def main(): nsswitch_conf = { 'group': ['files'], 'hosts': ['files', 'dns'], 'networks': ['files'], 'passwd': ['files'], 'shells': ['files'], 'services': ['files'], 'protocols': ['files'], 'rpc': ['files'], 'sudoers': ['files'] } verb = "start" if len(sys.argv) > 1: verb = sys.argv[1].lower() if verb == 'start': if activedirectory_enabled() and activedirectory_has_unix_extensions(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') elif activedirectory_enabled() or \ domaincontroller_enabled() or nt4_enabled(): nsswitch_conf['passwd'].append('winbind') nsswitch_conf['group'].append('winbind') if nt4_enabled(): nsswitch_conf['hosts'].append('wins') if ldap_enabled(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') if ldap_sudo_configured(): nsswitch_conf['sudoers'].append('sss') if nis_enabled(): nsswitch_conf['passwd'].append('nis') nsswitch_conf['group'].append('nis') nsswitch_conf['hosts'].append('nis') try: fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644) for key in nsswitch_conf: line = "%s: %s\n" % ( key.strip(), string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ') ) os.write(fd, line) os.close(fd) except Exception as e: print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e) sys.exit(1)
def cache_count(**kwargs): if activedirectory_enabled(): _cache_count_ActiveDirectory(**kwargs) elif nt4_enabled(): _cache_count_NT4(**kwargs) elif ldap_enabled(): _cache_count_default(**kwargs) else: _cache_count_default(**kwargs)
def cache_rawdump(**kwargs): if activedirectory_enabled(): _cache_rawdump_ActiveDirectory(**kwargs) elif nt4_enabled(): _cache_rawdump_NT4(**kwargs) elif ldap_enabled(): _cache_rawdump_default(**kwargs) else: _cache_rawdump_default(**kwargs)
def _get_dflags(): dflags = 0 if activedirectory_enabled(): dflags |= U_AD_ENABLED elif nt4_enabled(): dflags |= U_NT4_ENABLED elif nis_enabled(): dflags |= U_NIS_ENABLED elif ldap_enabled(): dflags |= U_LDAP_ENABLED return dflags
def __new__(cls, **kwargs): log.debug("FreeNAS_GroupCache.__new__: enter") obj = None if ldap_enabled() or activedirectory_enabled() or \ nt4_enabled() or nis_enabled(): obj = FreeNAS_Directory_LocalGroupCache(**kwargs) else: obj = FreeNAS_BaseCache(**kwargs) log.debug("FreeNAS_GroupCache.__new__: leave") return obj
def get_server_role(): role = "standalone" if nt4_enabled() or activedirectory_enabled() or smb4_ldap_enabled(): role = "member" if domaincontroller_enabled(): try: dc = DomainController.objects.all()[0] role = dc.dc_role except: pass return role
def cache_check(**kwargs): if activedirectory_enabled(): _cache_check_ActiveDirectory(**kwargs) elif nis_enabled(): _cache_check_NIS(**kwargs) elif nt4_enabled(): _cache_check_NT4(**kwargs) elif ldap_enabled(): _cache_check_default(**kwargs) else: _cache_check_default(**kwargs)
def __new__(cls, **kwargs): log.debug("FreeNAS_UserCache.__new__: enter") obj = None if ( ldap_enabled() or activedirectory_enabled() or nt4_enabled() or nis_enabled() or domaincontroller_enabled() or nis_enabled() ): obj = FreeNAS_Directory_LocalUserCache(**kwargs) else: obj = FreeNAS_BaseCache(**kwargs) log.debug("FreeNAS_UserCache.__new__: leave") return obj
def __new__(cls, **kwargs): log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter") obj = None if ldap_enabled(): obj = FreeNAS_LDAP_LocalGroupCache(**kwargs) elif activedirectory_enabled(): obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs) elif nt4_enabled(): obj = FreeNAS_NT4_LocalGroupCache(**kwargs) elif nis_enabled(): obj = FreeNAS_NIS_LocalGroupCache(**kwargs) log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave") return obj
def __new__(cls, **kwargs): log.debug("FreeNAS_Directory_UserCache.__new__: enter") obj = None if ldap_enabled(): obj = FreeNAS_LDAP_UserCache(**kwargs) elif activedirectory_enabled(): obj = FreeNAS_ActiveDirectory_UserCache(**kwargs) elif nt4_enabled(): obj = FreeNAS_NT4_UserCache(**kwargs) elif nis_enabled(): obj = FreeNAS_NIS_UserCache(**kwargs) elif domaincontroller_enabled(): obj = FreeNAS_DomainController_UserCache(**kwargs) log.debug("FreeNAS_Directory_UserCache.__new__: leave") return obj
def __new__(cls, **kwargs): log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter") obj = None if ldap_enabled(): obj = FreeNAS_LDAP_LocalGroupCache(**kwargs) elif activedirectory_enabled(): obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs) elif nt4_enabled(): obj = FreeNAS_NT4_LocalGroupCache(**kwargs) elif nis_enabled(): obj = FreeNAS_NIS_LocalGroupCache(**kwargs) elif domaincontroller_enabled(): obj = FreeNAS_DomainController_LocalGroupCache(**kwargs) log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave") return obj
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) if os.path.exists("/usr/local/etc/smbusers"): confset1(smb4_conf, "username map = /usr/local/etc/smbusers") confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = [] bindips = string.join(cifs.cifs_srv_bindip, ' ') if role != 'dc': bindips = "127.0.0.1 %s" % bindips n = notifier() bindips = bindips.split() for bindip in bindips: if not bindip: continue bindip = bindip.strip() iface = n.get_interface(bindip) if iface and n.is_carp_interface(iface): parent_iface = n.get_parent_interface(iface) if not parent_iface: continue parent_iinfo = n.get_interface_info(parent_iface[0]) if not parent_iinfo: continue interfaces.append("%s/%s" % (bindip, parent_iface[2])) else: interfaces.append(bindip) if interfaces: confset2(smb4_conf, "interfaces = %s", string.join(interfaces)) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: loglevel = cifs.cifs_srv_loglevel else: loglevel = "0" if cifs.cifs_srv_syslog: confset1(smb4_conf, "logging = syslog:%s" % loglevel) else: confset1(smb4_conf, "logging = file") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset1(smb4_conf, "lm announce = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "dos filemode = yes") confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no") if not smb4_ldap_enabled(): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if (not nt4_enabled() and not activedirectory_enabled()): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no") idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb') configure_idmap_backend(smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif smb4_ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) smb_options = cifs.cifs_srv_smb_options.encode('utf-8') smb_options = smb_options.strip() for line in smb_options.split('\n'): line = line.strip() if not line: continue confset1(smb4_conf, line)
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") confset1(smb4_conf, "syslog = 1") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset1(smb4_conf, "obey pam restrictions = Yes") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset2(smb4_conf, "ea support = %s", "yes" if cifs.cifs_srv_easupport else False) confset2(smb4_conf, "store dos attributes = %s", "yes" if cifs.cifs_srv_dosattr else False) if cifs.cifs_srv_dosattr: confset1(smb4_conf, "map archive = no") confset1(smb4_conf, "map readonly = no") confset1(smb4_conf, "map hidden = no") confset1(smb4_conf, "map system = no") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") if cifs.cifs_srv_localmaster and not nt4_enabled() \ and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else False) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd") confset1(smb4_conf, "private dir = /var/etc/private") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) for line in cifs.cifs_srv_smb_options.split('\n'): confset1(smb4_conf, line) if cifs.cifs_srv_homedir_enable: valid_users_path = "%U" valid_users = "%U" if activedirectory_enabled(): try: ad = ActiveDirectory.objects.all()[0] if not ad.ad_use_default_domain: valid_users_path = "%D/%U" valid_users = "%D\%U" except: pass if cifs.cifs_srv_homedir: cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir, valid_users_path) else: cifs_homedir_path = False confset1(smb4_conf, "\n") confset1(smb4_conf, "[homes]", space=0) confset1(smb4_conf, "comment = Home Directories") confset2(smb4_conf, "valid users = %s", valid_users) confset1(smb4_conf, "writable = yes") confset2(smb4_conf, "browseable = %s", "yes" if cifs.cifs_srv_homedir_browseable_enable else "no") if cifs_homedir_path: confset2(smb4_conf, "path = %s", cifs_homedir_path) for line in cifs.cifs_srv_homedir_aux.split('\n'): confset1(smb4_conf, line)
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = cifs.cifs_srv_bindip.replace(',', ' ') if role != 'dc': interfaces = "127.0.0.1 %s" % interfaces confset2(smb4_conf, "interfaces = %s", interfaces) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") confset1(smb4_conf, "syslog = 1") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "acl check permissions = true") confset1(smb4_conf, "dos filemode = yes") if not smb4_ldap_enabled(): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if cifs.cifs_srv_localmaster and not nt4_enabled() \ and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else False) idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb') configure_idmap_backend(smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif smb4_ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd") confset1(smb4_conf, "private dir = /var/etc/private") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) for line in cifs.cifs_srv_smb_options.split('\n'): confset1(smb4_conf, line)
sanity = False if sanity: sys.path.extend(['/usr/local/www', '/usr/local/www/freenasUI']) os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'freenasUI.settings') import django django.setup() from freenasUI.common.system import (activedirectory_enabled, domaincontroller_enabled, ldap_enabled, nt4_enabled) if (activedirectory_enabled() or domaincontroller_enabled() or ldap_enabled() or nt4_enabled()): print "A directory service is enabled, aborting without making changes." exit(1) print "detected SID: %s\n" % sidval from freenasUI.services.models import CIFS cifs = CIFS.objects.all()[0] print "database SID: %s\n" % cifs.cifs_SID if cifs.cifs_SID != sidval: cifs.cifs_SID = sidval print "Saving detected SID to the database" cifs.save() print "Please either reboot the system or run the following commands as root:" print "service samba_server stop" print "service ix-pre-samba start" print "service samba_server start"
# Make sure to load all modules from django.db.models.loading import cache cache.get_apps() from freenasUI.common.system import ( activedirectory_enabled, domaincontroller_enabled, ldap_enabled, nt4_enabled ) if (activedirectory_enabled() or domaincontroller_enabled() or ldap_enabled() or nt4_enabled()): print "A directory service is enabled, aborting without making changes." exit(1) print "detected SID: %s\n" % sidval from freenasUI.services.models import CIFS cifs = CIFS.objects.all()[0] print "database SID: %s\n" % cifs.cifs_SID if cifs.cifs_SID != sidval: cifs.cifs_SID = sidval print "Saving detected SID to the database" cifs.save() print "Please either reboot the system or run the following commands as root:" print "service samba_server stop" print "service ix-pre-samba start" print "service samba_server start"
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = "ftp" if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) if os.path.exists("/usr/local/etc/smbusers"): confset1(smb4_conf, "username map = /usr/local/etc/smbusers") confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = [] bindips = string.join(cifs.cifs_srv_bindip, " ") if role != "dc": bindips = "127.0.0.1 %s" % bindips n = notifier() bindips = bindips.split() for bindip in bindips: if not bindip: continue bindip = bindip.strip() iface = n.get_interface(bindip) if iface and n.is_carp_interface(iface): parent_iface = n.get_parent_interface(iface) if not parent_iface: continue parent_iinfo = n.get_interface_info(parent_iface[0]) if not parent_iinfo: continue interfaces.append("%s/%s" % (bindip, parent_iface[2])) else: interfaces.append(bindip) if interfaces: confset2(smb4_conf, "interfaces = %s", string.join(interfaces)) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl("kern.maxfilesperproc")) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") else: confset1(smb4_conf, "syslog only = no") if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "syslog = %s", cifs.cifs_srv_loglevel) else: confset1(smb4_conf, "syslog = 0") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode("utf8")) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset1(smb4_conf, "lm announce = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "acl check permissions = true") confset1(smb4_conf, "dos filemode = yes") confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no") if not smb4_ldap_enabled(): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if not nt4_enabled() and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no") idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, "tdb") configure_idmap_backend(smb4_conf, idmap, None) if role == "auto": confset1(smb4_conf, "server role = auto") elif role == "classic": confset1(smb4_conf, "server role = classic primary domain controller") elif role == "netbios": confset1(smb4_conf, "server role = netbios backup domain controller") elif role == "dc": confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == "member": confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif smb4_ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == "standalone": confset1(smb4_conf, "server role = standalone") set_netbiosname(smb4_conf, cifs.cifs_srv_netbiosname) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != "dc": confset1(smb4_conf, "pid directory = /var/run/samba") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) smb_options = cifs.cifs_srv_smb_options.encode("utf-8") smb_options = smb_options.strip() for line in smb_options.split("\n"): line = line.strip() if not line: continue confset1(smb4_conf, line)
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") confset1(smb4_conf, "syslog = 1") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") if cifs.cifs_srv_localmaster and not nt4_enabled() \ and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else False) idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb') configure_idmap_backend(smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd") confset1(smb4_conf, "private dir = /var/etc/private") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) for line in cifs.cifs_srv_smb_options.split('\n'): confset1(smb4_conf, line) if cifs.cifs_srv_homedir_enable: valid_users_path = "%U" valid_users = "%U" if activedirectory_enabled(): try: ad = ActiveDirectory.objects.all()[0] if not ad.ad_use_default_domain: valid_users_path = "%D/%U" valid_users = "%D\%U" except: pass if cifs.cifs_srv_homedir: cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir, valid_users_path) else: cifs_homedir_path = False confset1(smb4_conf, "\n") confset1(smb4_conf, "[homes]", space=0) confset1(smb4_conf, "comment = Home Directories") confset2(smb4_conf, "valid users = %s", valid_users) confset1(smb4_conf, "writable = yes") confset2(smb4_conf, "browseable = %s", "yes" if cifs.cifs_srv_homedir_browseable_enable else "no") if cifs_homedir_path: confset2(smb4_conf, "path = %s", cifs_homedir_path) for line in cifs.cifs_srv_homedir_aux.split('\n'): confset1(smb4_conf, line)