Hallo, ich würde auch mal
sophomorix-dump-pg2ldap laufen lassen. Gruß Alois 2015-08-01 9:45 GMT+02:00 J. Gaisser <[email protected]>: > Hallo Holger, > > Bitte änder mal die > --- > im Feld hinter dem Nutzernamen auf > erstpw > > und mach dann ein > sophomorix-check > > habe ich gemacht, lief ohne Fehler durch. > Dann: neues Passwort (und Erstpasswort) über Schulkonsole gesetzt, an > Ubuntu-Client angemeldet, abgemeldet, beim erneuten Anmelden ist das > Passwort nicht mehr gültig (Kontrolle über Schulkonsole: Erstpasswort hat > jetzt wieder 24 Zeichen). > > ihr habt von der 5.1 auf die 6.1 migriert: das Problem besteht aber erst > seit ca. 2 Monaten nach einem update des Servers? > > Genau, ich kann mir dieses Phänomen nur mit einem Update des Servers > erklären > > Bitte schick mal die /etc/samba/smb.conf und die > /etc/sophomorix/user/sophomorix.conf > > Folgen im Anschluss. > > Viele Grüße > Jürgen > > /etc/samba/smb.conf > > ##### Do not change this file! It will be overwritten! > ##### This configuration file was automatically created by > linuxmuster-base! > ##### Last Modification: Di 24. Feb 21:27:29 CET 2015 > # > ############################################################ > # Include your own stuff in the following files: > # global stuff: /etc/samba/smb.conf.global > # custom shares: /etc/samba/smb.conf.shares > # > # [email protected] > # 14.12.2013 > ############################################################ > # > # > # This is the main Samba configuration file. You should read the > # smb.conf(5) manual page in order to understand the options listed > # here. Samba has a huge number of configurable options most of which > # are not shown in this example > # > # Any line which starts with a ; (semi-colon) or a # (hash) > # is a comment and is ignored. In this example we will use a # > # for commentary and a ; for parts of the config file that you > # may wish to enable > # > # NOTE: Whenever you modify this file you should run the command > # "testparm" to check that you have not many any basic syntactic > # errors. > # > > #======================= Global Settings ======================= > > [global] > > ## Browsing/Identification ### > > # Change this to the workgroup/NT-domain name your Samba server will part > of > workgroup = SCHULE > > # server string is the equivalent of the NT Description field > # server string = Linux %h mit Samba %v > server string = Samba %v on (%L) > > # Windows Internet Name Serving Support Section: > # WINS Support - Tells the NMBD component of Samba to enable its WINS > Server > wins support = yes > > # WINS Server - Tells the NMBD components of Samba to be a WINS Client > # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both > ; wins server = w.x.y.z > > # This will prevent nmbd to search for NetBIOS names through DNS. > dns proxy = no > > # What naming service and in what order should we use to resolve host names > # to IP addresses > ; name resolve order = lmhosts host wins bcast > > > #### Debugging/Accounting #### > > # This tells Samba to use a separate log file for each machine > # that connects > log file = /var/log/samba/log.%m > log level = 0 > # Put a capping on the size of the log files (in Kb). > max log size = 1000 > > # If you want Samba to only log through syslog then set the following > # parameter to 'yes'. > ; syslog only = no > > # We want Samba to log a minimum amount of information to syslog. > Everything > # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log > # through syslog you should set the following parameter to something > higher. > syslog = 0 > > # Do something sensible when Samba crashes: mail the admin a backtrace > panic action = /usr/share/samba/panic-action %d > > > ####### Authentication ####### > > # "security = user" is always a good idea. This will require a Unix account > # in this server for every user accessing the server. See > # /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc > # package for details. > ; security = user > > # You may wish to use password encryption. See the section on > # 'encrypt passwords' in the smb.conf(5) manpage before enabling. > encrypt passwords = true > > ldap ssl = Off > ldap replication sleep = 5000 > ldap admin dn = cn=admin,dc=paedml-linux,dc=lokal > ldap suffix = dc=paedml-linux,dc=lokal > ldap group suffix = ou=groups > ldap user suffix = ou=accounts > ldap machine suffix = ou=machines > passdb backend = ldapsam:ldap://localhost > obey pam restrictions = no > guest account = nobody > > # username map = /etc/samba/username.map > > # This boolean parameter controls whether