El Jueves, 30 de Diciembre de 2004 16:59, Armindo Díaz Argaña escribió:
Si uso LDAP para almacenar los datos del usuario no deberia de cargarlos en nigun otro lado, esa es la idea de usar LDAP.. no?.
* Siempre y cuando samba este trabajando contra ldap, aqui va una idea o ejemplo real, cambia los dn, uid, workgroup, etc.. direccion del servidor ldap si no es localhost, los ficheros aludidos han de existir. ------------------------/etc/samba/smb.conf------------------------- [global] add user script=/usr/sbin/addsmbmachine2ldap %m admin users=administrator character set= client code page=437 domain admin group=@ntadmin root domain logons=Yes domain master=Yes encrypt passwords=Yes ldap admin dn=uid=cyrus,dc=usernix,dc=org ldap del only sam attr=Yes ldap filter=(&(uid=%u)(objectclass=sambaAccount)) ldap port=389 ldap server=localhost ldap ssl=No ldap suffix=dc=usernix,dc=org logon drive=p: logon home=\\%L\%U logon path=\\%L\%U\.msprofile logon script=users.bat map to guest=Bad User os level=255 preferred master=Yes printcap name=CUPS printer admin=@ntadmin printing=CUPS security=user socket options=SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY time server=Yes unix extensions=Yes username map=/etc/samba/smbusers veto files=/*.eml/*.nws/riched20.dll/*.{*}/ wins support=Yes workgroup=USERNIX [netlogon] comment=Network Logon Service path=/var/lib/samba/netlogon browseable=No [homes] browseable=No comment=Home Directories inherit permissions=Yes read only=No valid users=%S [print$] comment=Printer Drivers create mask=0664 directory mask=0775 force group=ntadmin path=/var/lib/samba/drivers write list=@ntadmin root [printers] browseable=No comment=All Printers create mask=0600 path=/var/tmp printable=Yes [Users] comment=Share para todos los Usuarios path=/home writeable=Yes inherit permissions=Yes veto files=/aquota.user/groups/shares/ [Groups] comment=Plaza Publica path=/home/groups writeable=Yes inherit permissions=Yes [pdf] comment=PDF generador path=/var/tmp printable=Yes print command=/usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z create mask=0600 [info] comment=Informacion Genral path=/home/groups/info writeable=Yes inherit permissions=Yes browseable=No [IT] comment=IT path=/home/groups/IT writeable=Yes inherit permissions=Yes browseable=No [purchase] comment=purchase path=/home/groups/purchase writeable=Yes inherit permissions=Yes browseable=No [sales] comment=Ventas path=/home/groups/sales writeable=Yes inherit permissions=Yes browseable=No [management] comment=management path=/home/groups/management writeable=Yes inherit permissions=Yes browseable=No [administration] comment=Administracion path=/home/groups/administration writeable=Yes inherit permissions=Yes browseable=No
Otra duda que tengo es que SUSE trae por defecto este script para el alta de la máquina: /sbin/yast /usr/share/YaST2/data/add_machine.ycp
* Ten en cuenta que corre bajo el usuario cyrus en mi caso, que es el admin de
ldap, doy por supuesto que tienes ldap en orden, si no dispones de algun
fichero a los que llama el script dilo, son binarios, no lo tengo en un SuSE
profesional.
-------------/usr/sbin/addsmbmachine2ldap -------------
#! /bin/bash
if [ -z "$1" ]; then
logger -t $(basename $0) "missing hostname argument."
exit 1
fi
BASEDN=$(awk 'BEGIN { IGNORECASE=1; } /^base/ { print $2; next; } { next; }'
\
< /etc/openldap/ldap.conf)
if [ -z "$BASEDN" ]; then
logger -t $(basename $0) "unable to get BaseDN"
exit 1
fi
PASSWD=$(/usr/lib/samba/tdbdump /etc/samba/secrets.tdb | awk '
BEGIN { OFS=" "; }
/^key = "uid=cyrus/ { getline; print $3;}
{ next; };' | sed 's/^"\(.*\)"$/\1/g')
if [ "$PASSWD" != "-n" -a "$PASSWD" != "-e" -a "$PASSWD" != "-E" ]; then
PASSWD=$(echo -e "${PASSWD//\\\\/\\x}")
fi
cat <