Samba e OpenLDAP: creare un controller di dominio con Debian Lenny: differenze tra le versioni

Samba e OpenLDAP: creare un controller di dominio con Debian Lenny (visualizza wikitesto)

Versione delle 18:20, 28 gen 2010

847 byte rimossi , 28 gen 2010

→‎Configurazione

Ferdybassi

Burocrati, Amministratori

4 069

contributi

@@ Riga 402: / Riga 402: @@
 '''/etc/smbldap-tools/smbldap.conf''':
 <pre>
-#
-# Purpose :
-# . be the configuration file for all smbldap-tools scripts
 ##############################################################################
 ##
@@ Riga 410: / Riga 407: @@
 # ##############################################################################
 # Put your own SID. To obtain this number do: "net getlocalsid".
-# If not defined, parameter is taking from "net getlocalsid" return
 SID="S-1-5-21-125945932-740595490-3132273231"
 # Domain name the Samba server is in charged.
-# If not defined, parameter is taking from smb.conf configuration file
 sambaDomain="DOMINIO"
+realm="DOMINIO.LOCAL"
 ##############################################################################
 #
@@ Riga 421: / Riga 419: @@
 ##############################################################################
 # Slave LDAP server
-# If not defined, parameter is set to "127.0.0.1"
 slaveLDAP="127.0.0.1"
 # Slave LDAP port
-# If not defined, parameter is set to "389"
 slavePort="389"
 # Master LDAP server: needed for write operations
-# If not defined, parameter is set to "127.0.0.1"
 masterLDAP="127.0.0.1"
 # Master LDAP port
-# If not defined, parameter is set to "389"
 masterPort="389"
 # Use TLS for LDAP
 # If set to 1, this option will use start_tls for connection
-# (you should also used the port 389)
+ldapTLS="1"
-# If not defined, parameter is set to "1"
-ldapTLS="0"
 # How to verify the server's certificate (none, optional or require)
 verify="require"
 # CA certificate
-cafile="/etc/smbldap-tools/ca.pem"
+cafile="/etc/ldap/ssl/cacert.pem"
 # certificate to use to connect to the ldap server
-clientcert="/etc/smbldap-tools/smbldap-tools.pem"
+clientcert="/etc/ldap/ssl/servercrt.pem"
 # key certificate to use to connect to the ldap server
-clientkey="/etc/smbldap-tools/smbldap-tools.key"
+clientkey="/etc/ldap/ssl/serverkey.pem"
 # LDAP Suffix
 suffix="dc=dominio,dc=local"
 # Where are stored Users
-# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
 usersdn="ou=Users,${suffix}"
 # Where are stored Computers
-# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
 computersdn="ou=Computers,${suffix}"
 # Where are stored Groups
-# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
 groupsdn="ou=Groups,${suffix}"
 # Where are stored Idmap entries (used if samba is a domain member server)
-# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
+idmapdn="ou=Idmap,${suffix}"
-#idmapdn="ou=Idmap,${suffix}"
 # Where to store next uidNumber and gidNumber available for new users and groups
-# If not defined, entries are stored in sambaDomainName object.
 sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
 # Default scope Used
 scope="sub"
 # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
 hash_encrypt="MD5"
@@ Riga 470: / Riga 463: @@
 # passwords if you use "$1$%.8s". This parameter is optional!
 crypt_salt_format="%s"
 ##############################################################################
 #