root/etc/e-smith/templates/etc/smb.conf/11defaultCase Normal file
View File

@@ -0,0 +1,4 @@
{
# Default case is normally upper case for all DOS files
# ; default case = lower
}

6
root/etc/e-smith/templates/etc/smb.conf/11dnsProxy Normal file
View File

@@ -0,0 +1,6 @@
{
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
}
dns proxy = no

5
root/etc/e-smith/templates/etc/smb.conf/11domainController Normal file
View File

@@ -0,0 +1,5 @@
{
# Use only if you have an NT server on your network that has been
# configured at install time to be a primary domain controller.
# ; domain controller = <NT-Domain-Controller-SMBName>
}

3
root/etc/e-smith/templates/etc/smb.conf/11domainLogons Normal file
View File

@@ -0,0 +1,3 @@
{
"domain logons = " . ( $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$} ? "yes" : "no" );
}

3
root/etc/e-smith/templates/etc/smb.conf/11domainMaster Normal file
View File

@@ -0,0 +1,3 @@
{
"domain master = " . ( $smb{ServerRole} =~ m{^(PDC|ADS)$} ? "yes" : "no" );
}

5
root/etc/e-smith/templates/etc/smb.conf/11dosCharSet Normal file
View File

@@ -0,0 +1,5 @@
{
my $DosCharSet = $smb{'DosCharSet'} || "850";
"dos charset = $DosCharSet";
}

6
root/etc/e-smith/templates/etc/smb.conf/11encryptPasswords Normal file
View File

@@ -0,0 +1,6 @@
{
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
}
encrypt passwords = yes

5
root/etc/e-smith/templates/etc/smb.conf/11execute Normal file
View File

@@ -0,0 +1,5 @@
{
$OUT = "";
$OUT .= "acl allow execute always = yes\n" if ( ( $smb{'AllowExecute'} || 'disabled') eq "enabled" );
}

5
root/etc/e-smith/templates/etc/smb.conf/11guestAccount Normal file
View File

@@ -0,0 +1,5 @@
{
# This is a username which will be used for access to services which
# are specified as 'guest ok'.
}
guest account = public

5
root/etc/e-smith/templates/etc/smb.conf/11guestOk Normal file
View File

@@ -0,0 +1,5 @@
{
# If this parameter is 'yes' for a service, then no password is
# required to connect to the service.
}
guest ok = no

12
root/etc/e-smith/templates/etc/smb.conf/11hostsAllow Normal file
View File

@@ -0,0 +1,12 @@
{
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
use esmith::NetworksDB;
my $ndb = esmith::NetworksDB->open_ro;
my @access = $ndb->local_access_spec;
"hosts allow = @access";
}

6
root/etc/e-smith/templates/etc/smb.conf/11include Normal file
View File

@@ -0,0 +1,6 @@
{
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
# ; include = /etc/smb.conf.%m
}

10
root/etc/e-smith/templates/etc/smb.conf/11interfaces Normal file
View File

@@ -0,0 +1,10 @@
{
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
}
interfaces = 127.0.0.1 {
defined $LocalIP ?
"$LocalIP/$LocalNetmask" :
""
}

5
root/etc/e-smith/templates/etc/smb.conf/11lanmanPasswords Normal file
View File

@@ -0,0 +1,5 @@
{
$OUT .= "lanman auth = $smb{'LanManPasswords'}\n" if $smb{'LanManPasswords'};
}

5
root/etc/e-smith/templates/etc/smb.conf/11logFile Normal file
View File

@@ -0,0 +1,5 @@
{
# this tells Samba to use a separate log file for each machine
# that connects
}
log file = /var/log/samba/log.%m

4
root/etc/e-smith/templates/etc/smb.conf/11logonDrive Normal file
View File

@@ -0,0 +1,4 @@
{
$drive = $smb{LogonDrive} || 'Z';
return "logon drive = ${drive}:";
}

20
root/etc/e-smith/templates/etc/smb.conf/11logonHome Normal file
View File

@@ -0,0 +1,20 @@
{
# Where to store roving profiles
# %L substitutes for this logon servers name
# %N substitutes for this servers netbios name
# %U is username
# WinNT/W2K uses logon path
# Win9x uses logon home
return "" unless $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$};
my $roamingProfiles = $smb{RoamingProfiles} || "no";
my $default = ($roamingProfiles eq "yes") ? '\\\%L\%U\._winprofile' : '';
my $logonHome = $smb{LogonHome} || $default;
return "" unless $logonHome;
return "logon home = $logonHome";
}

