Automated Samba + LDAP Installation For FreeBSD 7.1

{ http://autosambaldap.sourceforge.net/ }

Overview

The following is a description of the automated Samba + LDAP installation script I have put together for FreeBSD 7.1.

The script automates the process of setting up a Samba v3 server with an OpenLDAP v2.4 backend as a Primary Domain Controller with as little interaction as possible. During the scripted installation you will be prompted for your root password three times and asked to hit ok twice.

SourceForge.net Project Page: { http://sourceforge.net/projects/autosambaldap/ }

Installation Method #1

The entire process should take approximately 30 minutes from start (bare metal) to finish (working server) depending on the speed of your internet connection.

The current revision of the "Web Based" Install script can be found at:
{ https://svn.sourceforge.net/svnroot/autosambaldap/MAINSCRIPT/gen_setup.sh }

 

Installation Method #2

The entire process for the CD-ROM version from start (bare metal) to finish (working server) should take about 12 minutes.

LATEST VERSION AVAILABLE ON PROJECT PAGE

The CD-ROM Version (Rev 2 - AMD64 version): can be had here:
{http://softlayer.dl.sourceforge.net/sourceforge/autosambaldap/AUTOSAMBA-LDAP_AMD64_rev3.iso }

The CD-ROM Version (Rev 2 - i386 version): can be had here:
{ http://softlayer.dl.sourceforge.net/sourceforge/autosambaldap/AUTOSAMBA-LDAP_i386_Rev3.iso }

Watch a WMV capture of an installation using VMWare { HERE }

Once installed you can add users via the command-line (see: /root/adduser_example.txt) or with Microsoft User Manager for Domains (USRMGR.exe) from the Windows 2003 Resource Kit. { http://download.microsoft.com/download/a/8/b/a8bc2027-f25c-438e-b763-bbef1dbdbf4b/usrmgr.msi }  

 

Prerequisites

 

Disk Layout

This script assumes that you will have a mount-point /home/ that will be used as the location of your user data storage.

The system software will fit on a partition of < 1GiB. On my own system I am using a 1GiB Solid State Disk for this and the operating system uses 652MB on a fully configured system. For my /home/ I am using a pair of 160GiB SATA disks in a ZFS mirror. I will have to look into some logging issues at some point in the near future with this configuration because as we all know log files can and will eat up a lot of space.

For my testing I have a bootable USB thumb drive with an installation of FreeBSD that I "dd" to my SSD each time rather than reinstalling for each test. 

#!/bin/sh
/bin/dd if=/dev/da0 of=/dev/ad0 bs=1M
/sbin/fsck /dev/ad0s1a
/sbin/mount /dev/ad0s1a /mnt
/usr/bin/sed -e 's/da0s1a/ad0s1a/g' /mnt/etc/fstab >> /mnt/etc/fstab.new
/bin/mv /mnt/etc/fstab.new /mnt/etc/fstab
/sbin/halt
 
 

I setup my /home/ with the following script that is not part of the installation script that is being discussed in this document.
This is why the script has some ZFS specific settings included in it. 

#!/bin/sh
/bin/rm -rf /home
/sbin/zpool import home
/sbin/zpool destroy home
/sbin/zpool create home mirror ad4 ad6
/sbin/zpool status
/bin/chmod 0777 /home
exit 0
 
 

Network Setup

You must configure your new server with a three part name. { i.e. hostname.domain.root }

This is required because of the way that I wrote the automated install script and how it handles the configuration files.

You should also assign a static IPv4 address to your new server.
Instructions on how to properly configure your network are beyond the scope of this document.

 

Installed Software

The following is a list of packages that will be installed with this setup script: ( pkg_info |awk '{print $1}' )

bind9-9.3.5.2
cups-base-1.3.9_2
db46-4.6.21.1
gettext-0.17_1
gnutls-2.4.2_1
ja-p5-Jcode-2.07
jpeg-6b_7
krb5-1.6.3_5
libexecinfo-1.1_2
libgcrypt-1.4.1_1
libgpg-error-1.6_1
libiconv-1.11_1
libltdl-1.5.26
libxml2-2.6.32
lighttpd-1.4.19_3
nss_ldap-1.257
openldap-client-2.4.11
openldap-server-2.4.11_1
openssh-portable-5.0.p1,1
openssl-0.9.8h_1
p5-Authen-SASL-2.12
p5-Convert-ASN1-0.21
p5-Crypt-SmbHash-0.12
p5-Digest-HMAC-1.01
p5-Digest-MD5-2.36_1
p5-Digest-SHA1-2.11
p5-GSSAPI-0.26
p5-IO-Socket-SSL-1.15
p5-Net-SSLeay-1.35
p5-Text-Iconv-1.7
p5-URI-1.37
p5-Unicode-Map-0.112
p5-Unicode-Map8-0.12
p5-Unicode-MapUTF8-1.11
p5-Unicode-String-2.09
p5-XML-Filter-BufferText-1.01
p5-XML-NamespaceSupport-1.09_1
p5-XML-SAX-0.96
p5-XML-SAX-Writer-0.50
p5-perl-ldap-0.36
pam_ldap-1.8.4
pcre-7.7_1
perl-5.8.8_1
php5-5.2.8
php5-gettext-5.2.8
php5-ldap-5.2.8
pkg-config-0.23_1
png-1.2.32
popt-1.7_5
samba-3.0.32_2,1
smbldap-tools-0.9.5
tiff-3.8.2_2
wget-1.11.2_1

The Auto Install Script

In this section I will briefly explain each section of the script and what it does to your server.

We start off by getting information about our current configuration. We will use this information as variables in our script later.

# INSTALLER VERSION NUMBER
#
VersionInfo="040209.1_GENERIC"
#
# SET DEFAULT VARIABLES FROM CURRENT HOST CONFIGURATION.
#
myDomainHost=`hostname -f | awk '{gsub(/\./," ");print $1}'`
myDomainSub=`hostname -f | awk '{gsub(/\./," ");print $2}'`
myDomainRoot=`hostname -f | awk '{gsub(/\./," ");print $3}'`
myInterface=`/usr/bin/netstat -inW -f link | grep -E "<Link#1>" | awk '{print $1}'`
myNetwork=`ifconfig |grep -E 'inet.[0-9]' |grep -v '127.0.0.1' |awk '{print $6}'| sed 's/'255'//'`
myDNSNet=`ifconfig |grep -E 'inet.[0-9]' |grep -v '127.0.0.1' |awk '{print $6}'| sed 's/'255'/0\/24/'`
shortName=`hostname -s`
myNETBIOSName=`hostname -s |awk '{gsub("[A-Z]","_&"); print }' | tr '[a-z]' '[A-Z]'`
myWorkGroupName=`hostname -f | awk '{gsub(/\./," ");print $2}'|awk ' { gsub("[A-Z]","_&"); print }' | tr '[a-z]' '[A-Z]'`
longName=`hostname -f`
myIP=`ifconfig  | grep -E 'inet.[0-9]' | grep -v '127.0.0.1' | awk '{ print $2}'`
domainName=`echo "$longName" |sed 's/'$shortName'//'`
currentUser=`/usr/bin/whoami`
#
 
 

Run a few basic checks to ensure that you should be running this script in the first place.

# CHECK TO MAKE SURE THAT THE CURRENT USER IS THE ROOT USER
#
if [ "$currentUser" != "root" ]; then
   echo "You must run this Script as \"root\""
   exit 0
   else
   clear
   echo "Starting Scripted Setup."
   sleep .3
   clear
fi
#

 

Next we check to see that the user has configured the server with a proper three part naming scheme.

Note: The naming scheme is important to us because later on in the script we have to set values for the LDAP server configuration that rely on the existence of the second and third parts of the FQDN.

# CHECK FOR PROPER FQDN NAME - BAIL IF NOT CORRECT
#
clear
DIALOG=${DIALOG=/usr/bin/dialog}
fqdnstring=`hostname -f | awk '{gsub(/\./," ");print}'`
   mynum="0"
for _name in $fqdnstring; do
   mynum=`expr $mynum + 1`
   done
if [ "$mynum" != "3" ]; then
   $DIALOG --title "ERROR" \
   --msgbox "YOU DO NOT HAVE A PROPER FQDN\n\
   THIS SCRIPT REQUIRES A THREE PART PATTERN\n\
   EXAMPLE: THIS_HOST.DOMAIN.ROOT" -1 -1
   exit 3
fi
   #
 
 

As out last test, we check to see if our "setup.log" file exists in the /root/ directory.

We create this log file during setup and although the user may have deleted it, it is a simple check to see if the script has been run already. I had considered looking at the output of pkg_info to see that no packages had been installed which would insure that this was a virgin machine and I may at some point choose to go that direction.

# CHECK TO MAKE SURE THAT THE SCRIPT HAS NOT ALREADY BEEN RUN ON THIS MACHINE
# (CHECK FOR THE EXISTANCE OF THE SETUP LOG WE CREATE)
#
if [ -f /root/setup.log ] ; then
   clear
   echo "SETUP HAS ALREADY RUN ON THIS MACHINE"
   echo "*************************************"
   echo
   echo "YOU CAN NOT RE-RUN THE SCRIPT - IT WILL FAIL"
   echo "AND LEAVE YOUR MACHINE IN AN UNUSABLE STATE."
   exit 20
fi
#

 

Display a dialog prompting the user to continue - this is the last chance that the user has to bail out of this scripted setup.

# BEGIN INSTALLATION PROCESS
   #
   $DIALOG --title "SCRIPTED FILE SERVER SETUP" --clear \
   --yesno "THIS SCRIPT WILL INSTALL AND CONFIGURE YOUR SERVER\n\
   AS A SAMBA FILE SERVER WITH A LDAP BACKEND. \n\n \
   ARE YOU SURE YOU WANT TO DO THIS?" -1 -1
case $? in
   0)
   clear
   echo "STARTING AUTOMATED SETUP....";;
   1)
   clear
   echo "EXITING SETUP NOW...."
   exit 1;;
   255)
   clear
   echo "ESC HAS BEEN PRESSED"
   echo "EXITING SETUP NOW...."
   exit 1;;
esac
#
 
 

Prompt the user for a password that will be used during the setup of our software.

# CREATE DEFAULT VALUE FOR THE PASSWORD TO BE USED
   #
   myPassword="password"
   #
   # PROMPT USER FOR THE NEW PASSWORD 
   #
   $DIALOG --title "PASSWORD REQUIRED" --clear \
 --inputbox "THIS SCRIPT REQUIRES YOU TO CREATE A PASSWORD\n\
 TO BE USED BY YOUR LDAP AND SMB SERVERS\n\n\
 ENTER YOUR PASSWORD BELOW:" -1 -1 "$myPassword" 2> /tmp/inputbox.tmp.$$
retval=$?
myPassword=`cat /tmp/inputbox.tmp.$$`
   rm -f /tmp/inputbox.tmp.$$
case $retval in
   0)
   echo "SETTING YOUR PASSWORD TO " $myPassword
   echo "THANK YOU....";;
   1)
   echo "Cancel pressed."
   exit 15;;
   255)
   echo "ESC pressed."
   exit 16;;
esac
#

 

Next we print the information to the screen that we have collected about the system and wait there for 2 seconds to give the user the chance to read it. 

# SPLASH
#
$DIALOG --title "STARTING AUTOMATED SETUP" \
--infobox "STARTING SETUP NOW\n\
PLEASE WAIT" -1 -1
stty -echo
stty echo
#
# PRINT CURRENT CONFIGURATION
#
$DIALOG --title "RUNNING AUTOMATED SETUP" \
--infobox "WE HAVE FOUND YOUR SYSTEM INFORMATION\n\n\
      SYSTEM FQDN= $longName\n\
        SYSTEM IP= $myIP\n\
    NETWORK RANGE= $myDNSNet\n\
   INTERFACE NAME= $myInterface\n\
    YOUR PASSWORD= $myPassword\n\n\
      SETUP WILL CONTINUE IN 2 SECONDS" -1 -1
stty -echo
   sleep 2
   stty echo
 
 

We echo the start time into the log file

#
# ECHO THE START TIME INTO THE LOG FILE
#
echo "Start Time: " `date` >/root/setup.log

 

Setup the ZFS tuning parameters and change the autoboot delay. You should look at the wiki on how to setup ZFS on your system.
These are values that have worked well for me on my hardware (Intel DG945GCLF w/1GB DDR).

# SETUP SYSTEM SETTINGS FOR ZFS SUPPORT
   #
   $DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "SETTING UP ZFS KERNEL PARAMETERS" -1 -1
echo 'zfs_load="YES"' > /boot/loader.conf
   echo 'vm.kmem_size_max="768M"' >> /boot/loader.conf
   echo 'vm.kmem_size="768M"' >> /boot/loader.conf
   echo 'vfs.zfs.arc_min="16M"' >> /boot/loader.conf
   echo 'vfs.zfs.arc_max="64M"' >> /boot/loader.conf
   echo 'zfs_enable="YES"' >> /etc/rc.conf
   
   chmod 0777 /home
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "SETTING UP BOOT PARAMETERS" -1 -1
# Change the Autoboot Delay and remove the Logo from the "Beastie Menu"
   echo 'autoboot_delay="0"' >> /boot/loader.conf
   echo 'loader_logo="none"' >> /boot/loader.conf
   # Turn off the FreeBSD boot menu
   echo 'beastie_disable="YES"' >> /boot/loader.conf
   stty -echo
   stty echo
 
 

Next we setup the /etc/hosts file with our system information. 

$DIALOG --title "RUNNING AUTOMATED SETUP" \
 --infobox "SETTING UP HOSTS FILE" -1 -1
    
# Setup up our hosts file based on current configuration of the network.
   echo "::1					localhost localhost$domainName" >/etc/hosts
   echo "127.0.0.1		localhost localhost$domainName" >>/etc/hosts
   echo "$myIP			$longName $shortName" >>/etc/hosts
   echo "$myIP			$longName." >>/etc/hosts

 

It is finally time to start installing packages.
These are a few that we need to add early on. 

# Get some essential stuff.
   $DIALOG --title "RUNNING AUTOMATED SETUP" \
 --infobox "INSTALLING wget" -1 -1
 stty -echo
 pkg_add -r wget >/root/setup.log 2>&1
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING libxml2" -1 -1
   stty -echo
   pkg_add -r libxml2 >>/root/setup.log 2>&1
# INSTALL db46 EARLY OR DEPS WILL INSTALL db41 and db46
   $DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING db46" -1 -1
   stty -echo
   pkg_add -r db46 >>/root/setup.log 2>&1
# Must have "pcre" for things to compile correctly later.
   $DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING pcre" -1 -1
   stty -echo
   pkg_add -r pcre >>/root/setup.log 2>&1
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING openssh-portable" -1 -1
   stty -echo
   pkg_add -r openssh-portable >>/root/setup.log 2>&1
 
 

Now it is time to install BIND v9 - the DNS server. [ Man Page ]
We will install it, and configure it with a simple configuration using the information that we already know about our system. This is just enough configuration so that the machine will be able to resolve its own name on the LAN. You may want to do some reading and change these settings more to your liking.

##########################
# Create named.conf file #
##########################
mynamedConf="/etc/namedb/named.conf"
echo '// Generated by AUTOMATED SETUP' >$mynamedConf
   echo ' '>>$mynamedConf
   echo 'options {'>>$mynamedConf
   echo '	// Relative to the chroot directory, if any'>>$mynamedConf
   echo '	directory	"/etc/namedb";'>>$mynamedConf
   echo '	pid-file	"/var/run/named/pid";'>>$mynamedConf
   echo '	dump-file	"/var/dump/named_dump.db";'>>$mynamedConf
   echo '	statistics-file	"/var/stats/named.stats";'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '};'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// RFC 1912'>>$mynamedConf
   echo 'zone "localhost"	{ type master; file "master/localhost-forward.db"; };'>>$mynamedConf
   echo 'zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };'>>$mynamedConf
   echo 'zone "255.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// RFC 1912-style zone for IPv6 localhost address'>>$mynamedConf
   echo 'zone "0.ip6.arpa"	{ type master; file "master/localhost-reverse.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// "This" Network (RFCs 1912 and 3330)'>>$mynamedConf
   echo 'zone "0.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// Private Use Networks (RFC 1918)'>>$mynamedConf
   echo 'zone "10.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "16.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "17.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "18.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "19.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "20.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "21.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "22.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "23.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "24.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "25.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "26.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "27.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "28.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "29.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "30.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "31.172.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "168.192.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// Link-local/APIPA (RFCs 3330 and 3927)'>>$mynamedConf
   echo 'zone "254.169.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// TEST-NET for Documentation (RFC 3330)'>>$mynamedConf
   echo 'zone "2.0.192.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// Router Benchmark Testing (RFC 3330)'>>$mynamedConf
   echo 'zone "18.198.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "19.198.in-addr.arpa"	{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// IANA Reserved - Old Class E Space'>>$mynamedConf
   echo 'zone "240.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "241.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "242.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "243.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "244.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "245.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "246.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "247.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "248.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "249.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "250.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "251.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "252.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "253.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "254.in-addr.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// IPv6 Unassigned Addresses (RFC 4291)'>>$mynamedConf
   echo 'zone "1.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "3.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "4.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "5.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "6.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "7.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "8.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "9.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "a.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "b.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "c.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "d.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "e.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "0.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "1.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "2.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "3.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "4.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "5.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "6.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "7.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "8.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "9.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "a.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "b.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "0.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "1.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "2.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "3.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "4.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "5.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "6.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "7.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// IPv6 ULA (RFC 4193)'>>$mynamedConf
   echo 'zone "c.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "d.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// IPv6 Link Local (RFC 4291)'>>$mynamedConf
   echo 'zone "8.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "9.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "a.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "b.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// IPv6 Deprecated Site-Local Addresses (RFC 3879)'>>$mynamedConf
   echo 'zone "c.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "d.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "e.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo 'zone "f.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   echo '// IP6.INT is Deprecated (RFC 4159)'>>$mynamedConf
   echo 'zone "ip6.int"			{ type master; file "master/empty.db"; };'>>$mynamedConf
   echo ''>>$mynamedConf
   cat /etc/namedb/rndc.key >> /etc/namedb/named.conf
   echo ''>>$mynamedConf
   # Customize this section with variables.......
   echo 'zone "'$myDomain'" {'>>$mynamedConf
   echo '	type master;'>>$mynamedConf
   echo '	allow-update {'>>$mynamedConf
   echo '		key "rndc-key";'>>$mynamedConf
   echo '	};'>>$mynamedConf
   echo '	file "master/'$myDomain'.db";'>>$mynamedConf
   echo '};'>>$mynamedConf
      
# Create our initial ZONE file for this server
   epochserial=`date +%s`
   myRealm=`hostname | awk '{gsub(/\./," ");print $2"."$3}'|awk ' { gsub("[A-Z]","_&"); print }' | tr '[a-z]' '[A-Z]'`
   mydnsDB="/etc/namedb/master/$myDomain.db"
echo '; BIND db file for '$myRealm >$mydnsDB
   echo ' '>>$mydnsDB
   echo '$TTL 86400'>>$mydnsDB
   echo ' '>>$mydnsDB
   echo '@	  IN	    SOA	'$longName'.	   root'$domainName'. ('>>$mydnsDB
   echo '				'$epochserial'		; serial number'>>$mydnsDB
   echo '				28800		; Refresh'>>$mydnsDB
   echo '				7200		; Retry'>>$mydnsDB
   echo '				864000		; Expire'>>$mydnsDB
   echo '				86400		; Min TTL'>>$mydnsDB
   echo '				)'>>$mydnsDB
   echo ' '>>$mydnsDB
   echo '						NS			'$longName'.'>>$mydnsDB
   echo ' '>>$mydnsDB
   echo '$ORIGIN '$myDomain'. '>>$mydnsDB
   echo '; Domain Host Records '>>$mydnsDB
   echo ''>>$mydnsDB
   echo 'localhost			IN	  A			  127.0.0.1'>>$mydnsDB
   echo $shortName'		IN	  A			  '$myIP >>$mydnsDB
   echo 'kerberos			IN	  CNAME			  '$shortName >>$mydnsDB
   echo ''>>$mydnsDB
   echo ';Kerberos Records'>>$mydnsDB
   echo ''>>$mydnsDB
   echo '_kerberos._udp		IN	  SRV	    01 00 88	  kerberos'$domainName'.'>>$mydnsDB
   echo '_kerberos._tcp		IN	  SRV	    01 00 88	  kerberos'$domainName'.'>>$mydnsDB
   echo '_kpasswd._udp			IN	  SRV	    01 00 464	  kerberos'$domainName'.'>>$mydnsDB
   echo '_kerberos-adm._tcp	IN	  SRV	    01 00 749	  kerberos'$domainName'.'>>$mydnsDB
   echo '_kerberos				IN	  TXT			  		 '$myRealm >>$mydnsDB
 
 

After that last bit you may start to see why I am automating this.

 

Next on the list of things to do is set the appropriate permissions on the home directory and create a temporary working directory.
This step is especially important if you have created a ZFS storage pool as you location for the user data.

$DIALOG --title "RUNNING AUTOMATED SETUP" \
 --infobox "SETTING PERMISSIONS ON \"HOME\"" -1 -1
 stty -echo
chmod a+rwx /home
mkdir /home/temp
   cd /home/temp
 
 

Install a few more packages, do some minimal configuration to Kerberos (this is not really needed), and create the directory for the smbldap-tools package because it is broken and will not install right if we don't.

$DIALOG --title "RUNNING AUTOMATED SETUP" \
 --infobox "INSTALLING openldap24-client" -1 -1
 stty -echo
 pkg_add -r openldap24-client
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING pam_ldap" -1 -1
   stty -echo
   pkg_add -r pam_ldap >>/root/setup.log 2>&1
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING KERBEROS v5" -1 -1
   stty -echo
   pkg_add -r krb5 >>/root/setup.log 2>&1
# Create /etc/krb5.conf
   echo '[libdefaults]' >/etc/krb5.conf
   echo '      default_realm = '$myRealm >>/etc/krb5.conf
# More Configuration Needed Here ^^^^^
      
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "FETCHING SAMBA PACKAGES\n\
   FROM REMOTE SERVERS" -1 -1
      
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING SAMBA3-ADS" -1 -1
   stty -echo
   pkg_add -r samba3
# OpenLDAP Server Specific Stuff
   $DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING openldap24-server" -1 -1
   stty -echo
   pkg_add -r openldap24-server
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING nss_ldap" -1 -1
   stty -echo
      
pkg_add -r nss_ldap
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING smbldap-tools" -1 -1
   stty -echo
   # Fix smbldap-tools package installation errors by creating the directory first
   mkdir /usr/local/etc/smbldap-tools
pkg_add -r smbldap-tools  >>/root/setup.log 2>&1
 
 

Run FreeBSD update (there is no need to run this after we are finished because we do not have anymore updates after this point).

