-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This howto contain some error I think, before truy a smbpasswd, Samba must have the information what user must I use to connect to LDAP, this question is answered with the ldap admin dn parameter in smb.conf. If there a user, there a password. For specifye the password, you must you the commande smbpasswd -w xxxx (xxxx = the passwd of the user)
ATTENTION : in your slapd.conf, only admin can write. If you want to use other ldap user, you must modify you slapd.conf Gary Dale a écrit : > I was trying to follow the howto below to get Samba-LDAP working on > my Debian/Sarge server. I'm stuck in section 5.4: > > When I try the "smbpasswd -a root" I get: > semper:/etc/phpldapadmin/templates# smbpasswd -a root > New SMB password: > Retype new SMB password: > ldapsam_modify_entry: Failed to add user dn= > uid=root,ou=Users,dc=rahim-dale,dc=org with: Insufficient access > no write access to parent > ldapsam_add_sam_account: failed to modify/add user with uid = root > (dn = uid=root,ou=Users,dc=rahim-dale,dc=org) > Failed to add entry for user root. > Failed to modify password entry for user root > > > The next two steps are: > smbldap-passwd Administrator -- this works > smbldap-usermod -J Administrator -- this fails > > And after that nothing works. > > I've managed to get phpldapadmin working (finally) but that doesn't > seem to help. I can add accounts, etc., but they don't seem to help. > When I try to get a Windows XP computer to join the domain, I get > "logon failure: unknown user name or bad password". > > I can browse the network from a Windows XP machine as well, but > can't connect to any network shares that have any security on them. > > I've gone through the idealx.org smb-ldap documentation and can't > see anything obvious that I'm doing wrong. Nor have I found anything > in searches that tells me any more than what the immediate error > message says (basically they seem to say it's a rights issue so fix > it without specifying how to do it). > > Please help! > > > > Louis van Belle wrote: > >> Hi everybody, >> I made a pretty complete howto for samba on debian servers. >> >> This howto covers samba + ldap + cups + recycle bin + samba-vscan >> + phpldapadmin + ACL + Extended Attributes. >> >> this howto is also based on the idealx howto >> >> If you do this setup, you should be able to use the NT4 Usermanager, >> setup Point en Print Printing. set rights from explorer etc. >> other nice tools is ldapadmin ( ldapadmin.sf.net ) a must check it >> out. >> >> We will use a Debian Sarge as setup. If you never used Debian >> before, you can follow this how-to >> (http://www.howtoforge.com/perfect_setup_debian_sarge ) , please >> read the comment below the pages first, this can save you time and >> problems or install Debian without any software packaged, we will >> install them later when needed. >> Checking the kernel of compile your own kernel if needed. >> >> I try to give a complete solution for this how-to, this is because >> lots of people where asking the same things on the samba list and >> lots of people make the same mistakes. >> >> This is my company's running setup. >> >> I run this on a P866, 512 Ram, Scsi Raid 1 ( 15rpms 73 Gb ) , with >> 50 users 25 printers which do about 150.000 prints a month. >> >> I thank my company to let me make this document. >> >> >> Please if you have improvements, comments, send them to me. >> >> Louis van Belle >> >> >> >> >> >> INDEX >> Page nr. >> >> 1 Checking the kernel or compile your own kernel 3 >> 1.1 Preparing apt configuration 3 >> 1.2 Preparing the kernel 3 >> 1.3 setup the /etc/fstab 3 >> 1.4 final touch, lilo (or grub) 3 >> 2 Pre-installation of the debian packages 4 >> 2.1 Samba and Ldap 4 >> 2.2 basic rights setup for samba 4 >> 2.3 why this rights setup. 