Samba attempts to sync the Unix > # password with the SMB password when the encrypted SMB password in the > # passdb is changed. > ; unix password sync = yes > > # For Unix password sync to work on a Debian GNU/Linux system, the > following > # parameters must be set (thanks to Augustin Luton <[email protected]> > <[email protected]> for > # sending the correct chat script for the passwd program in Debian Potato). > passwd program = /usr/sbin/sophomorix-passwd --interactive --user %u > passwd chat = *New*password*:* %n\n *Retype*new*password*:* %n\n > > # This boolean controls whether PAM will be used for password changes > # when requested by an SMB client instead of the program listed in > # 'passwd program'. The default is 'no'. > ; pam password change = no > > > ########## Printing ########## > > # If you want to automatically load your printer list rather > # than setting them up individually then you'll need this > load printers = no > > # lpr(ng) printing. You may wish to override the location of the > # printcap file > ; printing = bsd > ; printcap name = /etc/printcap > > # CUPS printing. See also the cupsaddsmb(8) manpage in the > # cupsys-client package. > printing = cups > printcap name = cups > > # When using [print$], root is implicitly a 'printer admin', but you can > # also give this right to other users to add drivers and set printer > # properties > # printer admin = root > > > ######## File sharing ######## > > # Name mangling options > ; preserve case = yes > ; short preserve case = yes > > #### linuxmuster settings #### > # interfaces = 10.16.1.1/255.240.0.0 127.0.0.1/255.0.0.0 > domain logons = Yes > admin users = domadmin > unix charset = UTF8 > dos charset = > logon script = login.bat > time server = Yes > logon path = > logon home = \\%L\%u > use sendfile = No > os level = 99 > wide links = No > > # server side cifs configuration > unix extensions = yes > map archive = No > delete readonly = Yes > case sensitive = auto > mangled names = no > > # fix for #56 & #64 > winbind enum users = yes > winbind enum groups = yes > unix password sync = no > > ldap passwd sync = No > add user script = /usr/sbin/smbldap-useradd -m "%u" > ldap delete dn = Yes > #delete user script = /usr/sbin/smbldap-userdel "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > #delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > #delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > > > ############ Misc ############ > > # Using the following line enables you to customise your configuration > # on a per machine basis. The %m gets replaced with the netbios name > # of the machine that is connecting > ; include = /home/samba/etc/smb.conf.%m > > # Most people will find that this option gives better performance. > # See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html > # for details > # You may want to add the following on a Linux system: > # SO_RCVBUF=8192 SO_SNDBUF=8192 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > # The following parameter is useful only if you have the linpopup package > # installed. The samba maintainer and the linpopup maintainer are > # working to ease installation and configuration of linpopup and samba. > ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & > > # Domain Master specifies Samba to be the Domain Master Browser. If this > # machine will be configured as a BDC (a secondary logon server), you > # must set this to 'no'; otherwise, the default behavior is recommended. > domain master = Yes > > # enable hostname lookups, for example when using smbstatus > hostname lookups = Yes > > # Some defaults for winbind (make sure you're not using the ranges > # for something else.) > ; idmap uid = 10000-20000 > ; idmap gid = 10000-20000 > ; template shell = /bin/bash > > # including your own global configuration > include = /etc/samba/smb.conf.global > > #======================= Share Definitions ======================= > > [homes] > comment = Heimatverzeichnis > browseable = no > > # administrator is able to do housekeeping > admin users = administrator > > # By default, the home directories are exported read-only. Change next > # parameter to 'yes' if you want to be able to write to them. > writable = yes > > # File creation mask is set to 0700 for security reasons. If you want to > # create files with group=rw permissions, set next parameter to 0775. > # create mode = 2644 > > # Directory creation mask is set to 0700 for security reasons. If you want > to > # create dirs. with group=rw permissions, set next parameter to 0775. > # directory mode = 2755 > > # linuxmuster settings > path = %H > valid users = %S > root preexec = samba-userlog --log=in --username=%U --hostname=%I > --homedir=%H > root postexec = samba-userlog --log=out --username=%U --hostname=%I > --homedir=%H > veto files = /.locked/.htaccess/ > delete veto files = no > hide files = /$RECYCLE.BIN/desktop.ini/ > > # Un-comment the following and create the netlogon directory for Domain > Logons > # (you need to configure Samba to act as a domain controller too.) > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > guest ok = yes > writable = no > hide unreadable = Yes > force create mode = 664 > write list = @domadmins > force group = domadmins > > #[printers] > # comment = All Printers > # browseable = no > # path = /tmp > # printable = yes > # public = no > # writable = no > # create mode = 0700 > > # Windows clients look for this share name as a source of downloadable > # printer drivers > #[print$] > # comment = Printer Drivers > # path = /var/lib/samba/printers > # browseable = yes > # read only = yes > # guest ok = no > # force group = printoperators > # create mask = 664 > # directory mode = 775 > # Uncomment to allow remote administration of Windows print drivers. > # Replace 'ntadmin' with the name of the group your admin users are > # members of. > # write list = @ntadmin > > [pgm] > comment = Programme > path = /home/samba/progs > writable = no > write list = @domadmins > force group = domadmins > force create mode = 664 > force directory mode = 775 > guest ok = Yes > > [cdrom] > comment = CDs > path = /home/samba/cds > force group = domadmins > force create mode = 664 > force directory mode = 775 > write list = @domadmins > writable = no > guest ok = Yes > > [linbo-repo] > comment = LINBO Images > path = /var/linbo > wide links = yes > write list = administrator,linbo > valid users = administrator,linbo > admin users = administrator,linbo > writable = no > guest ok = no > > # following shares are only used by linux clients > [students] > comment = Schülerverzeichnisse > path = /home/students > writeable = no > write list = administrator,@teachers > valid users = administrator,@teachers > admin users = administrator > browseable = No > guest ok = No > > [shares] > comment = Tauschen > admin users = administrator > path = /home/share > inherit acls = Yes > hide unreadable = Yes > writeable = Yes > guest ok = No > hide files = > /classes/desktop.ini/exams/projects/school/subclasses/teachers/ > force create mode = 2644 > force directory mode = 2755 > > [tasks] > comment = Vorlagen > path = /var/cache/sophomorix/tasks > writeable = no > write list = administrator,@teachers > admin users = administrator > inherit acls = Yes > hide unreadable = Yes > hide files = /classes/desktop.ini/projects/rooms/subclasses/teachers/ > browseable = No > guest ok = No > > [backup] > comment = Backups > path = /media/backup > valid users = administrator > browseable = No > guest ok = No > > # including your own share definitions > include = /etc/samba/smb.conf.shares > > > > --------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > /etc/sophomorix/user/sophomorix.conf > > > # Hey, EMACS: -*- perl -*- > # $Id: sophomorix.conf,v 1.27 2007-02-05 23:27:27 jeffbeck Exp $ > # Dies ist die globale Konfigurationsdatei für die > # Benutzerverwaltung sophomorix > > # Diese Konfigurationsdatei muss in Perl-Syntax angelegt sein > # Wenn sie kein perl können nutzen Sie die auskommentierten > # Beispiele (Kommentarzeichen: #) > > # Es sind für alle Werte sinnvolle Standardeinstellungen vergeben > > > > ############################################################################# > # Beginn > > ############################################################################# > > # Hier bitte anstelle von Schule den Schulnamen eingeben > # Beispiel: > #$schul_name="Berufliches Schulzentrum Leonberg"; > $schul_name="Schulzentrum Neckartenzlingen"; > > > > > # Vor-Filterung > > ############################################################################# > # by default ($filter_script="") schueler.txt is copied from > # /etc/sophomorix/user/schueler.txt > # to > # /var/lib/sophomorix/tmp/schueler.txt.tmp > # > # if you specify a script in the following variable, then INSTEAD of > # copying this script will be run. Use this to modify schueler.txt > # to fit sophomorix > $filter_script=""; > > > # Zulässige Datensätze angeben > > ############################################################################# > # Geben Sie einen Bereich für zulässige Schüler-Geburtsjahre an > # Standard: > $geburts_jahreszahl_start=1950; > $geburts_jahreszahl_stop = 2020; > > # Werden folgende Schülerzahlen pro Klasse erreicht, bzw. überschritten/ > # unterschritten, so erfolgt eine Warnung in report.admin. > # Die Schüler werden jedoch trotzdem angelegt (Nur eine Warnung) > > $mindest_schueler_anzahl_pro_klasse=2; > $maximale_schueler_anzahl_pro_klasse=33; > > > # In Splan gibt es Klassen, die mit einem * beginnen (zukünftige Klassen) > # Sollen diese Sternchenklassen in die Datei report.splan ausgefiltert > werden? > $splan_sternchenklassen_filtern="yes"; > > > # Login-Name-Erzeugung > > ############################################################################# > > # Schüler > # Zeichenanzahl Nachnamen, die zur Login-Namen-Erzeugung verwendet werden > $schueler_login_nachname_zeichen=6; > > # Zeichenanzahl Vornamen, die angehängt werden > $schueler_login_vorname_zeichen=2; > > > # Passwort-Erzeugung > > ############################################################################# > > # Schüler > > # Für Schüler zufällige Passwörter erzeugen (yes), oder "linux"(no): > $schueler_zufall_passwort="yes"; > > # Anzahl der Zeichen für zufällige Passwörter (Schüler) > $zufall_passwort_anzahl_schueler=6; > > # Einloggen der Schüler per ssh ermöglichen > # (yes -> /bin/bash) oder unterbinden (no -> /bin/false) > $schueler_per_ssh="yes"; > > # must a student change the password after first login > $student_samba_pw_must_change = 'no'; > > > # Lehrer > > # Für Lehrer zufällige Passwörter erzeugen (yes), oder "linux"(no): > $lehrer_zufall_passwort="yes"; > > # Anzahl der Zeichen für zufällige Passwörter (Lehrer) > $zufall_passwort_anzahl_lehrer=6; > > > # Einloggen der Lehrer per ssh ermöglichen > # (yes -> /bin/bash) oder unterbinden (no -> /bin/false) > $lehrer_per_ssh="yes"; > > # must a teacher change the password after first login > $teacher_samba_pw_must_change = 'no'; > > > > # Loeschvorgang der User > > ############################################################################# > > # wieviele Tage sollen die User geduldet werden, bevor sie deaktiviert > werden > $lehrer_duldung_tage=60; > $schueler_duldung_tage=15; > > # wieviele Tage sollen die User deaktiviert werden, bevor sie löschbar > werden > $lehrer_deaktivierung_tage=90; > $schueler_deaktivierung_tage=30; > > > # Mail > > ############################################################################# > # WENN Mail aliases erzeugt werden, wie sehen die aus > # Moegliche Angaben: > # 1) vorname.nachname > # 2) vorname_nachname > $mail_aliases="vorname.nachname"; > > # switch all mailquota warnings on(=yes)/off(=no)? > $mailquota_warnings="yes"; > > # when mailquota that is left is less than x percent, sent warning > $mailquota_warn_percentage=5; > > # when mailquota that is left is less than y kb, sent warning > $mailquota_warn_kb=500; > > # send 'mailquota full 100%' if mailquota > $mailquota_warnings_root="yes"; > > > > # Logging > > ############################################################################# > > # Standard Log-Level (wird später per Option (-v, -vv) eingestellt) > > # 1: Minimale Ausgabe > # 2: Mittlere > # 3. Maximale Ausgabe > $log_level=1; > > > # Quota > > ############################################################################# > # Wollen Sie Quota auf ihrem Server nutzen? > # Wenn hier nicht 'yes' steht sind alle folenden Einstellungen egal > $use_quota="yes"; > # Standardmässig werden automatisch die Quotierten Dateisysteme aus > # /etc/mtab in der dortigen Reihenfolge ermittelt und verwendet. > @quota_filesystems =("auto"); > > # Wünschen Sie eine andere Reihenfolge, können sie die Quotierten > Filesysteme > # hier angeben (besser wäre es, die Reihenfolge in /etc/fstab zu > beeinflussen) > # Sie müssen wissen, was Sie tun!! > #@quota_filesystems = ("/dev/hda1", "/dev/hda8", "/dev/sda4"); > > > > > # > # The following is for international users. German users should not modify > this > # > > # Language (this is highly experimental, > # please tell me if you want to use this) > # Supported: de, en > > ############################################################################### > $lang="de"; > > # The name of the teacher group in teacher.txt > $teacher_group_name="lehrer"; > > > ############################################################################### > > > > > > _______________________________________________ > linuxmuster-user mailing list > [email protected] > https://mail.lehrerpost.de/mailman/listinfo/linuxmuster-user > >
_______________________________________________ linuxmuster-user mailing list [email protected] https://mail.lehrerpost.de/mailman/listinfo/linuxmuster-user
