def generate_smb4_conf(client, smb4_conf, role):
cifs = Struct(client.call('cifs.config'))
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = 'ftp'
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
if os.path.exists("/usr/local/etc/smbusers"):
confset1(smb4_conf, "username map = /usr/local/etc/smbusers")
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
if cifs.cifs_srv_bindip:
interfaces = []
bindips = string.join(cifs.cifs_srv_bindip, ' ')
if role != 'dc':
bindips = "127.0.0.1 %s" % bindips
bindips = bindips.split()
for bindip in bindips:
if not bindip:
continue
bindip = bindip.strip()
iface = client.call('notifier.get_interface', bindip)
if iface and client.call('notifier.is_carp_interface', iface):
parent_iface = client.call('notifier.get_parent_interface',
iface)
if not parent_iface:
continue
parent_iinfo = client.call('notifier.get_interface_info',
parent_iface[0])
if not parent_iinfo:
continue
interfaces.append("%s/%s" % (bindip, parent_iface[2]))
else:
interfaces.append(bindip)
if interfaces:
confset2(smb4_conf, "interfaces = %s", string.join(interfaces))
confset1(smb4_conf, "bind interfaces only = yes")
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d",
long(get_sysctl('kern.maxfilesperproc')) - 25)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
loglevel = cifs.cifs_srv_loglevel
else:
loglevel = "0"
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "logging = syslog:%s" % loglevel)
else:
confset1(smb4_conf, "logging = file")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s",
cifs.cifs_srv_guest.encode('utf8'))
confset1(smb4_conf, "map to guest = Bad User")
confset2(smb4_conf, "obey pam restrictions = %s",
"yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf,
"panic action = /usr/local/libexec/samba/samba-backtrace")
confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset1(smb4_conf, "ea support = yes")
confset1(smb4_conf, "store dos attributes = yes")
confset1(smb4_conf, "lm announce = yes")
confset2(smb4_conf, "hostname lookups = %s",
"yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s",
"no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s",
"yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s",
"yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "acl allow execute always = %s",
"true" if cifs.cifs_srv_allow_execute_always else "false")
confset1(smb4_conf, "dos filemode = yes")
confset2(smb4_conf, "multicast dns register = %s",
"yes" if cifs.cifs_srv_zeroconf else "no")
if not smb4_ldap_enabled(client):
confset2(smb4_conf, "domain logons = %s",
"yes" if cifs.cifs_srv_domain_logons else "no")
if (not client.call('notifier.common', 'system', 'nt4_enabled')
and not client.call('notifier.common', 'system',
'activedirectory_enabled')):
confset2(smb4_conf, "local master = %s",
"yes" if cifs.cifs_srv_localmaster else "no")
# 5 = DS_TYPE_CIFS
idmap = Struct(
client.call('notifier.ds_get_idmap_object', 5, cifs.id, 'tdb'))
configure_idmap_backend(client, smb4_conf, idmap, None)
if role == 'auto':
confset1(smb4_conf, "server role = auto")
elif role == 'classic':
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == 'netbios':
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == 'dc':
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(client, smb4_conf)
elif role == 'member':
confset1(smb4_conf, "server role = member server")
if client.call('notifier.common', 'system', 'nt4_enabled'):
add_nt4_conf(client, smb4_conf)
elif smb4_ldap_enabled(client):
add_ldap_conf(client, smb4_conf)
elif client.call('notifier.common', 'system',
'activedirectory_enabled'):
add_activedirectory_conf(client, smb4_conf)
confset2(smb4_conf, "netbios name = %s", cifs.netbiosname.upper())
if cifs.cifs_srv_netbiosalias:
confset2(smb4_conf, "netbios aliases = %s",
cifs.cifs_srv_netbiosalias.upper())
elif role == 'standalone':
confset1(smb4_conf, "server role = standalone")
confset2(smb4_conf, "netbios name = %s", cifs.netbiosname.upper())
if cifs.cifs_srv_netbiosalias:
confset2(smb4_conf, "netbios aliases = %s",
cifs.cifs_srv_netbiosalias.upper())
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != 'dc':
confset1(smb4_conf, "pid directory = /var/run/samba")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
smb_options = cifs.cifs_srv_smb_options.encode('utf-8')
smb_options = smb_options.strip()
for line in smb_options.split('\n'):
line = line.strip()
if not line:
continue
confset1(smb4_conf, line)
def generate_smb4_conf(client, smb4_conf, role):
cifs = Struct(client.call('cifs.config'))
if not cifs.cifs_srv_guest:
cifs.cifs_srv_guest = 'ftp'
if not cifs.cifs_srv_filemask:
cifs.cifs_srv_filemask = "0666"
if not cifs.cifs_srv_dirmask:
cifs.cifs_srv_dirmask = "0777"
# standard stuff... should probably do this differently
confset1(smb4_conf, "[global]", space=0)
if os.path.exists("/usr/local/etc/smbusers"):
confset1(smb4_conf, "username map = /usr/local/etc/smbusers")
confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol)
confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol)
if cifs.cifs_srv_bindip:
interfaces = []
bindips = string.join(cifs.cifs_srv_bindip, ' ')
if role != 'dc':
bindips = "127.0.0.1 %s" % bindips
bindips = bindips.split()
for bindip in bindips:
if not bindip:
continue
bindip = bindip.strip()
iface = client.call('notifier.get_interface', bindip)
if iface and client.call('notifier.is_carp_interface', iface):
parent_iface = client.call('notifier.get_parent_interface', iface)
if not parent_iface:
continue
parent_iinfo = client.call('notifier.get_interface_info', parent_iface[0])
if not parent_iinfo:
continue
interfaces.append("%s/%s" % (bindip, parent_iface[2]))
else:
interfaces.append(bindip)
if interfaces:
confset2(smb4_conf, "interfaces = %s", string.join(interfaces))
confset1(smb4_conf, "bind interfaces only = yes")
confset1(smb4_conf, "encrypt passwords = yes")
confset1(smb4_conf, "dns proxy = no")
confset1(smb4_conf, "strict locking = no")
confset1(smb4_conf, "oplocks = yes")
confset1(smb4_conf, "deadtime = 15")
confset1(smb4_conf, "max log size = 51200")
confset2(smb4_conf, "max open files = %d",
long(get_sysctl('kern.maxfilesperproc')) - 25)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
loglevel = cifs.cifs_srv_loglevel
else:
loglevel = "0"
if cifs.cifs_srv_syslog:
confset1(smb4_conf, "logging = syslog:%s" % loglevel)
else:
confset1(smb4_conf, "logging = file")
confset1(smb4_conf, "load printers = no")
confset1(smb4_conf, "printing = bsd")
confset1(smb4_conf, "printcap name = /dev/null")
confset1(smb4_conf, "disable spoolss = yes")
confset1(smb4_conf, "getwd cache = yes")
confset2(smb4_conf, "guest account = %s",
cifs.cifs_srv_guest.encode('utf8'))
confset1(smb4_conf, "map to guest = Bad User")
confset2(smb4_conf, "obey pam restrictions = %s",
"yes" if cifs.cifs_srv_obey_pam_restrictions else "no")
confset1(smb4_conf, "directory name cache size = 0")
confset1(smb4_conf, "kernel change notify = no")
confset1(smb4_conf,
"panic action = /usr/local/libexec/samba/samba-backtrace")
confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g")
confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description)
confset1(smb4_conf, "ea support = yes")
confset1(smb4_conf, "store dos attributes = yes")
confset1(smb4_conf, "lm announce = yes")
confset2(smb4_conf, "hostname lookups = %s",
"yes" if cifs.cifs_srv_hostlookup else False)
confset2(smb4_conf, "unix extensions = %s",
"no" if not cifs.cifs_srv_unixext else False)
confset2(smb4_conf, "time server = %s",
"yes" if cifs.cifs_srv_timeserver else False)
confset2(smb4_conf, "null passwords = %s",
"yes" if cifs.cifs_srv_nullpw else False)
confset2(smb4_conf, "acl allow execute always = %s",
"true" if cifs.cifs_srv_allow_execute_always else "false")
confset1(smb4_conf, "dos filemode = yes")
confset2(smb4_conf, "multicast dns register = %s",
"yes" if cifs.cifs_srv_zeroconf else "no")
if not smb4_ldap_enabled(client):
confset2(smb4_conf, "domain logons = %s",
"yes" if cifs.cifs_srv_domain_logons else "no")
if (not client.call('notifier.common', 'system', 'nt4_enabled') and not client.call('notifier.common', 'system', 'activedirectory_enabled')):
confset2(smb4_conf, "local master = %s",
"yes" if cifs.cifs_srv_localmaster else "no")
# 5 = DS_TYPE_CIFS
idmap = Struct(client.call('notifier.ds_get_idmap_object', 5, cifs.id, 'tdb'))
configure_idmap_backend(client, smb4_conf, idmap, None)
if role == 'auto':
confset1(smb4_conf, "server role = auto")
elif role == 'classic':
confset1(smb4_conf, "server role = classic primary domain controller")
elif role == 'netbios':
confset1(smb4_conf, "server role = netbios backup domain controller")
elif role == 'dc':
confset1(smb4_conf, "server role = active directory domain controller")
add_domaincontroller_conf(client, smb4_conf)
elif role == 'member':
confset1(smb4_conf, "server role = member server")
if client.call('notifier.common', 'system', 'nt4_enabled'):
add_nt4_conf(client, smb4_conf)
elif smb4_ldap_enabled(client):
add_ldap_conf(client, smb4_conf)
elif client.call('notifier.common', 'system', 'activedirectory_enabled'):
add_activedirectory_conf(client, smb4_conf)
confset2(smb4_conf, "netbios name = %s", cifs.netbiosname.upper())
if cifs.cifs_srv_netbiosalias:
confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper())
elif role == 'standalone':
confset1(smb4_conf, "server role = standalone")
confset2(smb4_conf, "netbios name = %s", cifs.netbiosname.upper())
if cifs.cifs_srv_netbiosalias:
confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper())
confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper())
confset1(smb4_conf, "security = user")
if role != 'dc':
confset1(smb4_conf, "pid directory = /var/run/samba")
confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask)
confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask)
confset1(smb4_conf, "client ntlmv2 auth = yes")
confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset)
confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset)
if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True:
confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel)
smb_options = cifs.cifs_srv_smb_options.encode('utf-8')
smb_options = smb_options.strip()
for line in smb_options.split('\n'):
line = line.strip()
if not line:
continue
confset1(smb4_conf, line)