$DIALOG --title "RUNNING AUTOMATED SETUP" \
 --infobox "RUNNING FREEBSD UPDATE" -1 -1
 stty -echo
 freebsd-update fetch >>/root/setup.log 2>&1
 freebsd-update install >>/root/setup.log 2>&1

 

Now we install PHP5 and setup the php.ini file for it to suit our needs.

$DIALOG --title "RUNNING AUTOMATED SETUP" \
 --infobox "INSTALLING WEB PROGRAMS AND UTILITIES" -1 -1
 stty -echo
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING PHP5 LANGUAGE SUPPORT" -1 -1
   stty -echo
   pkg_add -r php5 >>/root/setup.log 2>&1
   pkg_add -r php5-gettext >>/root/setup.log 2>&1
   pkg_add -r php5-ldap >>/root/setup.log 2>&1
##### PHP.INI #####
   $DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "CREATING CUSTOM PHP.INI FILE" -1 -1
   stty -echo
   myPHPINI="/usr/local/etc/php.ini"
echo 'magic_quotes_gpc = Off' > $myPHPINI
   echo 'magic_quotes_runtime = Off' >> $myPHPINI
   echo 'max_execution_time = 0' >> $myPHPINI
   echo 'max_input_time = 180' >> $myPHPINI
   echo 'register_argc_argv = Off' >> $myPHPINI
   echo 'file_uploads = On' >> $myPHPINI
   echo 'upload_tmp_dir = /ftmp' >> $myPHPINI
   echo 'upload_max_filesize = 256M' >> $myPHPINI
   echo 'post_max_size = 256M' >> $myPHPINI
   echo 'html_errors = Off' >> $myPHPINI
   echo 'include_path = ".:/etc/inc:/usr/local/www"' >> $myPHPINI
   ##### END PHP.INI #####
 
 

In this section we install lighttpd, touch the access and error logs, generate a web site password, create a PHP test page, download and install the "status page", create our configuration file and enable it at startup.

$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING LIGHTTPD WWW SERVER" -1 -1
   stty -echo
   pkg_add -r lighttpd >>/root/setup.log 2>&1
    
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "CREATING LIGHTTPD LOG FILES" -1 -1
   stty -echo
   touch /var/log/lighttpd.access.log
   chmod a+rw /var/log/lighttpd.access.log
 touch /var/log/lighttpd.error.log
   chmod a+rw /var/log/lighttpd.error.log
   
   $DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "CREATING DEFAULT WEB PAGE" -1 -1
   stty -echo
      
# SETUP the .htaccess file and create an index file to test the setup is working.
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "GENERATING WEBSITE PASSWORD" -1 -1
   stty -echo
myPHPGENPW=`echo -n "admin:ADMINISTRATION:"$myPassword | md5 | cut -b -32`
   echo "admin:ADMINISTRATION:"$myPHPGENPW > /usr/local/www/.htpasswd
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "GENERATING WEBSITE PHP TEST PAGE" -1 -1
   stty -echo
   echo '<?php' > /usr/local/www/phptest.php
   echo 'phpinfo();' >> /usr/local/www/phptest.php
   echo '?>' >> /usr/local/www/phptest.php
# Download and install the Admin site status page.
   $DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "INSTALLING ADMINISTRATION STATUS PAGE" -1 -1
cd /
   fetch http://autosambaldap.svn.sourceforge.net/viewvc/autosambaldap/webadmin/website.tgz
   tar xzf /website.tgz
   rm -f /website.tgz
   chown -R root:wheel /usr/local/www
   chmod -R a-xw+r /usr/local/www
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "CREATING LIGHTTPD CONFIGURATION FILE" -1 -1
   
   #### LIGHTTPD.CONF ####
   myLighttpConf="/usr/local/etc/lighttpd.conf"
echo 'server.modules = (' >/$myLighttpConf
   echo '  "mod_access",' >>/$myLighttpConf
   echo '  "mod_auth",' >>/$myLighttpConf
   echo '  "mod_fastcgi" )' >>/$myLighttpConf
   echo 'server.document-root = "/usr/local/www"' >>/$myLighttpConf
   echo 'server.errorlog-use-syslog = "enable"' >>/$myLighttpConf
   echo 'server.event-handler = "freebsd-kqueue"' >>/$myLighttpConf
   echo 'server.max-write-idle = 360' >>/$myLighttpConf
   echo 'index-file.names = ( "index.php" )' >>/$myLighttpConf
   echo 'mimetype.assign = (' >>/$myLighttpConf
   echo '  ".pdf"     => "application/pdf",' >>/$myLighttpConf
   echo '  ".sig"     => "application/pgp-signature",' >>/$myLighttpConf
   echo '  ".spl"     => "application/futuresplash",' >>/$myLighttpConf
   echo '  ".class"   => "application/octet-stream",' >>/$myLighttpConf
   echo '  ".ps"      => "application/postscript",' >>/$myLighttpConf
   echo '  ".torrent" => "application/x-bittorrent",' >>/$myLighttpConf
   echo '  ".dvi"     => "application/x-dvi",' >>/$myLighttpConf
   echo '  ".gz"      => "application/x-gzip",' >>/$myLighttpConf
   echo '  ".pac"     => "application/x-ns-proxy-autoconfig",' >>/$myLighttpConf
   echo '  ".swf"     => "application/x-shockwave-flash",' >>/$myLighttpConf
   echo '  ".tar.gz"  => "application/x-tgz",' >>/$myLighttpConf
   echo '  ".tgz"     => "application/x-tgz",' >>/$myLighttpConf
   echo '  ".tar"     => "application/x-tar",' >>/$myLighttpConf
   echo '  ".zip"     => "application/zip",' >>/$myLighttpConf
   echo '  ".mp3"     => "audio/mpeg",' >>/$myLighttpConf
   echo '  ".m3u"     => "audio/x-mpegurl",' >>/$myLighttpConf
   echo '  ".wma"     => "audio/x-ms-wma",' >>/$myLighttpConf
   echo '  ".wax"     => "audio/x-ms-wax",' >>/$myLighttpConf
   echo '  ".ogg"     => "application/ogg",' >>/$myLighttpConf
   echo '  ".wav"     => "audio/x-wav",' >>/$myLighttpConf
   echo '  ".gif"     => "image/gif",' >>/$myLighttpConf
   echo '  ".jpg"     => "image/jpeg",' >>/$myLighttpConf
   echo '  ".jpeg"    => "image/jpeg",' >>/$myLighttpConf
   echo '  ".png"     => "image/png",' >>/$myLighttpConf
   echo '  ".xbm"     => "image/x-xbitmap",' >>/$myLighttpConf
   echo '  ".xpm"     => "image/x-xpixmap",' >>/$myLighttpConf
   echo '  ".xwd"     => "image/x-xwindowdump",' >>/$myLighttpConf
   echo '  ".css"     => "text/css",' >>/$myLighttpConf
   echo '  ".html"    => "text/html",' >>/$myLighttpConf
   echo '  ".htm"     => "text/html",' >>/$myLighttpConf
   echo '  ".js"      => "text/javascript",' >>/$myLighttpConf
   echo '  ".sh"      => "text/plain",' >>/$myLighttpConf
   echo '  ".asc"     => "text/plain",' >>/$myLighttpConf
   echo '  ".c"       => "text/plain",' >>/$myLighttpConf
   echo '  ".cpp"     => "text/plain",' >>/$myLighttpConf
   echo '  ".log"     => "text/plain",' >>/$myLighttpConf
   echo '  ".conf"    => "text/plain",' >>/$myLighttpConf
   echo '  ".text"    => "text/plain",' >>/$myLighttpConf
   echo '  ".txt"     => "text/plain",' >>/$myLighttpConf
   echo '  ".dtd"     => "text/xml",' >>/$myLighttpConf
   echo '  ".xml"     => "text/xml",' >>/$myLighttpConf
   echo '  ".mpeg"    => "video/mpeg",' >>/$myLighttpConf
   echo '  ".mpg"     => "video/mpeg",' >>/$myLighttpConf
   echo '  ".mov"     => "video/quicktime",' >>/$myLighttpConf
   echo '  ".qt"      => "video/quicktime",' >>/$myLighttpConf
   echo '  ".avi"     => "video/x-msvideo",' >>/$myLighttpConf
   echo '  ".asf"     => "video/x-ms-asf",' >>/$myLighttpConf
   echo '  ".asx"     => "video/x-ms-asf",' >>/$myLighttpConf
   echo '  ".wmv"     => "video/x-ms-wmv",' >>/$myLighttpConf
   echo '  ".bz2"     => "application/x-bzip",' >>/$myLighttpConf
   echo '  ".tbz"     => "application/x-bzip-compressed-tar",' >>/$myLighttpConf
   echo '  ".tar.bz2" => "application/x-bzip-compressed-tar"' >>/$myLighttpConf
   echo ')' >>/$myLighttpConf
   echo 'url.access-deny = ( "~", ".inc" )' >>/$myLighttpConf
   echo 'static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )' >>/$myLighttpConf
   echo 'server.pid-file = "/var/run/lighttpd.pid"' >>/$myLighttpConf
   echo 'auth.backend = "htdigest"' >>/$myLighttpConf
   echo 'auth.backend.htdigest.userfile = "/usr/local/www/.htpasswd"' >>/$myLighttpConf
   echo 'fastcgi.server = ( ".php" => ("localhost" => (' >>/$myLighttpConf
   echo '                       "bin-path" => "/usr/local/bin/php-cgi",' >>/$myLighttpConf
   echo '                       "socket" => "/tmp/php.socket"' >>/$myLighttpConf
   echo '                   )))' >>/$myLighttpConf
   echo 'auth.require = ( "/" => (' >>/$myLighttpConf
   echo '  "method"  => "basic",' >>/$myLighttpConf
   echo '  "realm"   => "ADMINISTRATION",' >>/$myLighttpConf
   echo '  "require" => "valid-user"' >>/$myLighttpConf
   echo '  ),' >>/$myLighttpConf
   echo ')' >>/$myLighttpConf
      
##### END LIGHTTPD.CONF #####
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "ENABLING LIGHTTPD AT STARTUP" -1 -1
   
   echo '# LIGHTTPD SERVER' >>/etc/rc.conf 
   echo 'lighttpd_enable="YES"' >>/etc/rc.conf
 
 

Now it is time to configure SLAPD [ Man Page ] and its' configuration file, slapd.conf [ Man Page].

$DIALOG --title "RUNNING AUTOMATED SETUP" \
 --infobox "CONFIGURING SLAPD" -1 -1
 stty -echo
###############
##SLAPD STUFF##
###############
mkdir /var/db/openldap-data
   cp /usr/local/etc/openldap/DB_CONFIG.example /var/db/openldap-data/DB_CONFIG
   chmod 700 /var/db/openldap-data
   chown ldap:ldap /var/db/openldap-data
cp /usr/local/share/examples/samba/LDAP/samba.schema /usr/local/etc/openldap/schema/samba.schema
      
# Setup Logging for SLAPD in /etc/syslog.conf
   echo "!slapd" >>  /etc/syslog.conf
   echo "*.*										/var/log/slapd.log" >> /etc/syslog.conf
touch /var/log/slapd.log
/etc/rc.d/syslogd restart
# Insert into /etc/rc.conf
   echo "#SLAPD STARTUP" >> /etc/rc.conf
   echo 'slapd_enable="YES"' >>/etc/rc.conf
   slapFlag1="'-h "
   slapURL='"ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldap://127.0.0.1/"'
   slapCloseQ="'"
   echo 'slapd_flags='$slapFlag1$slapURL$slapCloseQ  >>/etc/rc.conf
   echo 'slapd_sockets="/var/run/openldap/ldapi"'>>/etc/rc.conf
rm -f /usr/local/etc/openldap/slapd.conf
   slapConfig="/usr/local/etc/openldap/slapd.conf"
   mySlapPass=`/usr/local/sbin/slappasswd -s $myPassword`
echo '#########################################################' >$slapConfig
   echo '# See slapd.conf(5) for details on configuration options.' >>$slapConfig
   echo '# This file should NOT be world readable.' >>$slapConfig
   echo '#' >>$slapConfig
   echo 'include			/usr/local/etc/openldap/schema/core.schema' >>$slapConfig
   echo 'include			/usr/local/etc/openldap/schema/cosine.schema' >>$slapConfig
   echo 'include			/usr/local/etc/openldap/schema/inetorgperson.schema' >>$slapConfig
   echo 'include			/usr/local/etc/openldap/schema/misc.schema' >>$slapConfig
   echo 'include			/usr/local/etc/openldap/schema/nis.schema' >>$slapConfig
   echo 'include			/usr/local/etc/openldap/schema/openldap.schema' >>$slapConfig
   echo 'include			/usr/local/etc/openldap/schema/samba.schema' >>$slapConfig
   echo '#' >>$slapConfig
   echo 'pidfile		/var/run/openldap/slapd.pid' >>$slapConfig
   echo 'argsfile		/var/run/openldap/slapd.args' >>$slapConfig
   echo '#' >>$slapConfig
   echo '# Load dynamic backend modules:' >>$slapConfig
   echo 'modulepath	/usr/local/libexec/openldap' >>$slapConfig
   echo 'moduleload	back_bdb' >>$slapConfig
   echo '#' >>$slapConfig
   echo '#######################################################################' >>$slapConfig
   echo '# BDB database definitions' >>$slapConfig
   echo '#######################################################################' >>$slapConfig
   echo '#' >>$slapConfig
   echo 'database	bdb' >>$slapConfig
   echo 'suffix		"dc='$myDomainSub',dc='$myDomainRoot'"' >>$slapConfig
   echo 'rootdn		"cn=Manager,dc='$myDomainSub',dc='$myDomainRoot'"' >>$slapConfig
   echo 'rootpw          ' $mySlapPass >>$slapConfig
   echo 'directory	/var/db/openldap-data' >>$slapConfig
   echo '# Indices to maintain' >>$slapConfig
   echo 'index	  objectClass	  eq' >>$slapConfig
   echo 'index	  cn			  pres,sub,eq' >>$slapConfig
   echo 'index	  sn			  pres,sub,eq' >>$slapConfig
   echo 'index	  uid			  pres,sub,eq' >>$slapConfig
   echo 'index	  displayName	  pres,sub,eq' >>$slapConfig
   echo 'index	  uidNumber				  eq' >>$slapConfig
   echo 'index	  gidNumber				  eq' >>$slapConfig
   echo 'index	  memberUID				  eq' >>$slapConfig
   echo 'index	  sambaSID				  eq' >>$slapConfig
   # Added sambaSIDList because slapd.log was showing an error about it not being indexed.
   echo 'index	  sambaSIDList			  eq' >>$slapConfig
   echo 'index	  sambaPrimaryGroupSID	  eq' >>$slapConfig
   # Added sambaGroupType because slapd.log was showing an error about it not being indexed.
   echo 'index	  sambaGroupType		  eq' >>$slapConfig
   echo 'index	  sambaDomainName		  eq' >>$slapConfig
   echo 'index	  default				  sub' >>$slapConfig
      
stty echo
 
 

Configure NSS_LDAP to work with our setup. [ Man Page ]

$DIALOG --title "RUNNING AUTOMATED SETUP" \
 --infobox "CONFIGURING NSS_LAPD" -1 -1
 stty -echo
#######################
##NSS_LDAP.CONF STUFF##
#######################
nssConfig="/usr/local/etc/nss_ldap.conf"
   echo '# nss_ldap.conf /usr/local/etc/nss_ldap.conf' >$nssConfig
   echo ' ' >>$nssConfig
   echo 'base dc='$myDomainSub',dc='$myDomainRoot >>$nssConfig
   echo ' ' >>$nssConfig
   echo 'bind_policy soft' >>$nssConfig
   echo 'bind_timelimit 10' >>$nssConfig
   echo ' ' >>$nssConfig
   echo 'host localhost' >>$nssConfig
   echo 'idle_timelimit 3600' >>$nssConfig
   echo 'ldap_version 3' >>$nssConfig
   echo ' ' >>$nssConfig
   echo 'nss_base_group  ou=Groups,dc='$myDomainSub',dc='$myDomainRoot'?one' >>$nssConfig
   echo 'nss_base_passwd ou=People,dc='$myDomainSub',dc='$myDomainRoot'?one' >>$nssConfig
   echo 'nss_base_passwd ou=Computers,dc='$myDomainSub',dc='$myDomainRoot'?one' >>$nssConfig
   echo 'nss_base_shadow ou=People,dc='$myDomainSub',dc='$myDomainRoot'?one' >>$nssConfig
   echo ' ' >>$nssConfig
   echo 'nss_connect_policy oneshot' >>$nssConfig
   echo 'nss_paged_results yes' >>$nssConfig
   echo '' >>$nssConfig
   echo 'pagesize 1000' >>$nssConfig
   echo 'port 389' >>$nssConfig
   echo 'scope one' >>$nssConfig
   echo 'timelimit 30' >>$nssConfig
   rm -f /usr/local/etc/openldap/ldap.conf >>/root/setup.log
   ln -s /usr/local/etc/nss_ldap.conf /usr/local/etc/openldap/ldap.conf >>/root/setup.log
   ln -s /usr/local/etc/nss_ldap.conf /usr/local/etc/ldap.conf >>/root/setup.log
stty echo
 
 

Now it is time to configure SAMBA [ Man Page ] and our smb.conf file [ Man Page ] to work with our LDAP back end and to create the directories that we will be using for our user data.

$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "CONFIGURING SAMBA" -1 -1
   stty -echo
   ################
   ## SAMBA STUFF##
   ################
   mkdir /usr/local/samba
   echo "root = administrator" >/usr/local/samba/usermap
   rm /usr/local/etc/smb.conf
   touch /usr/local/etc/smb.conf
   mySMBConfig="/usr/local/etc/smb.conf"
   echo '################################################## ' >>$mySMBConfig
   echo '#CREATED:' `date` >>$mySMBConfig
   echo '################################################## ' >>$mySMBConfig
   echo '# Global parameters' >>$mySMBConfig
   echo '[global]' >>$mySMBConfig
   echo '		workgroup = '$myWorkGroupName >>$mySMBConfig
   echo '		server string = '$longName >>$mySMBConfig
   echo '		netbios name = '$myNETBIOSName >>$mySMBConfig
   echo '		hosts allow = '$myNetwork' 127. 10.0.1.' >>$mySMBConfig
   echo '		interfaces = '$myInterface', lo' >>$mySMBConfig
   echo '		bind interfaces only = Yes' >>$mySMBConfig
   echo ' ' >>$mySMBConfig
   echo '		encrypt passwords = yes' >>$mySMBConfig
   echo '		passdb backend   = ldapsam:ldap://'$longName'/' >>$mySMBConfig
   echo '		enable privileges = yes' >>$mySMBConfig
   echo '		pam password change= Yes' >>$mySMBConfig
   echo '		passwd program = /usr/bin/passwd %u' >>$mySMBConfig
   echo '		passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully*' >>$mySMBConfig
   echo '		unix password sync = Yes' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '		log level = 1' >>$mySMBConfig
   echo '		log file = /var/log/samba/%m' >>$mySMBConfig
   echo '		max log size = 50' >>$mySMBConfig
   echo '		syslog = 0' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '		name resolve order = wins bcast host' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '		timeserver = Yes' >>$mySMBConfig
   echo '		socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192' >>$mySMBConfig
   echo '		use sendfile = yes' >>$mySMBConfig
   echo '		veto files = /*.eml/*.nws/*.{*}/' >>$mySMBConfig
   echo '		veto oplock files = /*.doc/*.xls/*.mdb/' >>$mySMBConfig
   echo '		deadtime         = 120' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '# Dos-Attribute' >>$mySMBConfig
   echo '      map hidden = No' >>$mySMBConfig
   echo '      map system = No' >>$mySMBConfig
   echo '      map archive = No' >>$mySMBConfig
   echo '      map read only = No' >>$mySMBConfig
   echo '      store dos attributes = Yes' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '      load printers = Yes' >>$mySMBConfig
   echo '      printcap name = CUPS' >>$mySMBConfig
   echo '      printing = cups' >>$mySMBConfig
   echo '      cups options = Raw' >>$mySMBConfig
   echo '      show add printer wizard = No' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '# Scripts Invoked By Samba' >>$mySMBConfig
   echo '	add user script               = /usr/local/sbin/smbldap-useradd -m "%u"' >>$mySMBConfig
   echo '	delete user script            = /usr/local/sbin/smbldap-userdel "%u"' >>$mySMBConfig
   echo '	add group script              = /usr/local/sbin/smbldap-groupadd -p "%g"' >>$mySMBConfig
   echo '	delete group script           = /usr/local/sbin/smbldap-groupdel "%g"' >>$mySMBConfig
   echo '	add user to group script      = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"' >>$mySMBConfig
   echo '	delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"' >>$mySMBConfig
   echo '	set primary group script      = /usr/local/sbin/smbldap-usermod -g "%g" "%u"' >>$mySMBConfig
   echo '	add machine script            = /usr/local/sbin/smbldap-useradd -w "%m"' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '# LDAP-Configuration' >>$mySMBConfig
   echo '      ldap delete dn                = Yes' >>$mySMBConfig
   echo '      ldap ssl                      = off' >>$mySMBConfig
   echo '      ldap passwd sync              = Yes' >>$mySMBConfig
   echo '      ldap suffix                   = dc='$myDomainSub',dc='$myDomainRoot >>$mySMBConfig
   echo '      ldap machine suffix           = ou=Computers' >>$mySMBConfig
   echo '      ldap user suffix              = ou=People' >>$mySMBConfig
   echo '      ldap group suffix             = ou=Groups' >>$mySMBConfig
   echo '      ldap idmap suffix             = ou=Idmap' >>$mySMBConfig
   echo '      ldap admin dn                 = cn=Manager,dc='$myDomainSub',dc='$myDomainRoot >>$mySMBConfig
   echo '      idmap backend                 = ldap:ldap://'$longName >>$mySMBConfig
   echo '      idmap uid                     = 10000-20000' >>$mySMBConfig
   echo '      idmap gid                     = 10000-20000' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '# Logon Options' >>$mySMBConfig
   echo '      logon script = logon.bat' >>$mySMBConfig
   echo '      logon path = \\%L\profiles\%U' >>$mySMBConfig
   echo '      logon home = \\%L\%U' >>$mySMBConfig
   echo '      logon drive = Z:' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '# Setting up as domain controller' >>$mySMBConfig
   echo '      username map = /usr/local/samba/usermap' >>$mySMBConfig
   echo '      preferred master = Yes' >>$mySMBConfig
   echo '      wins support = Yes' >>$mySMBConfig
   echo '      domain logons = Yes' >>$mySMBConfig
   echo '      domain master = Yes' >>$mySMBConfig
   echo '      local master = Yes' >>$mySMBConfig
   echo '      os level = 64' >>$mySMBConfig
   echo '      map acl inherit = Yes' >>$mySMBConfig
   echo '      unix charset     = UTF8' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '#============================ Share Definitions ==============================' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '[netlogon]' >>$mySMBConfig
   echo '      comment = Network Logon Service' >>$mySMBConfig
   echo '      path = /home/netlogon' >>$mySMBConfig
   echo '      guest ok = yes' >>$mySMBConfig
   echo '      locking = no' >>$mySMBConfig
   echo '      browseable = No' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '[homes]' >>$mySMBConfig
   echo '      comment = Home Directories' >>$mySMBConfig
   echo '     valid users = %S' >>$mySMBConfig
   echo '      read only = No' >>$mySMBConfig
   echo '      browseable = No' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '[Profiles]' >>$mySMBConfig
   echo '      comment = Network Profiles Service' >>$mySMBConfig
   echo '      path = /home/profiles' >>$mySMBConfig
   echo '      read only = No' >>$mySMBConfig
   echo '      profile acls = yes' >>$mySMBConfig
   echo '      hide files = /desktop.ini/ntuser.ini/NTUSER.*/' >>$mySMBConfig
   echo '      profile acls = Yes' >>$mySMBConfig
   echo '      browseable = No' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '[printers]' >>$mySMBConfig
   echo '      comment = All Printers' >>$mySMBConfig
   echo '      path = /var/spool/samba' >>$mySMBConfig
   echo '      browseable = No' >>$mySMBConfig
   echo '      guest ok = Yes' >>$mySMBConfig
   echo '      printable = Yes' >>$mySMBConfig
   echo '      use client driver = Yes' >>$mySMBConfig
   echo '      default devmode = Yes' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '[print$]' >>$mySMBConfig
   echo '      comment = Printer Drivers' >>$mySMBConfig
   echo '      path = /home/printer-drivers' >>$mySMBConfig
   echo '      browseable = yes' >>$mySMBConfig
   echo '      guest ok = no' >>$mySMBConfig
   echo '      read only = yes' >>$mySMBConfig
   echo '      write list = root' >>$mySMBConfig
   echo '' >>$mySMBConfig
   echo '[Shared Data]' >>$mySMBConfig
   echo '      comment = Shared Data Directory' >>$mySMBConfig
   echo '      path = /home/shared_data' >>$mySMBConfig
   echo '      write list = @'$myDomainSub >>$mySMBConfig
   echo '      read only = No' >>$mySMBConfig
   echo '      create mask = 0777' >>$mySMBConfig
   echo '      directory mask = 0777' >>$mySMBConfig
   echo ' ' >>$mySMBConfig
   mkdir /home/netlogon
   mkdir /home/profiles
   mkdir /home/printer-drivers
   mkdir /home/shared_data
   chmod 777 /home/netlogon
   chmod 777 /home/profiles
   chmod 777 /home/printer-drivers
   chmod 777 /home/shared_data
 
 

Stop the SLAPD server and use smbpasswd [ Man Page ] to put our password (which you entered at the begining of this script) into the secrets.tdb file.

/usr/local/etc/rc.d/slapd stop
/usr/local/bin/smbpasswd -w $myPassword
 
 

Enable SAMBA at startup and edit the startup script .

echo "# Enable Samba" >> /etc/rc.conf
   echo nmbd_enable="YES" >> /etc/rc.conf
   echo smbd_enable="YES" >> /etc/rc.conf
   echo winbindd_enable="YES" >> /etc/rc.conf
   echo cupsd_enable="YES" >> /etc/rc.conf
    
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "EDITING SAMBA STARTUP SCRIPT" -1 -1
   stty echo
   ##### EDIT SAMBA STARTUP SCRIPT #####
   cd /usr/local/etc/rc.d/
   cp /usr/local/etc/rc.d/samba /usr/local/etc/rc.d/samba.bak
   sed 's/# REQUIRE: cupsd/# REQUIRE: cupsd slapd/g' /usr/local/etc/rc.d/samba.bak >> /usr/local/etc/rc.d/samba.tmp
   cat /usr/local/etc/rc.d/samba.tmp > /usr/local/etc/rc.d/samba
   rm -f /usr/local/etc/rc.d/samba.tmp
   mv /usr/local/etc/rc.d/samba.bak /root/samba.bak
   chmod 555 /usr/local/etc/rc.d/samba
   ##### END EDIT SAMBA STARTUP SCRIPT #####

 

Create a symbolic link for the smbldap-tools.

#Create symbolic link from /etc/smbldap-tools --> /usr/local/etc/smbldap-tools
   ln -s /usr/local/etc/smbldap-tools /etc/smbldap-tools
 
 

Start the SLAPD and SAMBA services and edit the nsswitch config file to include "files ldap" instead of "compat" for groups and passwd entries.

$DIALOG --title "RUNNING AUTOMATED SETUP" \
 --infobox "STARTING SAMBA NOW" -1 -1
#Starting Samba
   clear
   /usr/local/etc/rc.d/slapd start >>/root/setup.log
   /usr/local/etc/rc.d/samba start >>/root/setup.log
   sleep .5
      
$DIALOG --title "RUNNING AUTOMATED SETUP" \
   --infobox "EDITING NSSWITCH.CONF" -1 -1
##### EDIT NSSWITCH.CONF #####
   cd /etc/
   cp /etc/nsswitch.conf /etc/nsswitch.conf.bak
   sed -e 's/passwd: compat/passwd: files ldap/g' -e 's/group: compat/group: files ldap/g' /etc/nsswitch.conf >> /etc/nsswitch.conf.tmp
   cat nsswitch.conf.tmp > nsswitch.conf
   rm -f /etc/nsswitch.conf.tmp
   ##### END EDIT NSSWITCH.CONF #####
 
 

Restart SLAPD now that we have the nsswitch edits done.

stty echo
# ADD A SLEEP HERE TO ALLOW THINGS TO COME UP....
   /usr/local/etc/rc.d/slapd restart >>/root/setup.log
sleep 1

 

This next part is me doing my best to completly automate this process by not using the configure.pl script that comes with smbldap-tools. We already have all of the information we need or we can get it, so let's use it and skip the part where we hit enter 20 times.