18
root/etc/e-smith/templates/etc/smb.conf/11logonPath Normal file
View File

@@ -0,0 +1,18 @@
{
# Where to store roving profiles
# %L substitutes for this logon servers name
# %N substitutes for this servers netbios name
# %U is username
# WinNT/W2K uses logon path
# Win9x uses logon home
return "" unless $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$};
my $roamingProfiles = $smb{RoamingProfiles} || "no";
my $default = ($roamingProfiles eq "yes") ? '\\\%L\Profiles\%U' : '';
my $logonPath = $smb{LogonPath} || $default;
return "logon path = $logonPath";
}

12
root/etc/e-smith/templates/etc/smb.conf/11logonScript Normal file
View File

@@ -0,0 +1,12 @@
{
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
# ; logon script = %m.bat\n
# run a specific logon batch file per username
# ; logon script = %U.bat\n\n";
return "" unless $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$};
'logon script = netlogon.bat';
}

5
root/etc/e-smith/templates/etc/smb.conf/11mapToGuest Normal file
View File

@@ -0,0 +1,5 @@
{
# If unknown user logs in, treat as guest. (In older versions of
# Samba this was a compile-time option.)
}
map to guest = never

4
root/etc/e-smith/templates/etc/smb.conf/11maxLogSize Normal file
View File

@@ -0,0 +1,4 @@
{
# Put a capping on the size of the log files (in Kb).
}
max log size = 50

27
root/etc/e-smith/templates/etc/smb.conf/11maxProtocol Normal file
View File

@@ -0,0 +1,27 @@
{
# Normally this should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropiate protocol.
$OUT = "";
our %ProtocolOrder = ( CORE => 1, # samba client default without explicit option; not available for server
COREPLUS => 2, # not available for server
LANMAN1 => 3, #samba server default without explicit option
LANMAN2 => 4,
NT1 => 5, # CIFS or SMB1
SMB2_02 => 6,
SMB2_10 => 7,
SMB2 => 7, # yes SMB2 default to 2_10
SMB2_22 => 8,
SMB2_24 => 9,
SMB3_00 => 10,
SMB3_02 => 11,
SMB3_10 => 12,
SMB3_11 => 13,
'SMB3' => 13 # yes SMB3 default to SMB3_11
);
$clientMaxProt = $smb{ClientMaxProtocol} || "SMB3";
$serverMaxProt = $smb{ServerMaxProtocol} || "SMB3";
#checking option is possible
$clientMaxProt = ( exists($ProtocolOrder{$clientMaxProt}) ) ? $clientMaxProt : "SMB3";
$serverMaxProt = ( exists($ProtocolOrder{$serverMaxProt}) && $ProtocolOrder{$serverMaxProt} >= 3) ? $serverMaxProt : "SMB3";
$OUT .= "client max protocol = $clientMaxProt\n";
$OUT .= "server max protocol = $serverMaxProt";
}

16
root/etc/e-smith/templates/etc/smb.conf/11minProtocol Normal file
View File

@@ -0,0 +1,16 @@
{
# Normally this should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropiate protocol.
$OUT = "";
$clientMinProt = $smb{ClientMinProtocol} || "SMB2";
$serverMinProt = $smb{ServerMinProtocol} || "SMB2";
$clientMinProt = ( exists($ProtocolOrder{$clientMinProt}) ) ? $clientMinProt : "SMB2";
$serverMinProt = ( exists($ProtocolOrder{$serverMinProt}) && $ProtocolOrder{$serverMinProt} >= 3) ? $serverMinProt : "SMB3";
#checking min prot is not higher
$clientMinProt = ( $ProtocolOrder{$clientMaxProt} >= $ProtocolOrder{$clientMinProt} ) ? $clientMinProt : $clientMaxProt;
$serverMinProt = ( $ProtocolOrder{$serverMaxProt} >= $ProtocolOrder{$serverMinProt} ) ? $serverMinProt : $serverMaxProt;
$OUT .= "client min protocol = $clientMinProt\n";
$OUT .= "server min protocol = $serverMinProt";
}

