+++ /dev/null
-# $Source: /data/src/mirror/cvs/samba/examples/LDAP/smbldap-tools/Attic/INFRA,v $
-#
-## Some notes about the architecture
-
-
-Global Architecture for smbdlap-tools
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-
-smbldap-tools help you manage users and groups for Unix and Samba,
-using LDAP. They may be used in any context, and are kept relatively
-simplier enought to let you customize them to you needs.
-
-They need the following objectClasses to work:
- . sambaAccount: from samba.schema for Samba 2.2 branch
- . posixAccount and posixGroup : from nis.schema
- . organizationalUnit and dcObject: from core.schema
-
-They will probably use in a near future some additional objectClasses
-to support :
- . mail features (sendmail/postfix/qmail/courier).
- . conform to RFC2307 best practices (and so some maps too like merging
- Netbios computers (sambaAccounts) with ipHosts
-
-For ease of visualization of the LDAP objects by human standards, we
-used a DIT like this one :
- . dc=IDEALX,dc=org : the company/organization suffix
- . ou=Users : to store users accounts
- . ou=Computers : to store computers accounts
- . ou=Groups : to store system groups
-Of course, you're free to use a different naming scheme and DIT (see
-smbldap_conf.pm).
-
-
-Built in groups initial population
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-
-smbldap-populate.pl populate the LDAP directory with some built in groups
-using gidNumber according to Well Know RID of Windows NT4 Srv. In fact, As
-far a Samba 2.2.x is concerned, only the 'Domain Admins' (gidNumber 512) have
-real inpact on the Samba and Windows population. To activate this group as
-the Domain Administrators Group, use the following smb.conf directive (see
-man smb.conf for more):
-
- domain admin group = " @"Domain Admins" "
-
-However, to make pdb_ldap accept bind without being uid=0, a quick and
-dirty patch must be applied to 2.2.4 (see samba-2.2.4-ldapbindnotuid0.patch).
-This patch is Q&D because the check is there because Samba store admin
-credentials to establish the LDAP connection. The uid == 0 check was to
-ensure that a normal user could not get write access to the LDAP backend.
-A more logical situation should be done for 2.2.5 by checking if the user
-is a member of the domain admin group (reported to Jerremy and Gerald
-2002-05-28).
-
-Other built in groups are really cosmetic ones with Samba 2.2.x. We did not
-removed them because one of these days, we whish to use Samba 3.0 where
-Windows Group Support should be operational.
-
-Why these specific gidNumbers ?
-It's about unix/windows mapping of numerical ids with Samba. Ids below 1024
-are NT special ids. In fact, 512 is the RID (Windows uid/gid) for the
-"Domain Administrators" NT group. The magic number is found in Samba sources
-and possibly other Samba/Windows documentations.
-
-The goal is to have a set of Unix users who are Domain Administrators and can
-modify Samba datas (eg. LDAP content), with commandline tools or within
-Windows via Samba.
-
-Say you want to add a NT4 ws to an NT domain (controlled by a samba/ldap
-server). You give the domain administrator's login and password in the
-appropriate ws settings, then the ws contacts the samba server, which checks
-the credentials and use them as unix user to run the smbldap-tools (if I
-remember). Giving 512 as a RID to a LDAP entry marks it as a domain admin
-for Samba (thus Windows). Using nss_ldap, you also have an account with
-gid 512.
-
-
-Known BUGS and WORKAROUND used
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-
-The 2.2.2 has at least a bug : rid/primaryGroupID are read as hex in LDAP,
-but written as decimal. Fixed in CVS by reading as decimal. By default
-smbldap-useradd.pl writes decimal to LDAP. Use -x to support the odd
-behaviour.
-
-The samba-2.2.4-ldapbindnotuid0.patch is not a perfect solution however
-as the check is there because Samba store admin credentials to establish the
-LDAP connection. The uid == 0 check was to ensure that a normal user could
-not get write access to the LDAP backend. A more logical situation should be
-done for 2.2.5 by checking if the user is a member of the domain admin group
-(reported to Jerremy and Gerald 2002-05-28).
-
-# - The End
+# $Source: /data/src/mirror/cvs/samba/examples/LDAP/smbldap-tools/INFRASTRUCTURE,v $
+#
## Some notes about the architecture
domain admin group = " @"Domain Admins" "
+However, to make pdb_ldap accept bind without being uid=0, a quick and
+dirty patch must be applied to 2.2.4 (see samba-2.2.4-ldapbindnotuid0.patch).
+This patch is Q&D because the check is there because Samba store admin
+credentials to establish the LDAP connection. The uid == 0 check was to
+ensure that a normal user could not get write access to the LDAP backend.
+A more logical situation should be done for 2.2.5 by checking if the user
+is a member of the domain admin group (reported to Jerremy and Gerald
+2002-05-28).
+
Other built in groups are really cosmetic ones with Samba 2.2.x. We did not
removed them because one of these days, we whish to use Samba 3.0 where
Windows Group Support should be operational.
PACKAGE=smbldap-tools
-RELEASE=0.7
+RELEASE=0.8.2-1
DESTDIR = $(PACKAGE)-$(RELEASE)
dist: distclean $(DESTDIR).tgz
#!/usr/bin/perl -w
-# $Id: smbldap-groupadd.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
#!/usr/bin/perl -w
-# $Id: smbldap-groupdel.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
#!/usr/bin/perl -w
-# $Id: smbldap-groupmod.pl,v 1.1.8.5 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
#!/usr/bin/perl -w
-# $Id: smbldap-groupshow.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
#!/usr/bin/perl -w
-# $Id: smbldap-migrate-accounts.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
#!/usr/bin/perl
-# $Id: smbldap-migrate-groups.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
#!/usr/bin/perl -w
# LDAP to unix password sync script for samba
-# $Id: smbldap-passwd.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
# Populate a LDAP base for Samba-LDAP usage
#
-# $Id: smbldap-populate.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#!/usr/bin/perl -w
-# $Id: smbldap-useradd.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
#!/usr/bin/perl
-# $Id: smbldap-userdel.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
#!/usr/bin/perl -w
-# $Id: smbldap-usermod.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
#!/usr/bin/perl -w
-# $Id: smbldap-usershow.pl,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
use strict;
package smbldap_conf;
-# $Dource: $
-# $Id: smbldap_conf.pm,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools
# This code was developped by IDEALX (http://IDEALX.org/) and
use smbldap_conf;
use Net::LDAP;
-# $Id: smbldap_tools.pm,v 1.1.8.3 2003/12/04 22:02:05 jerry Exp $
-#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
AC_SUBST(SONAMEFLAG)
AC_SUBST(SHLD)
AC_SUBST(HOST_OS)
-AC_SUBST(PICFLAG)
+AC_SUBST(PICFLAGS)
AC_SUBST(PICSUFFIX)
AC_SUBST(POBAD_CC)
AC_SUBST(SHLIBEXT)
LDSHFLAGS="-shared"
SONAMEFLAG="#"
SHLD="\${CC}"
-PICFLAG=""
+PICFLAGS=""
PICSUFFIX="po"
POBAD_CC="#"
SHLIBEXT="so"
BLDSHARED="true"
LDSHFLAGS="-shared"
DYNEXP="-Wl,--export-dynamic"