mySID=`/usr/local/bin/net getlocalsid |awk '{print $6}'`
# CREATING THE FILES MYSELF INSTEAD OF USING THE CONFIGURE.PL
   #/usr/local/share/examples/smbldap-tools/configure.pl
# SMBSLAP TOOLS REPLACEMENT SCRIPT
   slapdConf2="/usr/local/etc/smbldap-tools/smbldap.conf"
echo 'SID="'$mySID'"' >$slapdConf2
   echo 'sambaDomain="'$myWorkGroupName'"' >>$slapdConf2
   echo 'masterLDAP="'$longName'"' >>$slapdConf2
   echo 'masterPort="389"' >>$slapdConf2
   echo 'slaveLDAP="'$longName'"' >>$slapdConf2
   echo 'slavePort="389"' >>$slapdConf2
   echo 'ldapTLS="0"' >>$slapdConf2
   echo 'verify=""' >>$slapdConf2
   echo 'cafile=""' >>$slapdConf2
   echo 'clientcert=""' >>$slapdConf2
   echo 'clientkey=""' >>$slapdConf2
   echo 'suffix="dc='$myDomainSub',dc='$myDomainRoot'"' >>$slapdConf2
   echo 'usersdn="ou=People,dc='$myDomainSub',dc='$myDomainRoot'"' >>$slapdConf2
   echo 'computersdn="ou=Computers,dc='$myDomainSub',dc='$myDomainRoot'"' >>$slapdConf2
   echo 'groupsdn="ou=Groups,dc='$myDomainSub',dc='$myDomainRoot'"' >>$slapdConf2
   echo 'idmapdn="ou=Idmap,dc='$myDomainSub',dc='$myDomainRoot'"' >>$slapdConf2
   echo 'sambaUnixIdPooldn="sambaDomainName='$myWorkGroupName',dc='$myDomainSub',dc='$myDomainRoot'"' >>$slapdConf2
   echo 'scope="sub"' >>$slapdConf2
   echo 'hash_encrypt="SSHA"' >>$slapdConf2
   echo 'crypt_salt_format=""' >>$slapdConf2
   echo 'userLoginShell="/bin/sh"' >>$slapdConf2
   echo 'userHome="/home/%U"' >>$slapdConf2
   echo 'userHomeDirectoryMode="700"' >>$slapdConf2
   echo 'userGecos="System User"' >>$slapdConf2
   echo 'defaultUserGid="513"' >>$slapdConf2
   echo 'defaultComputerGid="515"' >>$slapdConf2
   echo 'skeletonDir="/etc/skel"' >>$slapdConf2
   echo 'defaultMaxPasswordAge="100000"' >>$slapdConf2
   echo 'userSmbHome="\%L%U"' >>$slapdConf2
   echo 'userProfile="\\'$shortName'\profiles\%U"' >>$slapdConf2
   echo 'userHomeDrive="Z:"' >>$slapdConf2
   echo 'userScript="logon.bat"' >>$slapdConf2
   echo 'mailDomain="'$myDomainSub'.'$myDomainRoot'"' >>$slapdConf2
   echo 'with_smbpasswd="0"' >>$slapdConf2
   echo 'smbpasswd="/usr/local/bin/smbpasswd"' >>$slapdConf2
   echo 'with_slappasswd="0"' >>$slapdConf2
   echo 'slappasswd="/usr/local/sbin/slappasswd"' >>$slapdConf2
   chmod 0600 $slapdConf2
   # 
   mysmbldap_bind="/usr/local/etc/smbldap-tools/smbldap_bind.conf"
   ############################
   # Credential Configuration #
   ############################
   echo 'masterDN="cn=Manager,dc='$myDomainSub',dc='$myDomainRoot'"' >$mysmbldap_bind
   echo 'masterPw="'$myPassword'"' >>$mysmbldap_bind
   chmod 0600 $mysmbldap_bind
   ########
   /usr/local/etc/rc.d/slapd stop >>/root/setup.log
   /usr/local/etc/rc.d/slapd start >>/root/setup.log
   echo "Waiting for services to settle....."

 

Populate the LDAP database - this is where you will be prompted for your "new root password" twice.
I use the same one that I entered at the start of this script.

/usr/local/sbin/smbldap-populate -u 10000 -g 10000 -r 10000 
 

Now lets stop and restart Samba, which has surley died by now and join our new domain.
It dies before we get here on 6 out of 10 times, so I just restart it to be sure.

clear
   echo "Stopping SAMBA...."
 /usr/local/etc/rc.d/samba stop >>/root/setup.log
echo "Starting SAMBA...."
   /usr/local/etc/rc.d/samba start >>/root/setup.log
echo "##############################"
   echo "Attempting to join the domain."
   echo "##############################"
   echo " "
   net rpc join -S $shortName -Uroot%$myPassword 
   sleep 1
   clear

If all went well you should see "Joined {Your Domain Name} Domain"

 

Here in the step we are setting up the system be a Time Server on your network and to use a Time Server to set its' own time.
You can obviously use whatever time servers you want to. I put in an IP address for the Apple time server because I was getting a few errors on boot about NTPDate not being able to find a suitable server to set the time from. 

   echo "Setting up Time Server"
   echo "# Apple Time Server IP Address" >/etc/ntp.conf
   echo "server 17.151.16.23" >>/etc/ntp.conf
   echo "# NIST Time Servers" >>/etc/ntp.conf
   echo "server time-a.nist.gov" >>/etc/ntp.conf
   echo "server time.nist.gov" >>/etc/ntp.conf
   echo " " >>/etc/ntp.conf
   echo "driftfile /var/db/ntp.drift" >>/etc/ntp.conf
   echo "restrict "$myNetwork"0 nomodify notrap" >>/etc/ntp.conf
   echo '' >>/etc/rc.conf
   echo '# NTPD SERVER STARTUP' >>/etc/rc.conf
   echo 'ntpdate_enable="YES"' >>/etc/rc.conf
   echo 'ntpd_enable="YES"' >>/etc/rc.conf
   clear

 

Here we are creating the "Version" file that we will be using for data on our web status page.

   echo "Setting up Version file"
   # Create version.inf file for use by the system administration website.
   #
   echo $VersionInfo >/etc/version.inf
   clear
 
 

I noticed an issue where on a Mac client after the first time I mounted a share and copied data it would disappear. It was there, but there was a permission error and it wouldn't let me read the data I just wrote until after I disconnected from the share and reconnected. It never happens again, but is still annoying. This step fixes that issue, which does not seem to affect Windows users.

echo "Creating place holder files in /etc/skel and /home/shared_data"
   # This next step fixes an issue where on a MAC you have to remount the share to see the files you have added.
   # It only happens the first time, but this fixes it so it never happens.
   echo "PLACEHOLDER - OKAY TO DELETE" >/etc/skel/PLACEHOLDER.txt
 chmod a+rw /etc/skel/PLACEHOLDER.txt
echo "PLACEHOLDER - OKAY TO DELETE" >/home/shared_data/PLACEHOLDER.txt
   chmod a+rw /home/shared_data/PLACEHOLDER.txt
   clear

 

I wanted to add an example file that would help to explain how to add users from the command line by showing you what needs to be done.
Once you have rebooted your server you will find this file in your /root/ directory. I am downloading the example file and changing the "Server Name" to match your server name. All you need to do is edit your user information and after you have you will be able to "sh adduser_example.txt" and you will be prompted for the users new password.

echo "Fetching add user example file"
   # Fetch and modify the add user example file
   cd /root/ 
 fetch https://svn.sourceforge.net/svnroot/autosambaldap/MAINSCRIPT/adduser_example.txt
sed -e 's/SERVERNAME/'$myNETBIOSName'/g' /root/adduser_example.txt >> /root/adduser_example.tmp
   cat /root/adduser_example.tmp >/root/adduser_example.txt
   rm -f /root/adduser_example.tmp
   #

 

The final steps are to adjust the message of the day file (/etc/motd), echo the stop time into the setup.log, copy it to the website root (so you can view it from the a browser), and prompt the user to to reboot.

echo "This server has automatically been configured!" >/etc/motd
   echo "Server Configuration Was Completed on: `date`" >>/etc/motd
   echo "You should now be able to access shares with your administrator user/password" >>/etc/motd
   echo " ">>/etc/motd
   echo 'Review the file "/root/adduser_example.txt" for an example on how to add users from the command line.' >>/etc/motd
   echo " ">>/etc/motd
   echo " ">>/etc/motd
   echo "Please report Success or Failure to {EMAIL REMOVED}" >>/etc/motd
   #
   # Thanks Elizabeth for making me check my work again and finding the typo on Line 1159.
   #
   echo "Stop Time: " `date` >>/root/setup.log
 cp /root/setup.log /usr/local/www/setup.txt
$DIALOG --title "!!! NOTICE !!!" --msgbox "BINDv9 HAS BEEN INSTALLED, BUT NOT FULLY CONFIGURED\n\
   YOUR WEBSERVER USERNAME IS: admin\n\
   YOUR WEBSERVER PASSWORD IS: $myPassword\n\n\
   ONCE YOURSYSTEM HAS REBOOTED, GO TO: http://$myIP/index.php\n\
   PRESS OKAY TO REBOOT" -1 -1
reboot
exit 0
 
 


That's all folks!!!

You now have a fully functional file server. You can immediately connect to the server once it has rebooted with your administrator credentials (administrator/your-secret-password).

You can add users via the command line as you will see in the adduser_example.txt file or you can use the Microsoft User Manager for Domains that we discussed at the start of this document.

It probably took longer for you to read this than it would have taken to setup your first server....

 

Last Updated: April 04, 2009- Copyright 2009 - Adam G. Sweeney - All Rights Reserved
Get this Document as a PDF File

Support This Project

Not what you are looking for?? Go to the forums.