1 # $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
2 # $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $
4 # smbldap-tools.conf : Q & D configuration file for smbldap-tools
6 # This code was developped by IDEALX (http://IDEALX.org/) and
7 # contributors (their names can be found in the CONTRIBUTORS file).
9 # Copyright (C) 2001-2002 IDEALX
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, write to the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
27 # . be the configuration file for all smbldap-tools scripts
29 ##############################################################################
31 # General Configuration
33 ##############################################################################
35 # Put your own SID. To obtain this number do: "net getlocalsid".
36 # If not defined, parameter is taking from "net getlocalsid" return
37 SID="S-1-5-21-4205727931-4131263253-1851132061"
39 # Domain name the Samba server is in charged.
40 # If not defined, parameter is taking from smb.conf configuration file
41 # Ex: sambaDomain="IDEALX-NT"
42 sambaDomain="IDEALX-NT"
44 ##############################################################################
48 ##############################################################################
50 # Notes: to use to dual ldap servers backend for Samba, you must patch
51 # Samba with the dual-head patch from IDEALX. If not using this patch
52 # just use the same server for slaveLDAP and masterLDAP.
53 # Those two servers declarations can also be used when you have
54 # . one master LDAP server where all writing operations must be done
55 # . one slave LDAP server where all reading operations must be done
56 # (typically a replication directory)
59 # Ex: slaveLDAP=127.0.0.1
60 # If not defined, parameter is set to "127.0.0.1"
64 # If not defined, parameter is set to "389"
67 # Master LDAP server: needed for write operations
68 # Ex: masterLDAP=127.0.0.1
69 # If not defined, parameter is set to "127.0.0.1"
70 masterLDAP="127.0.0.1"
73 # If not defined, parameter is set to "389"
77 # If set to 1, this option will use start_tls for connection
78 # (you should also used the port 389)
79 # If not defined, parameter is set to "1"
82 # How to verify the server's certificate (none, optional or require)
83 # see "man Net::LDAP" in start_tls section for more details
87 # see "man Net::LDAP" in start_tls section for more details
88 cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem"
90 # certificate to use to connect to the ldap server
91 # see "man Net::LDAP" in start_tls section for more details
92 clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem"
94 # key certificate to use to connect to the ldap server
95 # see "man Net::LDAP" in start_tls section for more details
96 clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key"
99 # Ex: suffix=dc=IDEALX,dc=ORG
100 suffix="dc=idealx,dc=org"
102 # Where are stored Users
103 # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
104 # Warning: if 'suffix' is not set here, you must set the full dn for usersdn
105 usersdn="ou=Users,${suffix}"
107 # Where are stored Computers
108 # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
109 # Warning: if 'suffix' is not set here, you must set the full dn for computersdn
110 computersdn="ou=Computers,${suffix}"
112 # Where are stored Groups
113 # Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
114 # Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
115 groupsdn="ou=Groups,${suffix}"
117 # Where are stored Idmap entries (used if samba is a domain member server)
118 # Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
119 # Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
120 idmapdn="ou=Idmap,${suffix}"
122 # Where to store next uidNumber and gidNumber available for new users and groups
123 # If not defined, entries are stored in sambaDomainName object.
124 # Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
125 # Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
126 sambaUnixIdPooldn="sambaDomainName=IDEALX-NT,${suffix}"
131 # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
134 # if hash_encrypt is set to CRYPT, you may set a salt format.
135 # default is "%s", but many systems will generate MD5 hashed
136 # passwords if you use "$1$%.8s". This parameter is optional!
137 crypt_salt_format="%s"
139 ##############################################################################
141 # Unix Accounts Configuration
143 ##############################################################################
146 # Default Login Shell
147 # Ex: userLoginShell="/bin/bash"
148 userLoginShell="/bin/bash"
151 # Ex: userHome="/home/%U"
154 # Default mode used for user homeDirectory
155 userHomeDirectoryMode="700"
158 userGecos="System User"
160 # Default User (POSIX and Samba) GID
163 # Default Computer (Samba) GID
164 defaultComputerGid="515"
167 skeletonDir="/etc/skel"
169 # Default password validation time (time in days) Comment the next line if
170 # you don't want password to be enable for defaultMaxPasswordAge days (be
171 # careful to the sambaPwdMustChange attribute's value)
172 defaultMaxPasswordAge="45"
174 ##############################################################################
176 # SAMBA Configuration
178 ##############################################################################
180 # The UNC path to home drives location (%U username substitution)
181 # Just set it to a null string if you want to use the smb.conf 'logon home'
182 # directive and/or disable roaming profiles
183 # Ex: userSmbHome="\\PDC-SMB3\%U"
184 userSmbHome="\\PDC-SRV\%U"
186 # The UNC path to profiles locations (%U username substitution)
187 # Just set it to a null string if you want to use the smb.conf 'logon path'
188 # directive and/or disable roaming profiles
189 # Ex: userProfile="\\PDC-SMB3\profiles\%U"
190 userProfile="\\PDC-SRV\profiles\%U"
192 # The default Home Drive Letter mapping
193 # (will be automatically mapped at logon time if home directory exist)
194 # Ex: userHomeDrive="H:"
197 # The default user netlogon script name (%U username substitution)
198 # if not used, will be automatically username.cmd
199 # make sure script file is edited under dos
200 # Ex: userScript="startup.cmd" # make sure script file is edited under dos
201 userScript="logon.bat"
203 # Domain appended to the users "mail"-attribute
204 # when smbldap-useradd -M is used
205 # Ex: mailDomain="idealx.com"
206 mailDomain="idealx.com"
208 ##############################################################################
210 # SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
212 ##############################################################################
214 # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
215 # prefer Crypt::SmbHash library
217 smbpasswd="/usr/bin/smbpasswd"
219 # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
220 # but prefer Crypt:: libraries
222 slappasswd="/usr/sbin/slappasswd"
224 # comment out the following line to get rid of the default banner