14
root/etc/e-smith/templates/etc/smb.conf/11nameResolveOrder Normal file
View File

@@ -0,0 +1,14 @@
{
# All NetBIOS names must be resolved to IP Addresses
# 'Name Resolve Order' allows the named resolution mechanism to be specified
# the default order is "host lmhosts wins bcast". "host" means use the unix
# system gethostbyname() function call that will use either /etc/hosts OR
# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
# and the /etc/resolv.conf file. "host" therefore is system configuration
# dependant. This parameter is most often of use to prevent DNS lookups
# in order to resolve NetBIOS names to IP Addresses. Use with care!
# The example below excludes use of name resolution for machines that are NOT
# on the local network segment
# - OR - are not deliberately to be known via lmhosts or via WINS.
}
name resolve order = wins lmhosts bcast

4
root/etc/e-smith/templates/etc/smb.conf/11netbiosName Normal file
View File

@@ -0,0 +1,4 @@
{
# this sets the NetBIOS name by which a Samba server is known
}
netbios name = { $smb{ServerName} }

10
root/etc/e-smith/templates/etc/smb.conf/11oplocks Normal file
View File

@@ -0,0 +1,10 @@
{
my $oplocks = (($smb{OpLocks} || 'enabled') eq 'enabled')
? 'true' : 'false';
$OUT =<<HERE;
oplocks = $oplocks
kernel oplocks = $oplocks
level2 oplocks = $oplocks
HERE
}

9
root/etc/e-smith/templates/etc/smb.conf/11osLevel Normal file
View File

@@ -0,0 +1,9 @@
{
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
# os level = 33
my $os_level = $smb{OsLevel} || "65";
"os level = " . ( $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$} ? "65" : $os_level );
}

25
root/etc/e-smith/templates/etc/smb.conf/11passdbBackend Normal file
View File

@@ -0,0 +1,25 @@
{
#Set the Samba user account dbase backend
if ( ($ldap{Authentication} || 'disabled') eq 'enabled')
{
my $base = esmith::util::ldapBase ($DomainName);
$OUT .= <<EOF;
passdb backend = ldapsam:ldap://localhost
ldap admin dn = cn=root,$base
ldap suffix = $base
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap delete dn = no
ldap passwd sync = yes
ldap ssl = off
EOF
}
else
{
$OUT .= <<EOF;
passdb backend = smbpasswd:/etc/samba/smbpasswd
EOF
}
}

5
root/etc/e-smith/templates/etc/smb.conf/11passwordLevel Normal file
View File

@@ -0,0 +1,5 @@
{
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
# ; password level = 8
}

7
root/etc/e-smith/templates/etc/smb.conf/11passwordServer Normal file
View File

@@ -0,0 +1,7 @@
{
# Use password server option only with security = server
# ; password server = <NT-Server-Name>
return "" unless $smb{ServerRole} =~ m{^(DM|ADM)$};
return "password server = $SMB_WINSServer";
}

1
root/etc/e-smith/templates/etc/smb.conf/11pidDirectory Normal file
View File

@@ -0,0 +1 @@
pid directory = /run

3
root/etc/e-smith/templates/etc/smb.conf/11preferredMaster Normal file
View File

@@ -0,0 +1,3 @@
{
"preferred master = " . ( $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$} ? "yes" : "auto" );
}

5
root/etc/e-smith/templates/etc/smb.conf/11preserveCase Normal file
View File

@@ -0,0 +1,5 @@
{
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
}
preserve case = yes

1
root/etc/e-smith/templates/etc/smb.conf/11privateDir Normal file
View File

@@ -0,0 +1 @@
private dir = /etc/samba

7
root/etc/e-smith/templates/etc/smb.conf/11remoteAnnounce Normal file
View File

@@ -0,0 +1,7 @@
{
# Cause this host to announce itself to local subnets here
# ; remote announce = 192.168.1.255 192.168.2.44
return "" unless defined $SMB_WINSServer and $SMB_WINSServer ne $LocalIP;
return "remote announce = $SMB_WINSServer";
}

9
root/etc/e-smith/templates/etc/smb.conf/11remoteBrowseSync Normal file
View File

@@ -0,0 +1,9 @@
{
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
# ; remote browse sync = 192.168.3.25 192.168.5.255
return "" unless defined $SMB_WINSServer and $SMB_WINSServer ne $LocalIP;
return "remote browse sync = $SMB_WINSServer";
}

13
root/etc/e-smith/templates/etc/smb.conf/11security Normal file
View File

@@ -0,0 +1,13 @@
{
# Security mode. Most people will want user level security. See
# security_level.txt for details.
}
security = {
if ($smb{ServerRole} eq "DM") {
"domain";
} elsif ($smb{ServerRole} eq "ADS") {
"ADS";
} else {
"user";
}
}

7
root/etc/e-smith/templates/etc/smb.conf/11serverString Normal file
View File

@@ -0,0 +1,7 @@
{
# server string is the equivalent of the NT Description field
my $server_string = $smb{ServerString} || 'SME Server';
"server string = $server_string";
}

1
root/etc/e-smith/templates/etc/smb.conf/11shortPreserveCase Normal file
View File

@@ -0,0 +1 @@
short preserve case = yes

1
root/etc/e-smith/templates/etc/smb.conf/11smbPasswdFile Normal file
View File

@@ -0,0 +1 @@
smb passwd file = /etc/samba/smbpasswd

7
root/etc/e-smith/templates/etc/smb.conf/11smbPorts Normal file
View File

@@ -0,0 +1,7 @@
{
my $smb_ports = $smb{SMBPorts} || "139 445";
$smb_ports = "$smb_ports 445" unless ( $smb_ports =~ /445/ || $ProtocolOrder{$serverMaxProt} <= 5 );
"smb ports = $smb_ports";
}

5
root/etc/e-smith/templates/etc/smb.conf/11socketOptions Normal file
View File

@@ -0,0 +1,5 @@
{
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
}
socket options = TCP_NODELAY

5
root/etc/e-smith/templates/etc/smb.conf/11strictLocking Normal file
View File

@@ -0,0 +1,5 @@
{
# This is a boolean that controls the handling of file locking in the
# server.
}
strict locking = no

5
root/etc/e-smith/templates/etc/smb.conf/11unixCharSet Normal file
View File

@@ -0,0 +1,5 @@
{
my $UnixCharSet = $smb{'UnixCharSet'} || "UTF8";
"unix charset = $UnixCharSet";
}

27
root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync Normal file
View File

@@ -0,0 +1,27 @@
{
# The following are needed to allow password changing from Windows to
# update the Linux sytsem password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
if ( ($ldap{Authentication} || 'disabled') eq 'enabled')
{
$OUT .= <<EOF;
unix password sync = no
pam password change = no
EOF
}
else
{
$OUT .= <<'EOF';
unix password sync = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
check password script = /sbin/e-smith/samba_check_password
EOF
}
}

11
root/etc/e-smith/templates/etc/smb.conf/11unix_extensions Normal file
View File

@@ -0,0 +1,11 @@
{
# This boolean parameter controls whether Samba implments the CIFS UNIX extensions, as
# defined by HP. These extensions enable Samba to better serve UNIX CIFS clients by sup-
# porting features such as symbolic links, hard links, etc... These extensions require a
# similarly enabled client, and are of no current use to Windows clients.
# Enabling unix extensions causes a lot of problems with file and directory
# permissions in i-bays (reported with OS X clients). We disable them.
$OUT .= "unix extensions = no";
}

3
root/etc/e-smith/templates/etc/smb.conf/11usernameLevel Normal file
View File

@@ -0,0 +1,3 @@
{
# ; username level = 8
}

7
root/etc/e-smith/templates/etc/smb.conf/11wideLinks Normal file
View File

@@ -0,0 +1,7 @@
{
$OUT = "";
if ($smb{WideLinks})
{
$OUT .= "wide links = $smb{WideLinks}";
}
}

6
root/etc/e-smith/templates/etc/smb.conf/11winsProxy Normal file
View File

@@ -0,0 +1,6 @@
{
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
# ; wins proxy = yes
}

13
root/etc/e-smith/templates/etc/smb.conf/11winsServer Normal file
View File

@@ -0,0 +1,13 @@
{
#------------------------------------------------------------------
# If there is a WINS server defined and it is not us, refer to it.
# Otherwise turn WINS support on.
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#------------------------------------------------------------------
return "wins support = yes" if defined $SMB_WINSServer and $SMB_WINSServer eq $LocalIP;
$OUT .= "wins support = no\n";
$OUT .= "wins server = $SMB_WINSServer" if defined $SMB_WINSServer;
}

4
root/etc/e-smith/templates/etc/smb.conf/11workgroup Normal file
View File

@@ -0,0 +1,4 @@
{
# workgroup = NT-Domain-Name or Workgroup-Name
}
workgroup = { $smb{Workgroup} }

16
root/etc/e-smith/templates/etc/smb.conf/50homes Normal file
View File

@@ -0,0 +1,16 @@
[homes]
comment = Home directory
browseable = no
guest ok = no
read only = no
writable = yes
printable = no
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770
path = /home/e-smith/files/users/%S/home
{
$OUT = "";
$OUT .= "acl allow execute always = yes\n" if ( ( $smb{'AllowExecuteHomes'} || 'disabled') eq "enabled" );
}

16
root/etc/e-smith/templates/etc/smb.conf/50homesVFS Normal file
View File

@@ -0,0 +1,16 @@
{
return "" unless scalar keys %$vfs;
my $vfs_module_prefix_map = {
shadow_copy2 => 'shadow',
posix_eadb => 'posix'
};
$OUT = "vfs objects = " . (join " ", keys %$vfs) . "\n";
foreach $mod (keys %$vfs) {
$mod2 = $vfs_module_prefix_map->{$mod} || $mod;
foreach $opt (keys %{$vfs->{$mod}}) {
$OUT .= " $mod2:$opt=$vfs->{$mod}->{$opt}\n";
}
}
}

18
root/etc/e-smith/templates/etc/smb.conf/61Profilesshare Normal file
View File

@@ -0,0 +1,18 @@
{
# This is the WinNT/W2K Profiles share
# WinNT/W2K profiles are stored in /home/e-smith/files/samba/profiles/~user
# Win9x profiles are stored in ~user/._winprofile
return ""
unless ($smb{RoamingProfiles} eq "yes");
$OUT .= <<HERE;
[Profiles]
path = /home/e-smith/files/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
csc policy = disable
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
HERE
}

12
root/etc/e-smith/templates/etc/smb.conf/61netlogonshare Normal file
View File

@@ -0,0 +1,12 @@
{
return "" unless $smb{ServerRole} =~ m{^(PDC|ADS|BDC)$};
$OUT .= <<HERE;
[netlogon]
comment = Network Logon Service
path = /home/e-smith/files/samba/netlogon
guest ok = yes
writable = yes
browseable = no
HERE
}

17
root/etc/e-smith/templates/etc/smb.conf/61printerdriversshare Normal file
View File

@@ -0,0 +1,17 @@
{
# added to support printer drivers download
# This share is writable according to Unix file permissions (admin:admin)
my $u_c_d = $smb{UseClientDriver} || "yes";;
my $writable = ($u_c_d eq "yes") ? "no" : "yes";
$OUT = <<HERE;
[print\$]
comment = Printer drivers
path = /home/e-smith/files/samba/printers
guest ok = yes
browseable = yes
writable = $writable
HERE
}

18
root/etc/e-smith/templates/etc/smb.conf/90ibays Normal file
View File

@@ -0,0 +1,18 @@
{
# process all information-bay directories
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
foreach my $ibay ($adb->ibays)
{
$OUT .= esmith::templates::processTemplate (
{
MORE_DATA => {
ibay => $ibay,
},
TEMPLATE_PATH => "/etc/smb.conf/ibays",
OUTPUT_TYPE => 'string',
});
}
}

11
root/etc/e-smith/templates/etc/smb.conf/ibays/00Setup Normal file
View File

@@ -0,0 +1,11 @@
{
use esmith::AccountsDB;
# Convert the passed hash for the ibay object back into an object.
$ibay = bless \%ibay, 'esmith::DB::db::Record';
$key = $ibay->key;
$OUT .= "\n[$key]\n";
$OUT .= "comment = " . $ibay->prop('Name');
$ibay_vfs = ();
}

12
root/etc/e-smith/templates/etc/smb.conf/ibays/10recyclebin Normal file
View File

@@ -0,0 +1,12 @@
{
$OUT = "";
return unless (($ibay->prop('RecycleBin') || 'disabled') eq 'enabled');
$ibay_vfs->{recycle}->{versions} = ($ibay->prop('KeepVersions') || 'disabled') eq 'enabled' ? "True" : "False";
$ibay_vfs->{recycle}->{repository} = "Recycle Bin";
$ibay_vfs->{recycle}->{keeptree} = "True";
$ibay_vfs->{recycle}->{touch} = "True";
$ibay_vfs->{recycle}->{exclude} = "*.tmp,*.temp,*.o,*.obj,~\$*,.~lock.*";
$ibay_vfs->{recycle}->{exclude_dir} = "tmp,temp,cache";
$ibay_vfs->{recycle}->{directory_mode} = "0770";
}

9
root/etc/e-smith/templates/etc/smb.conf/ibays/10shadowcopy Normal file
View File

@@ -0,0 +1,9 @@
{
$OUT = "";
return if (($smb{'ShadowCopy'} || 'disabled') eq 'disabled');
return if (($ibay->prop('ShadowCopy') || 'enabled') eq 'disabled');
$ibay_vfs->{shadow_copy2}->{snapdir} = $smb{ShadowDir} || '/home/e-smith/files/.shadow';
$ibay_vfs->{shadow_copy2}->{basedir} = "/home/e-smith/files";
$ibay_vfs->{shadow_copy2}->{fixinodes} = 'yes';
}

12
root/etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit Normal file
View File

@@ -0,0 +1,12 @@
{
$OUT = "";
return unless (($ibay->prop('Audit') || 'disabled') eq 'enabled');
$ibay_vfs->{full_audit}->{prefix} = "%u|%I|%S";
$ibay_vfs->{full_audit}->{failure} = "connect";
$ibay_vfs->{full_audit}->{success} = "opendir mkdir rmdir open write rename unlink";
$ibay_vfs->{full_audit}->{facility} = "local5";
$ibay_vfs->{full_audit}->{priority} = "notice";
}

12
root/etc/e-smith/templates/etc/smb.conf/ibays/15path Normal file
View File

@@ -0,0 +1,12 @@
{
#---------------------------------------
# If no public access, have the share go directly to the files
# subdirectory (for easier drive mappings)
# Otherwise, have the share mapping show all three subfolders
#---------------------------------------
$OUT .= "path = /home/e-smith/files/ibays/$key";
if ($ibay->prop('PublicAccess') eq 'none')
{
$OUT .= "/files";
}
}

3
root/etc/e-smith/templates/etc/smb.conf/ibays/20readonly Normal file
View File

@@ -0,0 +1,3 @@
{
$OUT .= "read only = no";
}

3
root/etc/e-smith/templates/etc/smb.conf/ibays/20writable Normal file
View File

@@ -0,0 +1,3 @@
{
$OUT .= "writable = yes";
}

3
root/etc/e-smith/templates/etc/smb.conf/ibays/25printable Normal file
View File

@@ -0,0 +1,3 @@
{
$OUT .= "printable = no";
}

12
root/etc/e-smith/templates/etc/smb.conf/ibays/30permissions Normal file
View File

@@ -0,0 +1,12 @@
{
# Make the defaults really stupid
my %perms = (
'wr-admin-rd-group' => '0640',
'wr-group-rd-group' => '0660',
'wr-group-rd-everyone' => '0664',
);
my $fmode = $perms{$ibay->prop('UserAccess')} || "0000";
$OUT .= "inherit permissions = yes\n";
$OUT .= "create mode = $fmode";
}

4
root/etc/e-smith/templates/etc/smb.conf/ibays/35cscPolicy Normal file
View File

@@ -0,0 +1,4 @@
{
$policy = $ibay->prop('cscPolicy') || return '';
$OUT = "csc policy = $policy";
}

5
root/etc/e-smith/templates/etc/smb.conf/ibays/40browseable Normal file
View File

@@ -0,0 +1,5 @@
{
if ( ($ibay->prop('Browseable') || 'yes') eq 'disabled') {
$OUT .= "browseable = no\n";
}
}

Some files were not shown because too many files have changed in this diff Show More