4 >> 3 LDAP Server configuration 5 >> 4 installation/configuration libnss, libpam (-ldap) 7 >> 5 Samba and smbldap-tools Configuration 8 >> 5.1 smbldap-tools installation/configuration 8 >> 5.2 setting up samba base config 8 >> 5.3 Configuring smbldap.conf 9 >> 5.4 set the samba ldap admin password 9 >> 5.5 Samba PRIVILEGES Setup 10 >> 6 CUPS - Printer software 11 >> 6.1 Setup Cups 11 >> 6.2 Setup Cups PDF Printer. - Creating a PDF Printer 11 >> 7 Configuring phpldapadmin 12 >> 7.1 installation of phpldapadmin ( and apache ) 12 >> 8.0 On-Access virus scanning on samba (samba-clamav) 13 >> 8.1 Installing ClamAV 13 >> 8.2 get the sources ( samba & samba-vscan ) 13 >> 9.0 Recycle bin on samba 14 >> 9.1 Recycle bin configuration 14 >> Appendix 1 (complex samba-access.conf ) SETUP WITH DSA USERS 15 >> Appendix 2 APT 16 >> 2.1 APT HOWTO 16 >> 2.2 Files from /etc/apt 17 >> 2.2.1 /etc/apt/apt.conf 17 >> 2.2.2 /etc/apt/preferences 17 >> >> >> >> >> 1 Checking the kernel or compile your own kernel >> 1.1 Preparing apt configuration >> >> for this go check out my apt howto. >> >> if you apt config is setup rights, follow the steps below. >> >> ncurses interface for compiling the kernel apt-get install >> libncurses5-dev >> >> get the kernel source apt-get install kernel-source-2.6.8 >> kernel-package >> >> installer right kernel and activate EXT2/3 + Extended >> attributes and setup CIFS kernel support to in kernel. >> >> 1.2 Preparing the kernel >> apt-get install kernel-source-2.6.8 kernel-package fakeroot >> libc6-dev libncurses5-dev >> >> cd /usr/src tar -jxf kernel-source-2.6.8.tar.bz2 >> ln -s /usr/src/linux /usr/src/kernel-source-2.6.8 >> cp /boot/config-2.6.8-2-* /usr/src/linux/.config >> cd linux >> make menuconfig - File systems - Ext2/3 + extended options >> also File systems - Miscellaneous filesystems - >> CramFS >> and File systems - Network File Systems - CIFS >> support >> + extended Attributes >> now create the kernel and install it. >> >> fakeroot make-kpkg --append-to-kernel=-mykernel --initrd >> kernel_image >> >> This create a file kernel-image-2.6.8.custom.1.0_i386.deb under >> /usr/src >> >> dpkg -i kernel-image-2.6.8.custom.1.0_i386.deb to install the >> kernel >> 1.3 setup the /etc/fstab >> >> /etc/fstab : add the acl and user_xattr to the right partition >> >> /dev/xxx /home ext3 defaults,acl,user_xattr >> >> I use /home/samba for the samba environment. All the needed >> samba directories will be put here. !! This is important ! >> 1.4 final touch, lilo (or grub) >> lilo and reboot , login and do 'uname -a' and you wil see a line >> like this. >> Linux ms249-lin-001 2.6.8-mykernel #1 Wed Jun 1 15:03:47 CEST 2005 >> i686 >> Your server is now ready for samba 3. 2 Pre-installation of the >> debian packages 2.1 Samba and Ldap >> >> apt-get install slapd samba libsasl2-modules sasl2-bin openssl >> db4.2-util ldap-utils samba-doc libxml-parser-perl libauthen-sasl-perl >> >> Configuring slapd set an dns name - internal.yourdomain.tld >> - Give it a name/description - set that admin password for >> the ldap manager ( cn=admin,dc=internal,dc=yourdomain,dc=tld >> - Allow LDAPv2 protocol? yes >> >> Configure samba >> set a domain name DOMAIN >> Use password encryption? Yes Modify smb.conf to use WINS >> settings from DHCP? No How do you want to run Samba? Daemons >> Create samba password database, /var/lib/samba/passdb.tdb? No !!! >> else >> you will end up with lots of users from debian in this password >> file >> and you don't want that. >> >> Setup samba.schema file for ldap >> zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > >> /etc/ldap/schema/samba.schema >> >> In this setup I use /home/samba for the samba environment. >> i use these directories. >> /home/samba skel,data,profiles,netlogon,printers,spool >> /home/users/ username >> >> 2.2 basic rights setup for samba >> >> /home/samba 777 Administrator:Domain >> Admins >> /home/samba/spool 777 Administrator:Domain >> Admins >> /home/samba/printers 775 Administrator:Domain Admins >> /home/samba/profiles 777 Administrator:Domain Admins >> /home/samba/netlogon 775 Administrator:Domain Admins >> /home/samba/data 775 Administrator:Domain >> Admins >> /home/samba/temp 777 Administrator:Domain >> Admins >> /home/samba/tools 755 Administrator:Domain >> Admins >> /home/samba/skel 755 Administrator:Domain >> Admins >> >> >> 2.3 why this rights setup. >> >> 1 Administrator can create in complete samba environment. >> 2 In data directories my users are not allowed to create sub >> dir's, >> I >> create one for the department, and set rights to that department, >> from that point they can create directories. 