Last active
August 29, 2015 13:58
-
-
Save pol/10038629 to your computer and use it in GitHub Desktop.
MSU RCG SMB/LDAP conf files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # /etc/pam.d/common-account - authorization settings common to all services | |
| # | |
| # This file is included from other service-specific PAM config files, | |
| # and should contain a list of the authorization modules that define | |
| # the central access policy for use on the system. The default is to | |
| # only deny service to users whose accounts are expired in /etc/shadow. | |
| # | |
| # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | |
| # To take advantage of this, it is recommended that you configure any | |
| # local modules either before or after the default block, and use | |
| # pam-auth-update to manage selection of other modules. See | |
| # pam-auth-update(8) for details. | |
| # | |
| # here are the per-package modules (the "Primary" block) | |
| account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so | |
| account [success=1 default=ignore] pam_ldap.so | |
| # here's the fallback if no module succeeds | |
| account requisite pam_deny.so | |
| # prime the stack with a positive return value if there isn't one already; | |
| # this avoids us returning an error just because nothing sets a success code | |
| # since the modules above will each just jump around | |
| account required pam_permit.so | |
| # and here are more per-package modules (the "Additional" block) | |
| # end of pam-auth-update config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # /etc/pam.d/common-auth - authentication settings common to all services | |
| # | |
| # This file is included from other service-specific PAM config files, | |
| # and should contain a list of the authentication modules that define | |
| # the central authentication scheme for use on the system | |
| # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the | |
| # traditional Unix authentication mechanisms. | |
| # | |
| # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | |
| # To take advantage of this, it is recommended that you configure any | |
| # local modules either before or after the default block, and use | |
| # pam-auth-update to manage selection of other modules. See | |
| # pam-auth-update(8) for details. | |
| # here are the per-package modules (the "Primary" block) | |
| #auth [success=2 default=ignore] pam_unix.so nullok_secure | |
| #auth [success=1 default=ignore] pam_ldap.so use_first_pass | |
| auth required pam_listfile.so onerr=fail item=user sense=allow file=/etc/login.users.allowed | |
| auth sufficient pam_unix.so nullok_secure | |
| auth sufficient pam_ldap.so use_first_pass | |
| # here's the fallback if no module succeeds | |
| auth requisite pam_deny.so | |
| # prime the stack with a positive return value if there isn't one already; | |
| # this avoids us returning an error just because nothing sets a success code | |
| # since the modules above will each just jump around | |
| auth required pam_permit.so | |
| # and here are more per-package modules (the "Additional" block) | |
| auth optional pam_cap.so | |
| # end of pam-auth-update config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # /etc/pam.d/common-password - password-related modules common to all services | |
| # | |
| # This file is included from other service-specific PAM config files, | |
| # and should contain a list of modules that define the services to be | |
| # used to change user passwords. The default is pam_unix. | |
| # Explanation of pam_unix options: | |
| # | |
| # The "sha512" option enables salted SHA512 passwords. Without this option, | |
| # the default is Unix crypt. Prior releases used the option "md5". | |
| # | |
| # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in | |
| # login.defs. | |
| # | |
| # See the pam_unix manpage for other options. | |
| # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | |
| # To take advantage of this, it is recommended that you configure any | |
| # local modules either before or after the default block, and use | |
| # pam-auth-update to manage selection of other modules. See | |
| # pam-auth-update(8) for details. | |
| # here are the per-package modules (the "Primary" block) | |
| password [success=2 default=ignore] pam_unix.so obscure sha512 | |
| password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass | |
| # here's the fallback if no module succeeds | |
| password requisite pam_deny.so | |
| # prime the stack with a positive return value if there isn't one already; | |
| # this avoids us returning an error just because nothing sets a success code | |
| # since the modules above will each just jump around | |
| password required pam_permit.so | |
| # and here are more per-package modules (the "Additional" block) | |
| # end of pam-auth-update config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # /etc/pam.d/common-session - session-related modules common to all services | |
| # | |
| # This file is included from other service-specific PAM config files, | |
| # and should contain a list of modules that define tasks to be performed | |
| # at the start and end of sessions of *any* kind (both interactive and | |
| # non-interactive). | |
| # | |
| # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | |
| # To take advantage of this, it is recommended that you configure any | |
| # local modules either before or after the default block, and use | |
| # pam-auth-update to manage selection of other modules. See | |
| # pam-auth-update(8) for details. | |
| # here are the per-package modules (the "Primary" block) | |
| session [default=1] pam_permit.so | |
| # here's the fallback if no module succeeds | |
| session requisite pam_deny.so | |
| # prime the stack with a positive return value if there isn't one already; | |
| # this avoids us returning an error just because nothing sets a success code | |
| # since the modules above will each just jump around | |
| session required pam_permit.so | |
| # and here are more per-package modules (the "Additional" block) | |
| session required pam_unix.so | |
| session optional pam_ldap.so | |
| # end of pam-auth-update config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # /etc/pam.d/common-session-noninteractive - session-related modules | |
| # common to all non-interactive services | |
| # | |
| # This file is included from other service-specific PAM config files, | |
| # and should contain a list of modules that define tasks to be performed | |
| # at the start and end of all non-interactive sessions. | |
| # | |
| # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | |
| # To take advantage of this, it is recommended that you configure any | |
| # local modules either before or after the default block, and use | |
| # pam-auth-update to manage selection of other modules. See | |
| # pam-auth-update(8) for details. | |
| # here are the per-package modules (the "Primary" block) | |
| session [default=1] pam_permit.so | |
| # here's the fallback if no module succeeds | |
| session requisite pam_deny.so | |
| # prime the stack with a positive return value if there isn't one already; | |
| # this avoids us returning an error just because nothing sets a success code | |
| # since the modules above will each just jump around | |
| session required pam_permit.so | |
| # and here are more per-package modules (the "Additional" block) | |
| session required pam_unix.so | |
| session optional pam_ldap.so | |
| # end of pam-auth-update config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # /etc/krb5.conf | |
| # | |
| default = FILE:/var/log/krb5libs.log | |
| kdc = FILE:/var/log/krb5kdc.log | |
| admin_server = FILE:/var/log/kadmind.log | |
| [libdefaults] | |
| default_realm = MSU.MONTANA.EDU | |
| dns_lookup_realm = false | |
| dns_lookup_kdc = false | |
| ticket_lifetime = 24h | |
| forwardable = yes | |
| [realms] | |
| MSU.MONTANA.EDU = { | |
| kdc = obsidian.msu.montana.edu | |
| admin_server = obsidian.msu.montana.edu | |
| default_domain = MSU.MONTANA.EDU | |
| } | |
| [domain_realm] | |
| .msu.montana.edu = MSU.MONTANA.EDU | |
| msu.montana.edu = MSU.MONTANA.EDU |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # /etc/ldap.conf | |
| # | |
| # The distinguished name of the search base. | |
| base ou=People,dc=montana,dc=edu | |
| # The uri to the ldap server | |
| uri ldaps://ds.montana.edu/ | |
| # The distinguished name to bind to the server with. | |
| # Optional: default is to bind anonymously. | |
| binddn cn=*USER-STRIPPED*,dc=montana,dc=edu | |
| # The credentials to bind with. | |
| # Optional: default is no credential. | |
| bindpw *PASS-STRIPPED* | |
| # HEADS UP: the pam_crypt, pam_nds_passwd, | |
| # and pam_ad_passwd options are no | |
| # longer supported. | |
| # | |
| # Do not hash the password at all; presume | |
| # the directory server will do it, if | |
| # necessary. This is the default. | |
| pam_password md5 | |
| # OpenLDAP SSL mechanism | |
| # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 | |
| #ssl start_tls | |
| ssl on | |
| nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,list,lp,mail,man,munin,nagios,news,ntp,proxy,root,sshd,statd,sync,sys,syslog,uucp,www-data |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/nsswitch.conf | |
| # | |
| # Example configuration of GNU Name Service Switch functionality. | |
| # If you have the `glibc-doc-reference' and `info' packages installed, try: | |
| # `info libc "Name Service Switch"' for information about this file. | |
| # pre_auth-client-config # passwd: compat | |
| passwd: files ldap | |
| # pre_auth-client-config # group: compat | |
| group: files ldap | |
| # pre_auth-client-config # shadow: compat | |
| shadow: files ldap | |
| hosts: files dns | |
| networks: files | |
| protocols: db files | |
| services: db files | |
| ethers: db files | |
| rpc: db files | |
| # pre_auth-client-config # netgroup: nis | |
| netgroup: nis |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/samba/smb.conf | |
| # | |
| # Main Samba configuration file. | |
| # Setup is for RCG LDAP+AD Testing Environment | |
| # Author: [email protected] | |
| # | |
| # | |
| [global] | |
| realm = MSU.MONTANA.EDU | |
| workgroup = MSU | |
| security = ADS | |
| encrypt passwords = true | |
| log level = 3 | |
| log file = /var/log/samba/%U.log | |
| max log size = 50 | |
| template shell = /bin/bash | |
| server string = RCG Samba Server | |
| syslog = 0 | |
| log file = /var/log/samba/log.%m | |
| max log size = 1000 | |
| dns proxy = No | |
| panic action = /usr/share/samba/panic-action %d | |
| wins server = 153.90.2.87 | |
| name resolve order = hosts lmhosts wins bcast | |
| create mask = 0660 | |
| force create mode = 0660 | |
| security mask = 000 | |
| force security mode = 660 | |
| directory mask = 0770 | |
| force directory mode = 0770 | |
| directory security mask = 000 | |
| force directory security mode = 770 | |
| read only = no | |
| browseable = no | |
| #hosts allow = 153.90. | |
| #============ This stuff here to make OSX happy ===================== | |
| #ea support = Yes | |
| use sendfile = Yes | |
| posix locking = No | |
| strict locking = Yes | |
| #============================ Share Definitions ============================== | |
| [rcg] | |
| force group = rcg-samba | |
| hosts allow = 153.90. 127.0.0.1 | |
| path = /mnt/gluster/storage/rcg | |
| comment = RCG Legacy Gluster Share | |
| browseable = yes | |
| #valid users = @rcg-samba | |
| valid users = d86r845, n94r538, x58z545, pol.llovet, sean.cleveland, thomas.heetderks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment