# /etc/smbldap-tools/smbldap.conf # $Id: smbldap.conf,v 1.3 2005-04-19 08:09:02 doros Exp $ ############################################################################## # # General Configuration # ############################################################################## # Put your own SID # to obtain this number do: net getlocalsid SID = 'S-1-5-21-3840722988-1065274203-713729200'; ############################################################################## # # LDAP Configuration # ############################################################################## # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) slaveLDAP="192.168.50.1" slavePort="389" # Master LDAP : needed for write operations masterLDAP="192.168.50.1" masterPort="389" # Use TLS for LDAP # If set to 1, this option will use start_tls for connection # (you should also used the port 389) ldapTLS="0" # How to verify the server's certificate (none, optional or require) # see "man Net::LDAP" in start_tls section for more details ###verify="require" # CA certificate # see "man Net::LDAP" in start_tls section for more details ###cafile="/etc/smbldap-tools/ca.pem" # certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details ###clientcert="/etc/smbldap-tools/smbldap-tools.pem" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details ###clientkey="/etc/smbldap-tools/smbldap-tools.key" # LDAP Suffix suffix = "dc=istituto,dc=it" # Where are stored Users usersdn="ou=Users,${suffix}" # Where are stored Computers computersdn="ou=Computers,${suffix}" # Where are stored Groups groupsdn="ou=Groups,${suffix}" # Where are stored Idmap entries (used if samba is a domain member server) idmapdn="ou=Idmap,${suffix}" # Where to store next uidNumber and gidNumber available sambaUnixIdPooldn="sambaDomainName=NetkitWG,${suffix}" # Default scope Used scope = "sub" # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) hash_encrypt="SSHA" # if hash_encrypt is set to CRYPT, you may set a salt format. # default is "%s", but many systems will generate MD5 hashed # passwords if you use "$1$%.8s". This parameter is optional! crypt_salt_format="%s" ############################################################################## # # Unix Accounts Configuration # ############################################################################## # Login defs # Default Login Shell userLoginShell="/bin/bash" # Home directory userHome="/home/%U" # Gecos userGecos="System User" # Default User (POSIX and Samba) GID defaultUserGid="513" # Default Computer (Samba) GID defaultComputerGid="550" # Skel dir skeletonDir="/etc/skel" # Default password validation time (time in days) Comment the next line if # you don't want password to be enable for defaultMaxPasswordAge days (be # careful to the sambaPwdMustChange attribute's value) defaultMaxPasswordAge="99" ############################################################################## # # SAMBA Configuration # ############################################################################## # The UNC path to home drives location (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon home' # directive and/or disable roaming profiles userSmbHome="\\SRV\home\%U" # The UNC path to profiles locations (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon path' # directive and/or disable roaming profiles userProfile="\\SRV\profiles\%U" # The default Home Drive Letter mapping # (will be automatically mapped at logon time if home directory exist) userHomeDrive="K:" # The default user netlogon script name (%U username substitution) # if not used, will be automatically username.cmd # make sure script file is edited under dos # userScript="startup.cmd" # make sure script file is edited under dos userScript="%U.cmd" # Domain appended to the users "mail"-attribute # when smbldap-useradd -M is used mailDomain="server" ############################################################################## # # SMBLDAP-TOOLS Configuration (default are ok for a RedHat) # ############################################################################## # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but # prefer Crypt::SmbHash library with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" # # bot