- PICFLAG="-fPIC"
+ PICFLAGS="-fPIC"
SONAMEFLAG="-Wl,-soname="
;;
*solaris*)
LDSHFLAGS="-G"
SONAMEFLAG="-h "
if test "${GCC}" = "yes"; then
- PICFLAG="-fPIC"
+ PICFLAGS="-fPIC"
if test "${ac_cv_prog_gnu_ld}" = "yes"; then
DYNEXP="-Wl,-E"
fi
else
- PICFLAG="-KPIC"
+ PICFLAGS="-KPIC"
## ${CFLAGS} added for building 64-bit shared
## libs using Sun's Compiler
LDSHFLAGS="-G \${CFLAGS}"
BLDSHARED="true"
LDSHFLAGS="-G"
SONAMEFLAG="-Wl,-h,"
- PICFLAG="-KPIC" # Is this correct for SunOS
+ PICFLAGS="-KPIC" # Is this correct for SunOS
;;
*netbsd* | *freebsd*) BLDSHARED="true"
LDSHFLAGS="-shared"
DYNEXP="-Wl,--export-dynamic"
SONAMEFLAG="-Wl,-soname,"
- PICFLAG="-fPIC -DPIC"
+ PICFLAGS="-fPIC -DPIC"
;;
*openbsd*) BLDSHARED="true"
LDSHFLAGS="-shared"
DYNEXP="-Wl,-Bdynamic"
SONAMEFLAG="-Wl,-soname,"
- PICFLAG="-fPIC"
+ PICFLAGS="-fPIC"
;;
*irix*)
case "$host_os" in
SONAMEFLAG="-soname "
SHLD="\${LD}"
if test "${GCC}" = "yes"; then
- PICFLAG="-fPIC"
+ PICFLAGS="-fPIC"
else
- PICFLAG="-KPIC"
+ PICFLAGS="-KPIC"
fi
;;
*aix*)
BLDSHARED="true"
LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry,-berok"
DYNEXP="-Wl,-brtl,-bexpall"
- PICFLAG="-O2"
+ PICFLAGS="-O2"
if test "${GCC}" != "yes"; then
## for funky AIX compiler using strncpy()
CFLAGS="$CFLAGS -D_LINUX_SOURCE_COMPAT -qmaxmem=32000"
SHLD="/usr/bin/ld"
LDSHFLAGS="-B symbolic -b -z"
SONAMEFLAG="+h "
- PICFLAG="+z"
+ PICFLAGS="+z"
fi
DYNEXP="-Wl,-E"
;;
BLDSHARED="true"
LDSHFLAGS="-shared"
SONAMEFLAG="-Wl,-soname,"
- PICFLAG="-fPIC"
+ PICFLAGS="-fPIC"
;;
*sco*)
;;
BLDSHARED="true"
LDSHFLAGS="-shared"
SONAMEFLAG="-Wl,-soname,"
- PICFLAG="-KPIC"
+ PICFLAGS="-KPIC"
;;
*next2*)
;;
ac_cv_shlib_works=no
# try building a trivial shared library
if test "$PICSUFFIX" = "po"; then
- $CC $CPPFLAGS $CFLAGS $PICFLAG -c -o shlib.po ${srcdir-.}/tests/shlib.c &&
+ $CC $CPPFLAGS $CFLAGS $PICFLAGS -c -o shlib.po ${srcdir-.}/tests/shlib.c &&
$CC $CPPFLAGS $CFLAGS `eval echo $LDSHFLAGS` -o "shlib.$SHLIBEXT" shlib.po &&
ac_cv_shlib_works=yes
else
- $CC $CPPFLAGS $CFLAGS $PICFLAG -c -o shlib.$PICSUFFIX ${srcdir-.}/tests/shlib.c &&
+ $CC $CPPFLAGS $CFLAGS $PICFLAGS -c -o shlib.$PICSUFFIX ${srcdir-.}/tests/shlib.c &&
mv shlib.$PICSUFFIX shlib.po &&
$CC $CPPFLAGS $CFLAGS `eval echo $LDSHFLAGS` -o "shlib.$SHLIBEXT" shlib.po &&
ac_cv_shlib_works=yes
install -m644 packaging/RedHat/samba.pamd.stack $RPM_BUILD_ROOT/etc/pam.d/samba
install -m644 $RPM_SOURCE_DIR/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba
ln -s ../usr/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb
-## mount.smbfs is installed by Samba's Makefile
-## ln -s ../usr/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs
+## Samba's Makefile is breaking this currently. Remove it and set our own
+/bin/rm -f $RPM_BUILD_ROOT/sbin/mount.smbfs
+ln -s ../usr/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs
echo 127.0.0.1 localhost > $RPM_BUILD_ROOT%{_sysconfdir}/samba/lmhosts
# pam_smbpass
# winbind
mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
install -m 755 source/nsswitch/pam_winbind.so $RPM_BUILD_ROOT/%{_lib}/security/pam_winbind.so
-mkdir -p $RPM_BUILD_ROOT%{_libdir}
install -m 755 source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/%{_lib}/libnss_winbind.so
-ln -sf /%{_lib}/libnss_winbind.so $RPM_BUILD_ROOT%{_libdir}/libnss_winbind.so.2
install -m 755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/%{_lib}/libnss_wins.so
-ln -sf /%{_lib}/libnss_wins.so $RPM_BUILD_ROOT%{_libdir}/libnss_wins.so.2
+( cd $RPM_BUILD_ROOT/%{_lib};
+ ln -sf libnss_winbind.so libnss_winbind.so.2;
+ ln -sf libnss_wins.so libnss_wins.so.2 )
# libsmbclient
%{_mandir}/man1/smbstatus.1*
%{_mandir}/man5/smbpasswd.5*
%{_mandir}/man7/samba.7*
-%{_mandir}/man7/Samba.7*
%{_mandir}/man8/nmbd.8*
%{_mandir}/man8/pdbedit.8*
%{_mandir}/man8/smbd.8*
%{_bindir}/smbmnt
%{_bindir}/smbumount
%{_bindir}/findsmb
+%{_bindir}/tdbdump
%{_mandir}/man8/smbmnt.8*
%{_mandir}/man8/smbmount.8*
%{_mandir}/man8/smbumount.8*
%files common
%defattr(-,root,root)
-/%{_lib}/libnss_wins.so.*
-/%{_lib}/libnss_winbind.so.*
+/%{_lib}/libnss_wins.so*
+/%{_lib}/libnss_winbind.so*
/%{_lib}/security/pam_winbind.so
%{_libdir}/libsmbclient.a
%{_libdir}/libsmbclient.so
#%{_bindir}/vfstest
%{_sbindir}/winbindd
%dir /var/cache/samba
-%attr(750,root,root) %dir /var/cache/samba/winbindd_privileged
%config(noreplace) %{_sysconfdir}/samba/smb.conf
%config(noreplace) %{_sysconfdir}/samba/lmhosts
%dir %{_datadir}/samba
%define pkg_name samba
%define ver 3.0.1pre3
-%define rel 3mdk
+%define rel 5mdk
%define vscanver 0.3.3beta1
%define libsmbmajor 0
-%{!?mklibname: %define mklibname %lib%{1}%{?2:%{2}}%{?3:_%{3}}%{-s:-static}%{-d:-devel}}
+%{!?lib: %global lib lib}
+%{!?mklibname: %global mklibname(ds) %lib%{1}%{?2:%{2}}%{?3:_%{3}}%{-s:-static}%{-d:-devel}}
%define libname %mklibname smbclient %libsmbmajor
%exclude %{_mandir}/man1/smbsh*.1*
%changelog
-* Sun Nov 16 2003 Buchan Milne <bgmilne@linux-mandrake.com> 3.0.1-0.rpe3.3mdk
+* Fri Dec 05 2003 Buchan Milne <bgmilne@linux-mandrake.com> 3.0.1-0.pre3.5mdk
+- Allow winbind to start if old winbind ranges are used (ease upgrades)
+
+* Tue Nov 18 2003 Buchan Milne <bgmilne@linux-mandrake.com> 3.0.1-0.pre3.4mdk
+- Fix build as system on 8.2 (and probably earlier)
+
+* Sun Nov 16 2003 Buchan Milne <bgmilne@linux-mandrake.com> 3.0.1-0.pre3.3mdk
- Ensure printer drivers keep permissions by default (setgid and inherit perms)
* Fri Nov 14 2003 Buchan Milne <bgmilne@linux-mandrake.com> 3.0.1-0.pre3.2mdk
start() {
echo -n "Starting Winbind services: "
RETVAL=1
- if [ "`grep -i 'idmap uid' /etc/samba/smb.conf | egrep -v [\#\;]`" -a "`grep -i 'idmap gid' /etc/samba/smb.conf | egrep -v [\#\;]`" ]; then
+ if [ "`grep -i -E '(idmap|winbind) uid' /etc/samba/smb.conf | egrep -v [\#\;]`" -a "`grep -i -E '(idmap|winbind) gid' /etc/samba/smb.conf | egrep -v [\#\;]`" ]; then
daemon winbindd
RETVAL=$?
else
projects / thirdparty / samba.git / commitdiff