3 Profiles >> 777, in the samba config is a parameter defined valid users = >> %u @"Domain Administrators" Only the user and administrator >> can access the user profile >> directories. >> create mask and directory mask make sure rights are set primary to >> the user. >> 3 LDAP Server configuration >> >> Configure slapd.conf, but first stop the slapd server ( >> /etc/init.d/slapd stop ) >> >> Create ldap certificates for ssl support >> mkdir /etc/ldap/tls >> >> ## self signed certificate >> openssl req -newkey rsa:1024 -x509 -nodes -out ldap-server.pem - >> keyout >> ldap-server.pem -days 3650 ( where Common Name = >> ldap.yourdomain.tld ) >> >> edit /etc/ldap/slapd.conf >> put these below the other line, the order of schema files must be >> >> correct. >> insert the line "include /etc/ldap/schema/samba.schema" >> >> add these line before the database definition >> TLSCACertificateFile /etc/ldap/ssl/ldap-server.pem >> TLSCertificateFile /etc/ldap/ssl/ldap-server.pem >> TLSCertificateKeyFile /etc/ldap/ssl/ldap-server.pem >> >> Now its time for the ldap database configuration for samba >> >> example of the /etc/slapd.conf ( database 1 configuration ) >> ####################################################################### >> >> # Specific Directives for database #1, of type bdb: >> # Database specific directives apply to this databasse until another >> # 'database' directive occurs >> database bdb >> >> # The base of your directory in database #1 >> suffix "dc=internal,dc=yourdomain,dc=tld" >> >> rootdn "cn=admin,dc=rotterdam,dc=bazuin,dc=nl" >> rootpw {MD5}fsadsdafasfaewfw >> ## create the rootpw ## echo rootpw `slappasswd -h {Md5}` >> >> /etc/ldap/slapd.conf >> >> # Where the database file are physically stored for database #1 >> directory "/var/lib/ldap" >> >> # Indexing options for database #1 >> ### !!!!! Always run slapindex(8) after changing indices!!!!!! >> ### and first STOP the LDAP SERVER ( /etc/init.d/slapd stop ) >> index objectClass,uidNumber,gidNumber eq >> index cn,sn,uid,displayName pres,eq,sub >> index memberUid,mail,givenname eq,subinitial >> index sambaSID,sambaPrimaryGroupSID,sambaDomainName, eq >> ## default index >> index default eq >> >> # Save the time that the entry gets modified, for database #1 >> lastmod on >> >> # Where to store the replica logs for database #1 >> replogfile /var/lib/ldap/replog >> # The userPassword by default can be changed >> # by the entry owning it if they are authenticated. >> # Others should not be able to see it, except the >> # admin entry below >> # These access lines apply to database #1 only >> access to attrs=userPassword >> by dn="cn=admin,dc=internal,dc=yourdomain,dc=tld" write >> by anonymous auth >> by self write >> by * none >> >> >> # Ensure read access to the base for things like >> # supportedSASLMechanisms. Without this you may >> # have problems with SASL not knowing what >> # mechanisms are available and the like. >> # Note that this is covered by the 'access to *' >> # ACL below too but if you change that as people >> # are wont to do you'll still need this if you >> # want SASL (and possible other things) to work >> # happily. >> access to dn.base="" by * read >> >> # The admin dn has full write access, everyone else >> # can read everything. >> access to * >> by dn="cn=admin,dc=internal,dc=yourdomain,dc=tld" write >> by * read >> >> # samba access list >> include /etc/ldap/samba-access.conf >> >> Example of the /etc/samba-access.conf ( database 1 configuration ) >> ### OLD Samba no DSA users used >> access to >> attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdM >> >> ustChange >> by dn="cn=admin,dc=internal,dc=yourdomain,dc=tld" write >> by anonymous auth >> by self write >> by * none >> >> access to attrs=loginShell >> by dn="cn=admin,dc=internal,dc=yourdomain,dc=tld" write >> by * none >> >> access to >> attrs=description,telephoneNumber,roomNumber,homePhone,gecos,cn,sn,givenname >> >> by dn="cn=admin,dc=internal,dc=yourdomain,dc=tld" write >> by self write >> by * read >> >> >> See appendix 1 if you want a more secure ldap database. >> !! this setup does not help you to setting this up. !! >> >> run slapindex >> and start the slapd server >> /etc/init.d/slapd start >> 4 installation/configuration libnss, libpam (-ldap) >> >> apt-get install libnss-ldap libpam-ldap >> >> Configuring libnss-ldap >> define the host >> 127.0.0.1 >> distinguished name of the search base >> dc=internal,dc=yourdomain,dc=tld >> >> LDAP version to use >> 3 >> database requires login >> No >> Make configuration readable/writeable by owner only >> No >> >> Configuring libpam-ldap >> Make local root Database admin. >> Yes >> Database requires logging in. >> No >> Root login account >> cn=admin,dc=internal,dc=yourdomain,dc=tld >> set your password >> ( same as above for admin ) >> >> Local crypt to use when changing passwords >> exop >> >> Configure nsswitch >> # /etc/nsswitch.conf >> # >> # Example configuration of GNU Name Service Switch functionality. >> # If you have the `glibc-doc' and `info' packages installed, try: >> # `info libc "Name Service Switch"' for information about this file. >> >> passwd: compat ldap >> group: compat ldap >> shadow: compat ldap >> >> hosts: files dns >> networks: files >> >> protocols: db files >> services: db files >> ethers: db files >> rpc: db files >> >> netgroup: nis >> >> >> Now test the server ldapsearch -x -D >> "cn=admin,dc=internal,dc=yourdomain,dc=tld" -W >> (enter the password) >> if you see result: 0 Success >> >> for now this is ok. >> 5 Samba and smbldap-tools Configuration >> >> 5.1 smbldap-tools installation/configuration >> >> apt-get install smbldap-tools >> >> copy the default config from the example directorie. >> cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf >> /etc/smbldap-tools/ >> >> cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz >> /etc/smbldap-tools/ >> cd /etc/smbldap-tools >> gunzip smbldap.conf.gz >> >> first the easy part. >> >> in /etc/smbldap-tools/smbldap_bind.conf >> change this to admin >> slaveDN="cn=admin,dc=internal,dc=yourdomain,dc=tld" >> slavePw="Yourpassword" >> masterDN="cn=admin,dc=internal,dc=yourdomain,dc=tld" >> masterPw="Yourpassword" >> >> 5.2 setting up samba base config >> >> start with the default config >> cd /etc/samba >> cp /usr/share/doc/smbldap-tools/examples/smb.conf.gz /etc/samba >> gunzip smb.conf.gz >> >> change the config to your needs >> some tips using samba on a firewalled system >> use the following setting, here eth0 is the internal side >> >> interfaces = eth0 lo >> bind interfaces only = yes >> >> change the binary location from /opt/.. to /usr/sbin/smbldap-.... >> the smbldap-tools are installed by debian in /usr/sbin >> >> also in this setup /home/. must be changed to /home/samba/. This >> will save you a lot of troubles with rights. >> >> >> 5.3 Configuring smbldap.conf >> >> first we need to get some samba info >> >> net getlocalsid >> >> SID for domain SERVERNAME is: >> S-1-5-21-2074673303-3377769770-2933042573 >> change the SID in smbldap.conf in the your sid. >> >> >> change the suffix to your suffix (dc=internal,dc=yourdomain,dc=tld) >> change the hash_encryption to MD5 >> change userLoginShell="bin/nologin" >> and you nologin, because im Configuring ldap for samba only. >> set the home directory ( in my case /home/users/%U ) >> set the other to your needs. >> >> >> 5.4 set the samba ldap admin password >> >> smbpasswd -w ldapadmin_password Setting stored password for >> "cn=admin,dc=internal,dc=yourdomain,dc=tld" in >> secrets.tdb >> >> now we go fill the ldap database with the base setup. >> >> smbldap-populate -a Administrator -b nobody -u 2000 -g 2000 >> >> users are created with uid => 2000 groups are created >> with gid => 2000 >> >> >> !!!! DO NOT RUN THIS IF YOU ALREADY CREATED USERS. YOUR UID/GID's >> WILL GET >> MESSED UPPED. >> >> smbpasswd -a root >> because root is needed for setting up the Privileges. >> >> Now set the Administrator password and enable this user >> smbldap-passwd Administrator >> smbldap-usermod -J Administrator >> >> >> 5.5 Samba PRIVILEGES Setup >> >> First check you rights and get to know the commands. >> >> net rpc rights list accounts list users >> net rpc rights list list defined rights. >> >> to get what for rights are defined and users/groups >> >> IF you use a PDC/BDC setup these commands must be done on both >> servers!! >> >> test these commands: >> >> net rpc group >> (output) >> Domain Admins >> Domain Users >> Domain Guests >> Domain Computers >> >> or >> ( see next page ) >> >> slapcat | grep Group | grep dn >> >> (output) >> dn: ou=Groups,dc=internal,dc=yourdomain,dc=tld >> dn: cn=Domain Admins,ou=Groups,dc=internal,dc=yourdomain,dc=tld >> dn: cn=Domain Users,ou=Groups,dc=internal,dc=yourdomain,dc=tld >> dn: cn=Domain Guests,ou=Groups,dc=internal,dc=yourdomain,dc=tld >> dn: cn=Domain Computers,ou=Groups,dc=internal,dc=yourdomain,dc=tld >> dn: cn=Administrators,ou=Groups,dc=internal,dc=yourdomain,dc=tld >> dn: cn=Print Operators,ou=Groups,dc=internal,dc=yourdomain,dc=tld >> dn: cn=Backup Operators,ou=Groups,dc=internal,dc=yourdomain,dc=tld >> dn: cn=Replicators,ou=Groups,dc=internal,dc=yourdomain,dc=tld >> >> >> these are the privileges on samba 3.0.14a ( debian ) >> Privilege Description >> SeMachineAccountPrivilege Add machines to domain >> SePrintOperatorPrivilege Manage printers >> SeAddUsersPrivilege Add users and groups to the domain >> SeRemoteShutdownPrivilege Force shutdown from a remote system >> SeDiskOperatorPrivilege Manage disk share >> >> >> give the "Domain Admins" all of the SE Rights. >> ( -S Servernaam -U Username%Password ) >> >> net -S PDC -U root%Password rpc rights grant "DOMAIN\Domain Admins" \ >> SeMachineAccountPrivilege SePrintOperatorPrivilege >> SeAddUsersPrivilege \ SeDiskOperatorPrivilege >> SeRemoteShutdownPrivilege >> >> >> Give the "Printer Operators" all Print manage rights. ( -S >> Servernaam -U Username%Password ) >> >> net -S PDC -U root%Password rpc rights grant "DOMAIN\Print Operators" >> SePrintOperatorPrivilege >> 6 CUPS - Printer software >> >> apt-cache search cups to get the info which packages are available >> >> I installed these packages. >> apt-get install cups-pdf cupsys cupsys-bsd cupsys-pt cupsys-client \ >> foomatic-bin foomatic-filters cupsys-driver-gimpprint gs-esp ( and >> dependencies ) >> Configuring cupsys-bsd >> Do you want to set up the BSD lpd compatibility server? Yes >> all others leave default. >> >> 6.1 Setup Cups /etc/cups/cups.conf >> >> here locate the lines Allow From 127.0.0.1 >> and change it to your network so you can login on the cups web >> interface. >> for example: Allow from 192.168.( this way I can manage it >> from 2 departments. ) >> (192.168.1.x and 168.192.2.x ) >> >> now you can logon on http://serverip:631/ make it safer to >> manage by adding a user to lpadmin group >> and this user can create printer queues >> >> I create printers with the following options. >> socket://printerIPnumber:9100 ( for hp jetdirect ), Raw, >> Raw_queue >> >> I only use cups as spooler for windows pc's and *nix servers. >> >> First we are going to create 1 printer device and this is the CUPS >> PDF Printer. >> >> >> 6.2 Setup Cups PDF Printer. - Creating a PDF Printer >> >> With this printer you can create PDF files bij just printing to >> it. >> >> - logon the web interface and choose add printer. >> Name:pdf_printer >> Location: %homedir%\cups-pdf >> Description: pdf created in homedir\cups-pdf >> Continue >> - Device: Virtual Printer(PDF printer) choose it, its below, >> Continue >> - Choose the model/Driver for PDF_printer, Postscript, >> Continue >> >> klik on manage printers to see what you have created. >> klik on Print Test Page to test the pdf printer. >> a file is put in the cups-pdf directory of the user you logged on >> with. >> >> >> >> >> >> 7 Configuring phpldapadmin >> >> 7.1 installation of phpldapadmin ( and apache ) >> >> get the packages >> apt-get install phpldapadmin php4 apache >> >> What is your LDAP server host address? 127.0.0.1 ( you the >> ip/hostname where the ldapserver is ) >> ldaps protocol instead of ldap? No >> >> What is the distinguished name of the search base? >> dc=internal,dc=youdomain,dc=tld >> >> Which type of authentication you want to use? session >> What is the login dn for the LDAP server? >> cn=admin,dc=internal,dc=yourdomain,dc=tld >> >> Which web server would you like to reconfigure automatically? >> select all and press OK. >> >> restart webservers now: Yes >> >> 8.0 On-Access virus scanning on samba (samba-clamav) 8.1 Installing >> ClamAV >> >> apt-get install clamav arj unzoo lha clamav-freshclam >> clamav-daemon Configuring clamav-freshclam : Daemon >> Choose a close mirror >> Should clamd be notified after updates? Yes >> 8.2 get the sources ( samba & samba-vscan ) >> >> mkdir /usr/src/sources >> cd /usr/src/sources >> >> apt-get install dpkg-dev >> apt-get source samba >> apt-get build-dep samba >> >> cd samba-3.0-14a >> vi source/include/version.h >> >> here remove the a from the 14 ( 3.0.14a => 3.0.14 ) >> >> ./debian/rules configure-stamp >> cd source >> ./make proto >> cd ../.. >> >> wget >> http://switch.dl.sourceforge.net/sourceforge/openantivirus/samba-vscan-0.3.6 >> >> b.tar.bz2 >> >> tar xjvf samba-vscan-0.3.6b.tar.bz2 >> >> cd samba-vscan-0.3.6b >> ./configure >> --with-samba-source=/usr/src/sources/samba-3.0.14a/source make >> && make install >> >> cp clamav/vscan-clamav.conf /etc/samba/samba-vscan-clamav.conf >> change in the samba-vscan-clamav.conf >> clamd socket name = /var/run/clamav/clamd.ctl >> infected spins action = quarantine ( or delete , which I choose.) >> >> When I put that lines in my smb.conf file, I can't access the >> share >> : >> vfs object = vscan-clamav >> vscan-clamav: config-file = /etc/samba/samba-vscan-clamav.conf >> >> An example: >> [public] >> comment = Public Directory >> path = /home/public >> vfs object = vscan-clamav >> vscan-clamav: config-file = /etc/samba/samba-vscan-clamav.conf >> >> !!! BEWARE !!!! if samba upgrade to a higer version you MUST >> recompile >> your samba-vscan. set samba to hold for no upgrade. >> >> echo packagename hold | dpkg --set-selections set to hold >> echo packagename install | dpkg --set-selections set to install >> 9.0 Recycle bin on samba >> 9.1 Recycle bin configuration >> >> configure samba for using the recycle bin. >> I made my manager happy with this. >> >> create a file in /etc/samba >> and fill it with the options below. >> >> /etc/samba/samba-recycle.conf >> >> name = .recycle >> mode = KEEP_DIRECTORIES|VERSIONS|TOUCH >> maxsize = 0 >> exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp >> excludedir = /tmp|/temp|/cache >> noversions = *.doc|*.xls|*.ppt >> >> add this to you share, same as vscan. >> >> vfs object = recycle >> recycle: config-files = /etc/samba/samba-recycle.conf >> >> create a recycle bin directorie and hide it for the users. >> >> I created .recycle this way ( because of the dot) users don't see >> this >> IF.. you don't set you explorer to view hidden files. >> >> restart samba and your done. >> >> You are ready to use your samba server. >> >> >> Appendix 1 (complex samba-access.conf ) SETUP WITH DSA USERS >> see http://www.idealx.org/prj/samba/smbldap-howto.en.html >> #### users can authenticate and change their password >> #access to >> attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdM >> >> ustChange >> # by dn="cn=samba,ou=DSA,dc=internal,dc=yourdomain,dc=tld" write >> # by >> dn="cn=smbldap-tools,ou=DSA,dc=internal,dc=yourdomain,dc=tld" >> write >> # by dn="cn=nssldap,ou=DSA,dc=internal,dc=yourdomain,dc=tld" >> write >> # by self write >> # by anonymous auth >> # by * none >> # some attributes need to be readable anonymously so that 'id user' >> can >> answer correctly >> ##access to >> attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid >> >> # by dn="cn=samba,ou=DSA,dc=internal,dc=yourdomain,dc=tld" write >> # by >> dn="cn=smbldap-tools,ou=DSA,dc=internal,dc=yourdomain,dc=tld" >> write >> # by * read >> # somme attributes can be writable by users themselves >> ##access to >> attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,s >> >> n,givenname >> # by dn="cn=samba,ou=DSA,dc=internal,dc=yourdomain,dc=tld" write >> # by >> dn="cn=smbldap-tools,ou=DSA,dc=internal,dc=yourdomain,dc=tld" >> write >> # by self write >> # by * read >> ## some attributes need to be writable for samba >> #access to >> attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,samb >> >> aLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctF >> >> lags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfileP >> >> ath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,s >> >> ambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHisto >> >> ry,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,samb >> >> aNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaSha >> >> reName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption, >> >> sambaStringListoption,sambaPrivilegeList >> # by dn="cn=samba,ou=DSA,dc=internal,dc=yourdomain,dc=tld" write >> # by >> dn="cn=smbldap-tools,ou=DSA,dc=internal,dc=yourdomain,dc=tld" >> write >> # by self read >> # by * none >> ## samba need to be able to create the samba domain account >> #access to dn.base="dc=internal,dc=yourdomain,dc=tld" >> # by dn="cn=samba,ou=DSA,dc=internal,dc=yourdomain,dc=tld" write >> # by >> dn="cn=smbldap-tools,ou=DSA,dc=internal,dc=yourdomain,dc=tld" >> write >> # by * none >> ## samba need to be able to create new users account >> #access to dn="ou=Users,dc=internal,dc=yourdomain,dc=tld" >> # by dn="cn=samba,ou=DSA,dc=internal,dc=yourdomain,dc=tld" write >> # by >> dn="cn=smbldap-tools,ou=DSA,dc=internal,dc=yourdomain,dc=tld" >> write >> # by * none >> ## samba need to be able to create new groups account >> #access to dn="ou=Groups,dc=internal,dc=yourdomain,dc=tld" >> # by dn="cn=samba,ou=DSA,dc=internal,dc=yourdomain,dc=tld" write >> # by >> dn="cn=smbldap-tools,ou=DSA,dc=internal,dc=yourdomain,dc=tld" >> write >> # by * none >> ## samba need to be able to create new computers account >> #access to dn="ou=Computers,dc=internal,dc=yourdomain,dc=tld" >> # by dn="cn=samba,ou=DSA,dc=internal,dc=yourdomain,dc=tld" write >> # by >> dn="cn=smbldap-tools,ou=DSA,dc=internal,dc=yourdomain,dc=tld" >> write >> # by * none >> # >> ## this can be omitted but we leave it: there could be other branch >> ## in the directory >> #access to * >> # by self read >> # by * none >> >> >> Appendix 2 APT >> >> 2.1 APT HOWTO >> >> Preparing apt for online packages. >> After installing from CD or DVD adjust your apt config. >> >> This setup makes sure your are using stable packages, that you are >> using >> Debian Sarge. >> >> In the apt.conf we defined the default release of debian this case >> stable ( >> Sarge 3.1r0). >> The Show-Upgrade "true" is used for showing us the packages which >> are going >> to be installed, I like to see what I'm installing. >> The sources.list if you used a CD/DVD for installing you can leave >> this >> line in the sources.list. This can save you bandwidth. My server is >> on a >> remote location and I don't use the cd anymore. I added the clamav >> as stable because I want a new clamav for virus scanning >> more info : http://www.clamav.net/binary.html >> The testing and unstable sources are also unmarked, that if you >> really need >> a newer version of a program then you can try to create it from debian >> source. >> >> You can get the source install programs and search by using the >> following >> commands: >> apt-get install package = get & install package apt-get >> remove package = remove package >> apt-get remove --purge package = remove and purge all files >> of package >> dpkg --purge package = purge all files of package >> >> apt-cache search package = search for package or part of >> package name apt-cache show package = get info over >> package >> dpkg-reconfigure -plow package = reconfigure with priority low >> ( most >> options ) >> >> for this first cd /usr/src. >> apt-get source package = get source files of packaged >> >> >> >> >> >> >> >> >> >> >> >> >> 2.2 Files from /etc/apt >> 2.2.1 /etc/apt/apt.conf >> >> APT::Default-Release "stable"; >> APT::Get::Show-Upgraded "true"; >> // 16 MB Limit >> APT::Cache-limit 16777216; >> // if you have /tmp with no mounted with noexec, you need this. >> #DPkg::Pre-Install-Pkgs {"mount -o remount,exec /tmp";}; >> #DPkg::Post-Invoke {"mount -o remount /tmp";}; >> >> >> >> 2.2.2 /etc/apt/preferences >> >> Package: * >> Pin: release a=stable >> Pin-Priority: 990 >> >> Package: * >> Pin: release a=testing >> Pin-Priority: 500 >> >> Package: * >> Pin: release a=unstable >> Pin-Priority: 50 >> >> Package: * >> Pin: release a=sarge,l=debian-volatile >> Pin-Priority: 990 >> >> >> >> >> >> >> >> >> >> >> >> >> >> 2.2.3 /etc/apt/sources.list >> >> # See sources.list(5) for more information, especialy >> # Remember that you can only use http, ftp or file URIs >> # CDROMs are managed through the apt-cdrom tool. >> #----------------------------------------------------------------- >> # We definect the PIN which sets the prioratie of packages selects >> # see also the apt-howto >> # http://www.debian.org/doc/manuals/apt-howto/index.en.html >> # and a nice howto for apt-pinning for beginners. >> # http://jaqque.sbih.org/kplug/apt-pinning.html >> #----------------------------------------------------------------- >> #----------------------------------------------------------------- >> # Stable PIN 990 PRODUCTION TREE >> deb ftp://ftp.nl.debian.org/debian stable main contrib non-free >> deb-src ftp://ftp.nl.debian.org/debian stable main contrib non-free >> deb http://http.us.debian.org/debian stable main contrib non-free >> # Stable Security updates deb http://security.debian.org/ >> stable/updates main contrib non-free >> deb-src http://security.debian.org/ stable/updates main contrib >> non-free >> #------------------------------------------------------------------ >> ## Debian VOLATILE , used for clamav PINNED 990 >> deb http://ftp.nl.debian.org/debian-volatile sarge/volatile main >> #----------------------------------------------------------------- >> #----------------------------------------------------------------- >> # WARNING USE BELOW AT OWN RISK >> # Testing ( PIN 500 ) >> #deb ftp://ftp.nl.debian.org/debian testing main contrib non-free >> #deb-src ftp://ftp.nl.debian.org/debian testing main contrib non-free >> #deb http://http.us.debian.org/debian testing main contrib non-free >> # Testing Security updates #deb http://security.debian.org/ >> testing/updates main contrib non-free >> #deb-src http://security.debian.org/ testing/updates main contrib >> non-free >> #----------------------------------------------------------------- >> #----------------------------------------------------------------- >> # WARNING USE BELOW AT OWN RISK >> # Unstable ( PIN 050 ) >> #deb ftp://ftp.nl.debian.org/debian unstable main contrib non-free >> #deb-src http://ftp.nl.debian.org/debian unstable main contrib >> non-free >> #deb http://http.us.debian.org/debian unstable main contrib non-free >> # unstable Security updates #deb http://security.debian.org/ >> unstable/updates main contrib non-free >> #deb-src http://security.debian.org/ unstable/updates main contrib >> non-free >> #----------------------------------------------------------------- >> #----------------------------------------------------------------- >> #### BACKPORTS to STABLE ( Debian Sarge 3.1r0 ) >> ## Laatest Samba from samba.org #deb >> http://us4.samba.org/samba/ftp/Binary_Packages/Debian sarge samba >> #deb-src http://us2.samba.org/samba/ftp/Binary_Packages/Debian >> sarge samba >> >> #------------------------------------------------------------------ >> ## MPEG/AVI addons +W32CODECS With MPlayer >> #deb ftp://ftp.nerim.net/debian-marillat/ sarge main >> #------------------------------------------------------------------ >> ## www.dotdeb.org, updated php4/php5 mysql-41 mysql-50 qmail clamav >> etc etc. >> ## check the site for the packages list. if you want only 1 package ( >> preferred ) >> ## change the line to #deb http://packages.dotdeb.org stable php5 for >> example >> #deb http://packages.dotdeb.org stable all >> #deb-src http://packages.dotdeb.org stable all >> #------------------------------------------------------------------ >> ## BootSplash ( does not work on every kernel ) www.bootsplash.de >> ## http://www.planamente.ch/emidio/pages/linux_howto_bootsplash.php >> deb http://debian.bootsplash.de unstable main >> deb-src http://debian.bootsplash.de unstable main >> >> >> >> > > > - -- Stéphane Purnelle <[EMAIL PROTECTED]> Site Web : http://www.linuxplusvalue.be -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEKDlX8tswkE3d0ecRAukhAJ93OqfKJk5VaRZNY14d2zONjSeL+QCeJ/6k RUpByMjbKbCB8pCthXbTkaY= =yaJ6 -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba