Skip to content

Instantly share code, notes, and snippets.

@pythoninthegrass

pythoninthegrass/smb.sh

Last active January 24, 2025 09:53
Show Gist options
  • Save pythoninthegrass/b811c344defc9cc3d2090ef523e6d5b4 to your computer and use it in GitHub Desktop.
Save pythoninthegrass/b811c344defc9cc3d2090ef523e6d5b4 to your computer and use it in GitHub Desktop.
Download ZIP
Edited QNAP TS-453A /etc/init.d/smb.sh config to automatically generate a more performant /etc/config/smb,conf.
Raw
smb.sh
#!/bin/sh
# SOURCES:
# QNAP persistent smb.conf commands @ https://forum.qnap.com/viewtopic.php?t=132175
# Socket options @ https://calomel.org/samba_optimize.html
# Server multichannel support / AIO @ https://blog.chaospixel.com/linux/2016/09/samba-enable-smb-multichannel-support-on-linux.html
# Min receivefile, RW raw, AIO switched aio to 16384 @ https://superuser.com/a/928126
netbios_wrapper()
{
# bug 91339 - Failed to enable DC with a long domain name (KS-Redmine #22772)
netbios=`echo $1 | cut -d . -f 1 | tr [a-z] [A-Z] | cut -c -15`
}
ha_bypass_start_services()
{
HA_ENABLED=`/sbin/getcfg Global ha_enabled -d no -f /etc/config/ha/qha.conf`
/bin/pidof qlm_util >/dev/null 2>&1
ret=$?
if [ "x$HA_ENABLED" = "xyes" ] && [ $ret != 0 ]; then
exit 0
fi
}
ha_bypass_start_services
. /etc/init.d/functions
CONFIG=/etc/config/smb.conf
SMBD_LOCKS="/usr/local/samba/var/locks"
GROUP_FILE="/etc/group"
SAMBA_NET="/usr/local/samba/bin/net"
WBINFO="/usr/bin/wbinfo"
DEFAULT_VETO_FILE="/etc/default_config/veto_file.conf"
qpath="/share/Qsync"
BACKUP_NAME="dc_backup"
SMB_PATH="/mnt/ext/opt"
SMB_TARGET_NAME=".samba_target"
SMB_HIDDEN_NAME=".samba"
NEW_TAR="/usr/local/samba/bin/tar"
BACKUP_CHECK="/tmp/.samba4_backup_check"
SMB_DO_CMD="/tmp/.samba4_do_cmd"
BACKUP_TAR_LOG="/tmp/backup_online_tar_log"
DLZ_FILE="samba4_dlz"
NAMED_RESTART="/tmp/named_restart"
ENABLE_ADDC_LOG="/tmp/enable_addc.log"
USB_Q_CONFIG="/etc/config/smb_usb.conf"
USB_Q_USER="/etc/config/USB_QUICK_SHARE_USER"
USB_Q_GROUP="/etc/config/USB_QUICK_SHARE_GROUP"
NSSWITCH_SCRIPT="/etc/init.d/nsswitch.sh"
# Check that smb.conf exists.
#[ -f $CONFIG ] || exit 0
. /etc/init.d/functions
DATA_VOL_PATH=
smbd_bin="/usr/local/samba/sbin/smbd"
nmbd_bin="/usr/local/samba/sbin/nmbd"
make_vol_base(){
FindDefVol
_ret=$?
if [ $_ret = 0 ]; then
DATA_VOL_PATH="${DEF_VOLMP}"
fi
}
#for samba4 operation
FindDefVol
conv_old_msdfs()
{
if [ -d /etc/config/msdfs_root ]; then
echo conver MSDFS
make_vol_base
if [ "x$DATA_VOL_PATH" != "x" ]; then
mkdir ${DATA_VOL_PATH}/.@msdfs_root
cd /etc/config/msdfs_root
tar cf - * | tar xf - -C ${DATA_VOL_PATH}/.@msdfs_root
if [ $? = 0 ]; then
sed -i "s:/etc/config/msdfs_root:${DATA_VOL_PATH}/.@msdfs_root:g" $CONFIG
if [ $? = 0 ]; then
cd ~
rm -rf /etc/config/msdfs_root
fi
fi
fi
fi
}
# $1: append_winbind, delete_winbind, append_ldap, delete_ldap
_nsswitch_sh()
{
nsswitch_enable=`/sbin/getcfg SAMBA4 nsswitch -d TRUE -u`
[ "x${nsswitch_enable}" != "xTRUE" ] && return
[ ! -f "${NSSWITCH_SCRIPT}" ] && return
[ -z "$1" ] && return
"${NSSWITCH_SCRIPT}" "$1"
}
# FIXME: 'offline_files' could also revise 'kernel oplocks',
# in order to honor 'durable handles',
# hence put '_init_smb2_durable_handles' behind 'offline_files'.
_init_smb2_durable_handles()
{
smb2_durable_handles="`/sbin/getcfg Samba "SMB2 DURABLE HANDLES" -d "TRUE" -u`"
if [ "x$smb2_durable_handles" = "xTRUE" ]; then
/sbin/setcfg global "durable handles" "yes" -f ${CONFIG}
/sbin/setcfg global "kernel oplocks" "no" -f ${CONFIG}
/sbin/setcfg global "kernel share modes" "no" -f ${CONFIG}
/sbin/setcfg global "posix locking" "no" -f ${CONFIG}
else
/sbin/setcfg -e global "durable handles" -f ${CONFIG}
/sbin/setcfg -e global "kernel oplocks" -f ${CONFIG}
/sbin/setcfg -e global "kernel share modes" -f ${CONFIG}
/sbin/setcfg -e global "posix locking" -f ${CONFIG}
fi
}
_init_smb2_leases()
{
smb2_leases="`/sbin/getcfg Samba "SMB2 LEASES" -d "TRUE" -u`"
if [ "x$smb2_leases" = "xTRUE" ]; then
/sbin/setcfg global "smb2 leases" "yes" -f ${CONFIG}
else
/sbin/setcfg -e global "smb2 leases" -f ${CONFIG}
fi
}
# KS-Redmine#12056 Enable Server Signing - API
function init_signing()
{
if [ "x${samba_version}" == "xVersion 4.4.0" ] || [ "x${samba_version}" \> "xVersion 4.4.0" ]; then
signing_enable=`/sbin/getcfg Samba "signing" -f /etc/config/uLinux.conf`
if [ "x$signing_enable" == "x1" ]; then
/sbin/setcfg global "server signing" "required" -f ${CONFIG}
else
/sbin/setcfg global "server signing" "auto" -f ${CONFIG}
fi
fi
}
_init_aio()
{
aio="`/sbin/getcfg Samba "AIO" -d "NOTFOUND" -u`"
# Get existed 'vfs objects'.
vfs_objects_existed="`/sbin/getcfg global "vfs objects" -d "NOTFOUND" -f ${CONFIG}`"
if [ "x${vfs_objects_existed}" = "xNOTFOUND" ]; then
# Set.
vfs_objects_without_aio=""
vfs_objects_with_aio="aio_pthread"
else
# Append.
vfs_objects_without_aio="`echo ${vfs_objects_existed} | /bin/sed 's/aio_[^ ]*//g'`"
vfs_objects_with_aio="`echo ${vfs_objects_without_aio} aio_pthread`"
fi
if [ "x$aio" = "xTRUE" ]; then
# AIO is enabled.
/sbin/setcfg Samba "AIO" "TRUE"
/sbin/setcfg global "aio read size" "16384" -f ${CONFIG}
/sbin/setcfg global "aio write size" "16384" -f ${CONFIG}
/sbin/setcfg global "vfs objects" "${vfs_objects_with_aio}" -f ${CONFIG}
else
# AIO is disabled.
/sbin/setcfg Samba "AIO" "FALSE"
/sbin/setcfg -e global "aio read size" -f ${CONFIG}
/sbin/setcfg -e global "aio write size" -f ${CONFIG}
if [ "x${vfs_objects_existed}" = "xNOTFOUND" ] ||
[ -z "${vfs_objects_without_aio}" ]; then
/sbin/setcfg -e global "vfs objects" -f ${CONFIG}
else
/sbin/setcfg global "vfs objects" "${vfs_objects_without_aio}" -f ${CONFIG}
fi
fi
}
# Remove passive tdb path to save space.
_remove_tdb()
{
# tmpfs.
rm -rf /tmp/samba
}
# Init active tdb path.
_init_tdb()
{
# For example: tdb_path = /share/Public
# /sbin/setcfg "Samba" "tdb_path" "/share/Public"
ulinux_tdb_path="`/sbin/getcfg Samba "tdb_path"`"
if [ "x${ulinux_tdb_path}" != "x" ]; then
# [DEBUG] On custom path. By uLinux.conf [Samba] tdb_path.
tdb_path=${ulinux_tdb_path}
elif [ "x${DEF_VOLMP}" != "x" ]; then
# On the default volume.
tdb_path="${DEF_VOLMP}"
else
# On tmpfs if the default volume is NOT existed.
samba_tmpfs_path="`/sbin/getcfg Samba samba_tmpfs_path -d "/samba"`"
samba_tmpfs_size="`/sbin/getcfg Samba samba_tmpfs_size -d 64M`"
# Create mount point.
if [ ! -d ${samba_tmpfs_path} ]; then
/bin/mkdir -p ${samba_tmpfs_path}
fi
# Mount tmpfs.
/bin/mount | /bin/grep ${samba_tmpfs_path} | /bin/grep "type tmpfs" >/dev/null 2>&1
samba_tmpfs_exist=$?
if [ "x${samba_tmpfs_exist}" != "x0" ]; then
/bin/mount -ttmpfs tmpfs ${samba_tmpfs_path} -osize=${samba_tmpfs_size}
fi
# Remount with revised size.
/bin/mount | /bin/grep ${samba_tmpfs_path} | /bin/grep "type tmpfs" \
| /bin/grep "size=${samba_tmpfs_size}" >/dev/null 2>&1
samba_tmpfs_size_the_same=$?
if [ "x${samba_tmpfs_size_the_same}" != "x0" ]; then
/bin/mount -ttmpfs tmpfs ${samba_tmpfs_path} -oremount,size=${samba_tmpfs_size}
fi
tdb_path=${samba_tmpfs_path}
fi
ad_check="`/sbin/getcfg global "server role" -f ${CONFIG} -d AUTO`"
if [ "x${ad_check}" = "xactive directory domain controller" ]; then
# Domain security: AD DC.
/sbin/setcfg global "lock directory" "${DEF_VOLMP}/${SMB_TARGET_NAME}" -f ${CONFIG}
/sbin/setcfg global "state directory" "${DEF_VOLMP}/${SMB_TARGET_NAME}/state" -f ${CONFIG}
/sbin/setcfg global "cache directory" "${DEF_VOLMP}/${SMB_TARGET_NAME}/cache" -f ${CONFIG}
else
# Domain security: [ Stanalone | LDAP domain | AD member ].
/bin/mkdir -p "${tdb_path}/${SMB_HIDDEN_NAME}/lock"
/bin/mkdir -p "${tdb_path}/${SMB_HIDDEN_NAME}/state"
/bin/mkdir -p "${tdb_path}/${SMB_HIDDEN_NAME}/cache"
/sbin/setcfg global "lock directory" "${tdb_path}/${SMB_HIDDEN_NAME}/lock" -f ${CONFIG}
/sbin/setcfg global "state directory" "${tdb_path}/${SMB_HIDDEN_NAME}/state" -f ${CONFIG}
/sbin/setcfg global "cache directory" "${tdb_path}/${SMB_HIDDEN_NAME}/cache" -f ${CONFIG}
fi
}
_setcfg_with_last_factory_default()
{
if [ "x`/sbin/getcfg Samba "SMB3" -d NOTFOUND -u`" != "xNOTFOUND" ] ||
[ "x`/sbin/getcfg Samba "SMB2" -d NOTFOUND -u`" != "xNOTFOUND" ] ||
[ "x`/sbin/getcfg Samba "Large MTU" -d NOTFOUND -u`" != "xNOTFOUND" ]; then
# Explicit setting found.
return
fi
last_launched="$1"
last_protocol="`/sbin/getcfg global "${max_protocol}" -f ${CONFIG} -u -d NOTFOUND`"
from_to_firmware="`/sbin/log_tool -qv \
| /bin/sed '/System updated successfully/!d;
s/.*from \([[:digit:].]\{5\}\).* to \([[:digit:].]\{5\}\).*/\1_\2/' \
| /usr/bin/tail -n1`"
from_firmware="${from_to_firmware%_*}"
to_firmware="${from_to_firmware#*_}"
now_firmware="`/sbin/getcfg System Version`"
# setcfg.
if [ ! "x${last_launched}" \< "xVersion 4" ] &&
[ "x${last_protocol}" = "xNOTFOUND" ]; then
# SMB 3.0
/sbin/setcfg Samba "SMB3" "TRUE"
/sbin/setcfg Samba "SMB2" "TRUE"
/sbin/setcfg Samba "Large MTU" "TRUE"
elif [ ! "x${last_launched}" \< "xVersion 3.6.10" ] &&
[ "x${last_protocol}" = "xSMB2_10" ]; then
# SMB 2.1
/sbin/setcfg Samba "SMB3" "FALSE"
/sbin/setcfg Samba "SMB2" "TRUE"
/sbin/setcfg Samba "Large MTU" "TRUE"
elif [ ! "x${last_launched}" \< "xVersion 3.6.10" ] &&
[ "x${last_protocol}" = "xSMB2_02" ] ||
[ "x${last_protocol}" = "xSMB2" ]; then
# SMB 2.0
/sbin/setcfg Samba "SMB3" "FALSE"
/sbin/setcfg Samba "SMB2" "TRUE"
/sbin/setcfg Samba "Large MTU" "FALSE"
elif [ ! -z "${from_firmware}" ] &&
[ ! -z "${to_firmware}" ] &&
[ "x${from_firmware}" \< "x4" ] &&
[ ! "x${to_firmware}" \< "x4.1" ] &&
[ "x${to_firmware}" = "x${now_firmware}" ]; then
# SMB 1.0
/sbin/setcfg Samba "SMB3" "FALSE"
/sbin/setcfg Samba "SMB2" "FALSE"
/sbin/setcfg Samba "Large MTU" "FALSE"
else
# Not found. SMB firmware default.
# SMB 2.1
/sbin/setcfg Samba "SMB3" "FALSE"
/sbin/setcfg Samba "SMB2" "TRUE"
/sbin/setcfg Samba "Large MTU" "TRUE"
fi
}
_init_client_ipc()
{
# Get from uLinux.conf.
client_ipc_max_protocol=`/sbin/getcfg Samba 'client ipc max protocol' -d "remove"`
client_ipc_min_protocol=`/sbin/getcfg Samba 'client ipc min protocol' -d "remove"`
client_ipc_signing=`/sbin/getcfg Samba 'client ipc signing' -d "remove"`
# Set into smb.conf.
if [ "x${client_ipc_max_protocol}" == "xremove" ]; then
/sbin/setcfg global -e 'client ipc max protocol' -f ${CONFIG}
else
/sbin/setcfg global 'client ipc max protocol' "${client_ipc_max_protocol}" -f ${CONFIG}
fi
if [ "x${client_ipc_min_protocol}" == "xremove" ]; then
/sbin/setcfg -e global 'client ipc min protocol' -f ${CONFIG}
else
/sbin/setcfg global 'client ipc min protocol' "${client_ipc_min_protocol}" -f ${CONFIG}
fi
if [ "x${client_ipc_signing}" == "xremove" ]; then
/sbin/setcfg -e global 'client ipc signing' -f ${CONFIG}
else
/sbin/setcfg global 'client ipc signing' "${client_ipc_signing}" -f ${CONFIG}
fi
}
_init_protocol()
{
max_protocol="max protocol"
samba_version=`${smbd_bin} -V`
last_launched="`/sbin/getcfg Samba "Version" -d UNKNOWN`"
# Set this version as last launched version.
if [ "x${last_launched}" != "x${samba_version}" ]; then
echo "${last_launched} -> ${samba_version}"
/sbin/setcfg Samba "Version" "${samba_version}"
fi
if [ "x`/sbin/getcfg Samba "LAST_FACTORY_DEFAULT" -d FALSE -u -f /etc/default_config/uLinux.conf`" = "xTRUE" ]; then
# SMB feature.
_setcfg_with_last_factory_default "${last_launched}"
is_smb3_enabled="`/sbin/getcfg Samba "SMB3" -d FALSE -u`"
is_smb2_enabled="`/sbin/getcfg Samba "SMB2" -d TRUE -u`"
is_largemtu_enabled="`/sbin/getcfg Samba "Large MTU" -d TRUE -u`"
else
# Non-HAL / Legacy models.
is_smb3_enabled="`/sbin/getcfg Samba "SMB3" -d FALSE -u`"
is_smb2_enabled="`/sbin/getcfg Samba "SMB2" -d TRUE -u`"
is_largemtu_enabled="`/sbin/getcfg Samba "Large MTU" -d TRUE -u`"
server_max_protocol_custom="`/sbin/getcfg Samba "server_max_protocol_custom" -d FALSE -u`"
if [ "x${server_max_protocol_custom}" = "xTRUE" ] ||
[ "x${is_smb3_enabled}" = "xTRUE" ] ||
([ "x${is_largemtu_enabled}" = "xTRUE" ] && [ "x${is_largemtu_enabled}" = "xTRUE" ]); then
# Do nothing. because this is
# 1. Custom setup.
# 2. SMB3 already.
# 3. SMB2.1 already.
echo "server max protocol stayed." >/dev/null 2>&1
else
# SMB2.1 by default.
is_smb3_enabled="FALSE"
is_smb2_enabled="TRUE"
is_largemtu_enabled="TRUE"
fi
fi
is_largemtu_supported=`${smbd_bin} -b | /bin/sed '/QNAPNAS_LARGEMTU/!d; s/ //g; s/QNAPNAS_LARGEMTU/TRUE/;'`
# Specify reasonable protocol to matched samba version.
if [ ! "x${samba_version}" \< "xVersion 4.0.0" ]; then
if [ "x${is_smb3_enabled}" = "xTRUE" ]; then
/sbin/setcfg -e global "${max_protocol}" -f ${CONFIG}
elif [ "x${is_smb2_enabled}" = "xTRUE" ] &&
[ "x${is_largemtu_enabled}" = "xTRUE" ]; then
/sbin/setcfg global "${max_protocol}" "SMB2_10" -f ${CONFIG}
elif [ "x${is_smb2_enabled}" = "xTRUE" ]; then
/sbin/setcfg global "${max_protocol}" "SMB2_02" -f ${CONFIG}
else
/sbin/setcfg global "${max_protocol}" "NT1" -f ${CONFIG}
fi
elif [ ! "x${samba_version}" \< "xVersion 3.6.10" ] && [ "x${samba_version}" \< "xVersion 4.0.0" ]; then
if [ "x${is_smb2_enabled}" = "xTRUE" ] &&
[ "x${is_largemtu_supported}" = "xTRUE" ] &&
[ "x${is_largemtu_enabled}" = "xTRUE" ]; then
/sbin/setcfg global "${max_protocol}" "SMB2_10" -f ${CONFIG}
elif [ "x${is_smb2_enabled}" = "xTRUE" ]; then
/sbin/setcfg global "${max_protocol}" "SMB2" -f ${CONFIG}
else
/sbin/setcfg global "${max_protocol}" "NT1" -f ${CONFIG}
fi
else
/sbin/setcfg -e global "${max_protocol}" -f ${CONFIG}
fi
}
_init_vfs_object()
{
samba_version=`${smbd_bin} -V`
if [ ! "x${samba_version}" \< "xVersion 4.4.0" ]; then
snapshot_support=`/sbin/getcfg Snapshot "Support" -d "NO" -f /etc/default_config/volume_man.conf`
aio_enable=`/sbin/getcfg Samba "AIO" -f /etc/config/uLinux.conf`
winacl_enable=`/sbin/getcfg Samba "Win ACL" -f /etc/config/uLinux.conf`
ads_support=`/sbin/getcfg Samba "ADS" -d "YES" -f /etc/config/uLinux.conf`
VFS_MODULE_PATH=${SMB_PATH}/samba/lib/vfs
vfs_module_list=""
if [ "x${snapshot_support}" == "xYES" ]; then
if [ -f ${VFS_MODULE_PATH}/shadow_copy2.so ]; then
vfs_module_list=${vfs_module_list}" shadow_copy2"
fi
fi
if [ "x${winacl_enable}" == "xTRUE" ]; then
if [ -f ${VFS_MODULE_PATH}/acl_xattr.so ]; then
vfs_module_list=${vfs_module_list}" acl_xattr"
fi
fi
if [ "x${ads_support}" == "xYES" ]; then
if [ -f ${VFS_MODULE_PATH}/catia.so ] &&
[ -f ${VFS_MODULE_PATH}/fruit.so ] &&
[ -f ${VFS_MODULE_PATH}/qnap_macea.so ] &&
[ -f ${VFS_MODULE_PATH}/streams_depot.so ]; then
vfs_module_list=${vfs_module_list}" catia fruit qnap_macea streams_depot"
/sbin/setcfg global "streams_depot:delete_lost" "yes" -f ${CONFIG}
/sbin/setcfg global "streams_depot:check_valid" "no" -f ${CONFIG}
/sbin/setcfg global "fruit:nfs_aces" "no" -f ${CONFIG}
/sbin/setcfg global "fruit:veto_appledouble" "no" -f ${CONFIG}
fi
else
/sbin/setcfg -e global "streams_depot:check_valid" -f ${CONFIG}
/sbin/setcfg -e global "streams_depot:delete_lost" -f ${CONFIG}
/sbin/setcfg -e global "fruit:nfs_aces" -f ${CONFIG}
fi
if [ "x${aio_enable}" == "xTRUE" ]; then
if [ -f ${VFS_MODULE_PATH}/aio_pthread.so ]; then
vfs_module_list=${vfs_module_list}" aio_pthread"
fi
fi
/sbin/setcfg -e global "vfs objects" -f ${CONFIG}
if [ -n "${vfs_module_list}" ]; then
/sbin/setcfg global "vfs objects" "${vfs_module_list}" -f ${CONFIG}
fi
elif [ ! "x${samba_version}" \< "xVersion 4.0.0" ]; then
snapshot_support=`/sbin/getcfg Snapshot "Support" -d "NO" -f /etc/default_config/volume_man.conf`
aio_enable=`/sbin/getcfg Samba "AIO" -f /etc/config/uLinux.conf`
winacl_enable=`/sbin/getcfg Samba "Win ACL" -f /etc/config/uLinux.conf`
if [ "x${snapshot_support}" == "xYES" ]; then
vfs_module_list="shadow_copy2"
if [ "x${aio_enable}" == "xTRUE" ]; then
vfs_module_list=${vfs_module_list}" aio_pthread"
fi
if [ "x${winacl_enable}" == "xTRUE" ]; then
vfs_module_list=${vfs_module_list}" acl_xattr"
fi
/sbin/setcfg global "vfs objects" "${vfs_module_list}" -f ${CONFIG}
else
/sbin/setcfg -e global "vfs objects" -f ${CONFIG}
if [ "x${aio_enable}" == "xTRUE" ]||[ "x${winacl_enable}" == "xTRUE" ]; then
if [ "x${aio_enable}" == "xTRUE" ]; then
vfs_module_list="aio_pthread"
fi
if [ "x${winacl_enable}" == "xTRUE" ]; then
vfs_module_list=${vfs_module_list}" acl_xattr"
fi
/sbin/setcfg global "vfs objects" "${vfs_module_list}" -f ${CONFIG}
fi
fi
fi
}
# Init messaging msg.lock and msg.sock on tmpfs if standalone.
_init_messaging_tmpfs()
{
# FIXME: remove earlier setup.
/sbin/setcfg -e global "messaging: messaging dgm cleanup interval" -f "${CONFIG}"
# lock/msg.lock: remove passive files and msg.lock
if [ -d /usr/local/samba/var/lock/msg.lock ]; then
/bin/rm /usr/local/samba/var/lock/msg.lock -rf
fi
security="`/sbin/getcfg global "security" -f ${CONFIG} -u -d USER`"
ad_check="`/sbin/getcfg global "server role" -f ${CONFIG} -d AUTO`"
ldap_check="`/sbin/getcfg LDAP Enable -u -d FALSE`"
_passwd="`/sbin/getcfg global "passdb backend" -d smbpasswd -f ${CONFIG}`"
if [ "x${security}" = "xADS" ] ||
([ "x${ldap_check}" = "xTRUE" ] && [ "x${_passwd}" != "xsmbpasswd" ]) ||
[ "x${ad_check}" = "xactive directory domain controller" ]; then
# [ AD member | LDAP domain | AD DC ] do NOT mount tmpfs.
return
fi
# lock/msg.lock
LOCK_DIR=`/sbin/getcfg global "lock directory" -f $CONFIG`
msg_lock_path="${LOCK_DIR}/msg.lock"
if [ -d ${msg_lock_path} ]; then
/bin/rm ${msg_lock_path}/* -rf
else
/bin/mkdir -p ${msg_lock_path}
fi
/bin/mount | /bin/grep msg.lock | /bin/grep "type tmpfs" >/dev/null 2>&1
msg_lock_tmpfs_exist=$?
if [ "x${msg_lock_tmpfs_exist}" != "x0" ]; then
/bin/mount -ttmpfs tmpfs ${msg_lock_path} -osize=16M
fi
/bin/chmod 755 ${msg_lock_path}
# private/msg.sock
PRI_DIR=`/sbin/getcfg global "private dir" -d "/usr/local/samba/private" -f $CONFIG`
msg_sock_path=${PRI_DIR}/msg.sock
if [ -d ${msg_sock_path} ]; then
/bin/rm ${msg_sock_path}/* -rf
else
/bin/mkdir -p ${msg_sock_path}
fi
/bin/chmod 700 ${msg_sock_path}
/bin/mount | /bin/grep msg.sock | /bin/grep "type tmpfs" >/dev/null 2>&1
msg_sock_tmpfs_exist=$?
if [ "x${msg_sock_tmpfs_exist}" != "x0" ]; then
/bin/mount -ttmpfs tmpfs ${msg_sock_path} -osize=16M
fi
/bin/chmod 700 ${msg_sock_path}
}
# Unmount tmpfs to avoid default volume failed to be removed.
_umount_messaging_tmpfs()
{
# lock/msg.lock
LOCK_DIR=`/sbin/getcfg global "lock directory" -f $CONFIG`
msg_lock_path="${LOCK_DIR}/msg.lock"
/bin/mount | /bin/grep msg.lock | /bin/grep "type tmpfs" >/dev/null 2>&1
msg_lock_tmpfs_exist=$?
if [ "x${msg_lock_tmpfs_exist}" == "x0" ]; then
/bin/umount ${msg_lock_path}
fi
# private/msg.sock
PRI_DIR=`/sbin/getcfg global "private dir" -d "/usr/local/samba/private" -f $CONFIG`
msg_sock_path=${PRI_DIR}/msg.sock
/bin/mount | /bin/grep msg.sock | /bin/grep "type tmpfs" >/dev/null 2>&1
msg_sock_tmpfs_exist=$?
if [ "x${msg_sock_tmpfs_exist}" == "x0" ]; then
/bin/umount ${msg_sock_path}
fi
/bin/chmod 700 ${msg_sock_path}
}
_init_smbconf()
{
if [ -x /sbin/hal_app ]; then
/sbin/setcfg global "socket options" "TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536" -f ${CONFIG}
else
SO_SNDBUF=`/sbin/getcfg Samba SO_SNDBUF -d 65536 -f /etc/default_config/uLinux.conf`
SO_RCVBUF=`/sbin/getcfg Samba SO_RCVBUF -d 65536 -f /etc/default_config/uLinux.conf`
/sbin/setcfg global "socket options" "TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=${SO_SNDBUF} SO_RCVBUF=${SO_RCVBUF}" -f ${CONFIG}
fi
#/sbin/setcfg global "passdb backend" smbpasswd -f ${CONFIG}
if [ -f /etc/samba4_flag ]; then
ROLE_CHECK=`/sbin/getcfg global "server role" -d "x" -f ${CONFIG}`
if [ "$ROLE_CHECK" == "x" ]; then
/sbin/setcfg global "server role" auto -f ${CONFIG}
fi
else
/sbin/setcfg -e global "server role" -f ${CONFIG}
fi
/sbin/setcfg global "null passwords" yes -f ${CONFIG}
/sbin/setcfg global "use sendfile" yes -f ${CONFIG}
/sbin/setcfg global "oplocks" yes -f ${CONFIG}
DEAD_TIME=`/sbin/getcfg Samba deadtime -d 15 -f /etc/config/uLinux.conf`
/sbin/setcfg global "deadtime" "${DEAD_TIME}" -f ${CONFIG}
/sbin/setcfg global "read raw" yes -f ${CONFIG}
/sbin/setcfg global "write raw" yes -f ${CONFIG}
/sbin/setcfg global "username level" 0 -f ${CONFIG}
/sbin/setcfg -e global "display charset" -f ${CONFIG}
/sbin/setcfg global "unix extensions" no -f ${CONFIG}
/sbin/setcfg global "store dos attributes" yes -f ${CONFIG}
/sbin/setcfg global "client ntlmv2 auth" yes -f ${CONFIG}
/sbin/setcfg global "dos filetime resolution" no -f ${CONFIG}
/sbin/setcfg global "wide links" yes -f ${CONFIG}
/sbin/setcfg global "force unknown acl user" yes -f ${CONFIG}
AD_CHECK=`/sbin/getcfg global "server role" -f $CONFIG`
/sbin/setcfg global "template homedir" "/share/homes/DOMAIN=%D/%U" -f ${CONFIG}
if [ "x`/sbin/getcfg System "ACL Enable" -u -d FALSE`" = "xTRUE" ] ||
[ "x`/sbin/getcfg Samba "Win ACL" -u -d FALSE`" = "xTRUE" ] ||
[ "x$AD_CHECK" = "xactive directory domain controller" ]; then
/sbin/setcfg global "inherit acls" yes -f ${CONFIG}
else
/sbin/setcfg global "inherit acls" no -f ${CONFIG}
system_model=`/sbin/getcfg System Model -f /etc/config/uLinux.conf`
if [ "x${system_model}" == "xTS-X31" ]; then
/sbin/setcfg global "store dos attributes" no -f ${CONFIG}
fi
fi
/sbin/setcfg global "domain logons" "no" -f ${CONFIG}
/sbin/setcfg -e global "config file" -f ${CONFIG}
/sbin/setcfg -e global "template shell" -f ${CONFIG}
/sbin/setcfg -e global 'obey pam restrictions' -f ${CONFIG}
_dos_charset=`/sbin/getcfg global "dos charset" -d none -f ${CONFIG}`
if [ "x${_dos_charset}" = "xUTF8" ]; then
/sbin/setcfg -e global 'dos charset' -f ${CONFIG}
fi
`cat /proc/cpuinfo | grep "model name" | grep Intel | grep E5 > /dev/null`
if [ "x$?" = "x0" ]; then
/sbin/setcfg Samba "SPLICE" 0
fi
#Bug106381
system_model=`/sbin/getcfg System Model -f /etc/config/uLinux.conf`
if [[ $system_model =~ TS-[0-9]*70 ]] || [[ $system_model =~ TS-[0-9]*79 ]]; then
/sbin/setcfg Samba "SPLICE" 0
fi
if [ -x /sbin/hal_app ] && [ ! -f /etc/IS_STORAGE_V2 ]; then
_splice=0
else
_splice=`/sbin/getcfg Samba "SPLICE" -d 1`
fi
if [ "x${_splice}" = "x1" ]; then
/sbin/setcfg global "min receivefile size" "16384" -f ${CONFIG}
else
/sbin/setcfg -e global "min receivefile size" -f ${CONFIG}
fi
_case_sensitive=`/sbin/getcfg Samba "Case Sensitive" -d auto`
/sbin/setcfg global "case sensitive" ${_case_sensitive} -f ${CONFIG}
OS_LEVEL=`/sbin/getcfg global "os level" -d none -f ${CONFIG}`
if [ "x${OS_LEVEL}" != "x20" ]; then
/sbin/setcfg global "preferred master" no -f ${CONFIG}
/sbin/setcfg global "domain master" auto -f ${CONFIG}
/sbin/setcfg global "local master" no -f ${CONFIG}
/sbin/setcfg global "os level" 20 -f ${CONFIG}
fi
map_dos=`/sbin/getcfg global "map archive" -d yes -f ${CONFIG}`
if [ "x${map_dos}" = "xyes" ]; then
/sbin/setcfg global "map archive" no -f ${CONFIG}
/sbin/setcfg global "map system" no -f ${CONFIG}
/sbin/setcfg global "map hidden" no -f ${CONFIG}
/sbin/setcfg global "map read only" no -f ${CONFIG}
fi
/sbin/setcfg -e global "force directory security mode" -f ${CONFIG}
# for Mac OS 10.5 smb catnot upload the file to the empty share
_def_veto=`/sbin/getcfg global "veto files" -f "${DEFAULT_VETO_FILE}"`
_smb_veto=`/sbin/getcfg global "veto files" -f "${CONFIG}"`
if [ "$_smb_veto" != "$_def_veto" ] && [ ! -z "$_def_veto" ]; then
/sbin/setcfg global "veto files" "$_def_veto" -f "${CONFIG}"
fi
if [ -f /etc/samba4_flag ]; then
/usr/bin/readlink /usr/local/samba 2>/dev/null 1>/dev/null
if [ $? != 0 ] && [ -f /mnt/HDA_ROOT/update_pkg/samba4.tgz ]; then
/etc/init.d/installtgz.sh samba4 /mnt/HDA_ROOT/update_pkg/samba4.tgz
fi
else
/usr/bin/readlink /usr/local/samba 2>/dev/null 1>/dev/null
if [ $? != 0 ] && [ -f /mnt/HDA_ROOT/update_pkg/samba.tgz ]; then
/etc/init.d/installtgz.sh samba /mnt/HDA_ROOT/update_pkg/samba.tgz
fi
fi
if [ `/sbin/getcfg LDAP Enable -u -d FALSE` = TRUE ]; then
_passwd=`/sbin/getcfg global "passdb backend" -d smbpasswd -f ${CONFIG}`
if [ "x$_passwd" != "xsmbpasswd" ]; then
_ldap_host=`/sbin/getcfg LDAP host -d "127.0.0.1"`
_ssl=`/sbin/getcfg LDAP ssl -d 0`
if [ "x$_ssl" = "x1" ]; then # ssl
/sbin/setcfg global "passdb backend" "ldapsam:ldaps://$_ldap_host" -f ${CONFIG}
/sbin/setcfg global "ldap ssl" "off" -f ${CONFIG}
elif [ "x$_ssl" = "x2" ]; then # tls
/sbin/setcfg global "passdb backend" "ldapsam:ldap://$_ldap_host" -f ${CONFIG}
/sbin/setcfg global "ldap ssl" "start tls" -f ${CONFIG}
else
/sbin/setcfg global "passdb backend" "ldapsam:ldap://$_ldap_host" -f ${CONFIG}
/sbin/setcfg global "ldap ssl" "off" -f ${CONFIG}
fi
# set WORKGROUP if backend LDAP is QNAP NAS
# LDAP Server Type = 0 (Remote QNAP NAS)
# LDAP Server Type = 1 (Local QNAP NAS)
# LDAP Server Type = 2 (Remote LDAP Server)
if [ `/sbin/getcfg LDAP "LDAP Server Type" -u -d 2` != "2" ]; then
base_dn=`/sbin/getcfg global "ldap suffix" -f ${CONFIG}`
dc=${base_dn#*dc=}
workgroup=${dc%%,*}
if [ -f /etc/samba4_flag ]; then
ROLE_CHECK=`/sbin/getcfg global "server role" -d "x" -f ${CONFIG}`
if [ "$ROLE_CHECK" != "active directory domain controller" ]; then
/sbin/setcfg global workgroup "$workgroup" -f ${CONFIG}
fi
fi
fi
/sbin/setcfg global "domain logons" "yes" -f ${CONFIG}
fi
else
/sbin/setcfg global "passdb backend" smbpasswd -f ${CONFIG}
fi
## QNAP private flag for enhance ACL. please notice switch this flag will break samba acl hash.
if [ x`/sbin/getcfg Samba "Win ACL" -u -d FALSE` = "xFALSE" ]; then
enhance_acl_v1=`/sbin/getcfg global "enhance acl v1" -d null -f ${CONFIG}`
if [ "x$enhance_acl_v1" != "xno" ]; then
/sbin/setcfg global "enhance acl v1" yes -f ${CONFIG}
fi
fi
## QNAP private flag for replacing Everyone to everyone or remove it if need.
if [ x`/sbin/getcfg System "ACL Enable" -u -d FALSE` = "xFALSE" ]; then
/sbin/setcfg global "remove everyone" no -f ${CONFIG}
else
/sbin/setcfg global "remove everyone" yes -f ${CONFIG}
fi
## For writing connection log.
if [ x`/sbin/getcfg System "Write Connection Log" -u -d 0` = "x0" ] ||
[ x`/sbin/getcfg LOGS "SAMBA" -u -d 0` = "x0" ]; then
/sbin/setcfg global "conn log" no -f ${CONFIG}
else
/sbin/setcfg global "conn log" yes -f ${CONFIG}
fi
offline_files=`/sbin/getcfg Samba "offline_files" -d TRUE`
if [ "x${offline_files}" == "xTRUE" ]; then
/sbin/setcfg global 'kernel oplocks' no -f ${CONFIG}
else
/sbin/setcfg global 'kernel oplocks' yes -f ${CONFIG}
fi
_init_protocol
_init_client_ipc
_init_smb2_leases
_init_smb2_durable_handles
_init_tdb
_remove_tdb
_init_messaging_tmpfs
TM_CHECK=`/sbin/getcfg TimeMachine Enabled -u -d FALSE`
if [ "x$TM_CHECK" == "xTRUE" ]; then
tm_display_name=`/sbin/getcfg TimeMachine "Display Name" -d TMBackup`
/sbin/setcfg $tm_display_name "strict sync" yes -f ${CONFIG}
quota=`/sbin/getcfg "TimeMachine" "Capacity" -d 0 -f /etc/config/uLinux.conf`
if [ "$quota" != "0" ]; then
/sbin/setcfg $tm_display_name "vol size limit" $(( $quota * 1024 )) -f ${CONFIG}
else
/sbin/setcfg -e $tm_display_name "vol size limit" -f ${CONFIG}
fi
else
tm_display_name=`/sbin/getcfg TimeMachine "Display Name" -d TMBackup`
/sbin/setcfg -e $tm_display_name "vol size limit" -f ${CONFIG}
fi
[ `/sbin/getcfg global "printcap cache time" -d "1" -f ${CONFIG}` == "0" ] || /sbin/setcfg global "printcap cache time" "0" -f ${CONFIG}
if [ -f /etc/samba4_flag ]; then
/sbin/setcfg global "disable spoolss" "no" -f ${CONFIG}
/sbin/setcfg global "acl allow execute always" "yes" -f ${CONFIG}
fi
/sbin/setcfg -e global "rpc_daemon:fssd" -f ${CONFIG}
init_signing
_init_aio
_init_vfs_object
#After samba-4.2.0 netlogon must use schannel for security issue.
#But netlogon with schannel causes some trust domain fuunctions failed now.
#So we use no_schannel as default.
#If you want to use schannel, run "setcfg Samba schannel TRUE".
trust_check=`/sbin/getcfg Samba "Trusted Domain"`
get_trust_way=`/sbin/getcfg Samba "get_trust_way"`
if [ "x$get_trust_way" = "xwbinfo" ]; then
trust_check="TRUE"
fi
AD_CHECK=`/sbin/getcfg global "server role" -f $CONFIG`
if [ "$AD_CHECK" != "active directory domain controller" ] && [ "x$trust_check" = "xTRUE" ]; then
schannel_check=`/sbin/getcfg Samba schannel -d FALSE`
if [ "x$schannel_check" != "xTRUE" ]; then
/sbin/setcfg global "require strong key" "no" -f ${CONFIG}
/sbin/setcfg global "winbind sealed pipes" "false" -f ${CONFIG}
else
/sbin/setcfg -e global "require strong key" -f ${CONFIG}
/sbin/setcfg -e global "winbind sealed pipes" -f ${CONFIG}
fi
else
/sbin/setcfg -e global "require strong key" -f ${CONFIG}
/sbin/setcfg -e global "winbind sealed pipes" -f ${CONFIG}
/sbin/setcfg global "winbind enum groups" "Yes" -f ${CONFIG}
/sbin/setcfg global "winbind enum users" "Yes" -f ${CONFIG}
/sbin/setcfg global "winbind expand groups" "1" -f ${CONFIG}
fi
}
_init_group()
{
_passwd=`/sbin/getcfg global "passdb backend" -d smbpasswd -f ${CONFIG}`
if [ "x$_passwd" != "xsmbpasswd" ]; then
return
fi
HIDDEN_GROUP="dovecot guest xmail"
/bin/cat $GROUP_FILE | while read line
do
group_name=${line%%:*}
hidden_flag=0
for hidden in $HIDDEN_GROUP
do
if [ "$group_name" = "$hidden" ]; then
hidden_flag=1
break
fi
done
if [ "$hidden_flag" = 0 -a -x ${SAMBA_NET} ]; then
${SAMBA_NET} groupmap add unixgroup=$group_name > /dev/null 2>&1
fi
done
}
_del_group()
{
/bin/cat $GROUP_FILE | while read line
do
group_name=${line%%:*}
if [ -x ${SAMBA_NET} ]; then
${SAMBA_NET} groupmap delete ntgroup=$group_name > /dev/null 2>&1
fi
done
}
_init_home()
{
home_func=`/sbin/getcfg Samba HomeLink -u -d FALSE`
local acl_list="\"%u\""
winbind_separator=`/sbin/getcfg global "winbind separator" -d '\\' -f ${CONFIG}`
homes_path=`/sbin/getcfg homes path -d FALSE -f ${CONFIG}`
if [ "$home_func" == "FALSE" ]; then
/bin/rm -f /var/qfunc/home.enable
else
/bin/touch /var/qfunc/home.enable
fi
if [ $home_func == "FALSE" -o $homes_path == "FALSE" ]; then
#echo "home folder is disabled"
return
fi
if [ ! -e "$homes_path" ]; then
## homes is lost, try to create
mount_path=${homes_path%%'/homes'}
## make sure vol is available
grep -q " $mount_path " /proc/mounts
if [ $? == "0" ]; then
if [ -L "$homes_path" ]; then
## remove broken symbolic link
/bin/rm -f $homes_path
fi
/bin/mkdir "$homes_path"
/bin/chmod 777 "$homes_path"
fi
if [ ! -e "$homes_path" ]; then
return
fi
fi
/sbin/setcfg home "comment" Home -f ${CONFIG}
/sbin/setcfg home "path" %H -f ${CONFIG}
/sbin/setcfg home "browsable" yes -f ${CONFIG}
/sbin/setcfg home "oplocks" yes -f ${CONFIG}
/sbin/setcfg home "ftp write only" no -f ${CONFIG}
/sbin/setcfg home "inherit permissions" yes -f ${CONFIG}
/sbin/setcfg home "invalid users" guest -f ${CONFIG}
/sbin/setcfg home "writable" yes -f ${CONFIG}
/sbin/setcfg home "read list" $acl_list -f ${CONFIG}
/sbin/setcfg home "write list" $acl_list -f ${CONFIG}
/sbin/setcfg home "valid users" $acl_list -f ${CONFIG}
/sbin/setcfg home "root preexec" "/sbin/create_home -u '%q'" -f ${CONFIG}
snapshot_support=`/sbin/getcfg Snapshot "Support" -d "NO" -f /etc/default_config/volume_man.conf`
if [ "x${snapshot_support}" == "xYES" ]; then
/sbin/setcfg home "shadow:snapdir" $homes_path/../_.share/homes/.snapshot -f ${CONFIG}
/sbin/setcfg home "shadow:basedir" %H -f ${CONFIG}
/sbin/setcfg home "shadow:sort" desc -f ${CONFIG}
/sbin/setcfg home "shadow:format" "@GMT-%Y.%m.%d-%H:%M:%S" -f ${CONFIG}
fi
E_CHECK=`/sbin/getcfg USB_QUICK_SHARE Enable -d 1`
USBQCHECK=`/sbin/getcfg USB_QUICK_SHARE mode -d 1`
if [ "x$E_CHECK" = "x1" ] && [ "x$USBQCHECK" = "x3" ]; then
set_usb_account home
fi
}
_del_home()
{
home_path=`/sbin/getcfg home "path" -d home -f ${CONFIG}`
if [ "$home_path" == "%H" ]; then
/sbin/rmcfg home -f ${CONFIG}
fi
}
_del_qbox()
{
local share_name="Qsync"
path=`/sbin/getcfg $share_name "path" -d home -f ${CONFIG}`
if [ "$path" == "$qpath" ]; then
/sbin/rmcfg $share_name -f ${CONFIG}
/bin/rm -rf $qpath
fi
}
# move samba locks directory to /mnt/HDA_ROOT/.locks
_locks()
{
[ -d /var/lock ] || /bin/mkdir /var/lock
[ x`/sbin/getcfg global "pid directory" -f $CONFIG` = x"/var/lock" ] || /sbin/setcfg global "pid directory" "/var/lock" -f $CONFIG
if [ -d /mnt/HDA_ROOT/.locks ]; then
/bin/rm -rf /mnt/HDA_ROOT/.locks
/bin/rm $SMBD_LOCKS
fi
if [ "x$DEF_VOLMP" == "x" ]; then
/bin/rm $SMBD_LOCKS -rf
return
fi
volume_test=`/sbin/getcfg Public path -f /etc/smb.conf | cut -d '/' -f 3`
[ "x${volume_test}" = "x" ] || volume=${volume_test}
_lock_real_path=/share/${volume}/.locks
if [ ! -d ${_lock_real_path} ]; then
echo "samba locks directory is not exist, create it"
if [ ! -d /share/${volume} ]; then
/bin/mkdir -p /share/${volume}
/bin/chmod 777 /share/${volume}
fi
/bin/mkdir ${_lock_real_path}
/bin/rm -rf $SMBD_LOCKS
/bin/ln -sf ${_lock_real_path} $SMBD_LOCKS
else
/usr/bin/readlink $SMBD_LOCKS 2>/dev/null 1>/dev/null
if [ $? != 0 ]; then
# not symbolic link
/bin/rm -rf $SMBD_LOCKS
/bin/ln -sf ${_lock_real_path} $SMBD_LOCKS
else
# symbolic link
ret=`/usr/bin/readlink $SMBD_LOCKS`
if [ "x${ret}" != "x${_lock_real_path}" ]; then
/bin/rm -f $SMBD_LOCKS
/bin/ln -sf ${_lock_real_path} $SMBD_LOCKS
fi
fi
fi
/bin/mkdir ${_lock_real_path}/.test_locks 2>/dev/null 1>/dev/null
if [ $? != 0 ]; then
_lock_real_path=/mnt/HDA_ROOT/.locks
/bin/mkdir ${_lock_real_path}
/bin/rm -f $SMBD_LOCKS
/bin/ln -sf ${_lock_real_path} $SMBD_LOCKS
/bin/mkdir ${_lock_real_path}/.test_locks 2>/dev/null 1>/dev/null
if [ $? != 0 ]; then
_lock_real_path=/var/.locks
/bin/mkdir ${_lock_real_path} 2>/dev/null 1>/dev/null
/bin/rm -f $SMBD_LOCKS
/bin/ln -sf ${_lock_real_path} $SMBD_LOCKS
else
/bin/rmdir ${_lock_real_path}/.test_locks
fi
else
/bin/rmdir ${_lock_real_path}/.test_locks
fi
/bin/echo "locks path was set to ${_lock_real_path}"
}
_ad_resolv()
{
GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
if [ -f /etc/config/br.conf ]; then
BR_CHECK=`/sbin/getcfg $GW_CHECK br_name -f /etc/config/br.conf -d "none"`
if [ "x$BR_CHECK" != "xnone" ]; then
GW_CHECK=$BR_CHECK
fi
fi
IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
dns_forwarder=`/sbin/getcfg Network "Domain Name Server 1" -d "8.8.8.8"`
if [ "x$dns_forwarder" != "x" ] && [ "x$dns_forwarder" != "x$IP" ]; then
dns_t=`echo "$dns_forwarder" | cut -d ' ' -f 2`
/sbin/setcfg global "dns forwarder" $dns_t -f $CONFIG
fi
DOMAIN_T=`/sbin/getcfg global realm -f $CONFIG`
/bin/echo "domain $DOMAIN_T" > /etc/resolv.conf
/sbin/setcfg Network "DNS type" "manual"
/sbin/setcfg Network "Domain Name Server 1" "$IP"
/etc/init.d/network.sh reconfig
}
_backup_non_addc_conf()
{
AD_CHECK=`/sbin/getcfg global "server role" -f $CONFIG`
if [ "$AD_CHECK" != "active directory domain controller" ]; then
/bin/echo "non-addc mode"
/bin/cp $CONFIG ${CONFIG}_org > /dev/null 2>&1
if [ -f /etc/config/krb5.conf ]; then
/bin/cp /etc/config/krb5.conf /etc/config/krb5_bak -f > /dev/null 2>&1
fi
if [ -f /etc/resolv.conf ]; then
/bin/cp /etc/resolv.conf /etc/resolv_bak -f > /dev/null 2>&1
fi
/bin/rm ${DEF_VOLMP}/.samba_private_non_addc -rf > /dev/null 2>&1
/bin/mv ${SMB_PATH}/samba/private ${DEF_VOLMP}/.samba_private_non_addc -f > /dev/null 2>&1
/bin/rm ${DEF_VOLMP}/.samba_locks_non_addc -rf > /dev/null 2>&1
/bin/mv ${SMB_PATH}/samba/var/locks ${DEF_VOLMP}/.samba_locks_non_addc -f > /dev/null 2>&1
/bin/rm ${DEF_VOLMP}/.samba_lock_non_addc -rf > /dev/null 2>&1
/bin/mv ${SMB_PATH}/samba/var/lock ${DEF_VOLMP}/.samba_lock_non_addc -f > /dev/null 2>&1
/bin/rm ${DEF_VOLMP}/.samba_cache_non_addc -rf > /dev/null 2>&1
/bin/mv ${SMB_PATH}/samba/var/cache ${DEF_VOLMP}/.samba_cache_non_addc -f > /dev/null 2>&1
fi
}
_backup_addc_conf()
{
AD_CHECK=`/sbin/getcfg global "server role" -f $CONFIG`
if [ "$AD_CHECK" == "active directory domain controller" ]; then
/bin/echo "addc mode"
/bin/cp $CONFIG ${CONFIG}_addc > /dev/null 2>&1
/bin/rm ${DEF_VOLMP}/.samba_private_addc -rf > /dev/null 2>&1
/bin/mv ${SMB_PATH}/samba/private ${DEF_VOLMP}/.samba_private_addc -f > /dev/null 2>&1
/bin/rm ${DEF_VOLMP}/.samba_locks_addc -rf > /dev/null 2>&1
/bin/mv ${SMB_PATH}/samba/var/locks ${DEF_VOLMP}/.samba_locks_addc -f > /dev/null 2>&1
/bin/rm ${DEF_VOLMP}/.samba_lock_addc -rf > /dev/null 2>&1
/bin/mv ${SMB_PATH}/samba/var/lock ${DEF_VOLMP}/.samba_lock_addc -f > /dev/null 2>&1
/bin/rm ${DEF_VOLMP}/.samba_cache_addc -rf > /dev/null 2>&1
/bin/mv ${SMB_PATH}/samba/var/cache ${DEF_VOLMP}/.samba_cache_addc -f > /dev/null 2>&1
fi
}
_samba4_mode_change()
{
if [ "x$1" != "x1" ]; then
AD_CHECK=`/sbin/getcfg global "server role" -f $CONFIG`
else
AD_CHECK="active directory domain controller"
fi
if [ "$AD_CHECK" == "active directory domain controller" ]; then
_backup_addc_conf
#if [ -f /etc/resolv_bak ]; then
# /bin/cp /etc/resolv_bak /etc/resolv.conf -f > /dev/null 2>&1
# /bin/rm /etc/resolv_bak -f > /dev/null 2>&1
#fi
/bin/sed -i '/domain /d' /etc/resolv.conf
if [ -f /etc/config/krb5_bak ]; then
/bin/cp /etc/config/krb5_bak /etc/config/krb5.conf -f > /dev/null 2>&1
else
/bin/rm /etc/config/krb5.conf -f > /dev/null 2>&1
fi
if [ -f ${CONFIG}_org ]; then
if [ "x$1" != "x1" ]; then
/bin/cp $CONFIG ${CONFIG}_s4_tmp -f > /dev/null 2>&1
_select_shared 1 ${CONFIG}_s4_tmp
_select_shared 0 ${CONFIG}_org
/bin/cat ${CONFIG}_org ${CONFIG}_s4_tmp > $CONFIG
/bin/rm ${CONFIG}_s4_tmp -f > /dev/null 2>&1
else
/bin/mv ${CONFIG}_org ${CONFIG}
fi
fi
if [ -d ${DEF_VOLMP}/.samba_private_non_addc ]; then
/bin/rm ${SMB_PATH}/samba/private -rf > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_private_non_addc ${SMB_PATH}/samba/private -f > /dev/null 2>&1
fi
if [ -d ${DEF_VOLMP}/.samba_locks_non_addc ]; then
/bin/rm ${SMB_PATH}/samba/var/locks -rf > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_locks_non_addc ${SMB_PATH}/samba/var/locks -f > /dev/null 2>&1
fi
if [ -d ${DEF_VOLMP}/.samba_lock_non_addc ]; then
/bin/rm ${SMB_PATH}/samba/var/lock -rf > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_lock_non_addc ${SMB_PATH}/samba/var/lock -f > /dev/null 2>&1
fi
if [ -d ${DEF_VOLMP}/.samba_cache_non_addc ]; then
/bin/rm ${SMB_PATH}/samba/var/cache -rf > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_cache_non_addc ${SMB_PATH}/samba/var/cache -f > /dev/null 2>&1
fi
if [ -f ${SMB_PATH}/samba/share/setup/provision_users_org ]; then
/bin/cp ${SMB_PATH}/samba/share/setup/provision_users_org ${SMB_PATH}/samba/share/setup/provision_users.ldif > /dev/null 2>&1
fi
else
_backup_non_addc_conf
if [ -f ${CONFIG}_addc ]; then
/bin/cp $CONFIG ${CONFIG}_s4_tmp -f > /dev/null 2>&1
_select_shared 1 ${CONFIG}_s4_tmp
_select_shared 0 ${CONFIG}_addc
/bin/cat ${CONFIG}_addc ${CONFIG}_s4_tmp > $CONFIG
/bin/rm ${CONFIG}_s4_tmp -f > /dev/null 2>&1
fi
if [ -d ${DEF_VOLMP}/.samba_private_addc ]; then
/bin/rm ${SMB_PATH}/samba/private -rf > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_private_addc ${SMB_PATH}/samba/private -f > /dev/null 2>&1
fi
if [ -d ${DEF_VOLMP}/.samba_locks_addc ]; then
/bin/rm ${SMB_PATH}/samba/var/locks -rf > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_locks_addc ${SMB_PATH}/samba/var/locks -f > /dev/null 2>&1
fi
if [ -d ${DEF_VOLMP}/.samba_lock_addc ]; then
/bin/rm ${SMB_PATH}/samba/var/lock -rf > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_lock_addc ${SMB_PATH}/samba/var/lock -f > /dev/null 2>&1
fi
if [ -d ${DEF_VOLMP}/.samba_cache_addc ]; then
/bin/rm ${SMB_PATH}/samba/var/cache -rf > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_cache_addc ${SMB_PATH}/samba/var/cache -f > /dev/null 2>&1
fi
fi
}
_update_dns_after_fsmo()
{
GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
if [ -f /etc/config/br.conf ]; then
BR_CHECK=`/sbin/getcfg $GW_CHECK br_name -f /etc/config/br.conf -d "none"`
if [ "x$BR_CHECK" != "xnone" ]; then
GW_CHECK=$BR_CHECK
fi
fi
IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
#GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
#IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
DC_IP=`/sbin/getcfg SAMBA4 DC_IP`
dns_ip=`/sbin/getcfg SAMBA4 dns`
pass="admin123@qnap"
admin=`/sbin/uuidgen`
/usr/local/samba/bin/samba-tool user add ${admin} ${pass}
/usr/local/samba/bin/samba-tool group addmembers "Enterprise Admins" ${admin}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 $1 NS $2.$1 $3.$1 -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 $1 A $dns_ip $IP -U${admin}%${pass}
#/usr/local/samba/bin/samba-tool dns delete 127.0.0.1 $1 $2 A $DC_IP -U${admin}%${pass}
#/usr/local/samba/bin/samba-tool dns add 127.0.0.1 $1 $3 A $IP -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _kerberos._tcp.Default-First-Site-Name._sites SRV "$2.$1 88 0 100" "$3.$1 88 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _ldap._tcp.Default-First-Site-Name._sites SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _gc._tcp.Default-First-Site-Name._sites SRV "$2.$1 3268 0 100" "$3.$1 3268 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _gc._tcp SRV "$2.$1 3268 0 100" "$3.$1 3268 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _kerberos._tcp SRV "$2.$1 88 0 100" "$3.$1 88 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _kpasswd._tcp SRV "$2.$1 464 0 100" "$3.$1 464 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _ldap._tcp SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _kerberos._udp SRV "$2.$1 88 0 100" "$3.$1 88 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _kpasswd._udp SRV "$2.$1 464 0 100" "$3.$1 464 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 DomainDnsZones A $dns_ip $IP -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _ldap._tcp.DomainDnsZones SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 ForestDnsZones A $dns_ip $IP -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $1 _ldap._tcp.ForestDnsZones SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
#/usr/local/samba/bin/samba-tool dns add 127.0.0.1 $1 $2 A $IP -U${admin}%${pass}
#/usr/local/samba/bin/samba-tool dns delete 127.0.0.1 $1 $3 A $DC_IP -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _msdcs.$1 NS $2.$1 $3.$1 -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _ldap._tcp.Default-First-Site-Name._sites.dc SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _kerberos._tcp.Default-First-Site-Name._sites.dc SRV "$2.$1 88 0 100" "$3.$1 88 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _ldap._tcp.dc SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _kerberos._tcp.dc SRV "$2.$1 88 0 100" "$3.$1 88 0 100" -U${admin}%${pass}
guid=`/usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb "objectClass=domainDNS" objectGUID | grep objectGUID | cut -d ' ' -f 2`
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _ldap._tcp.$guid.domains SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 gc A $dns_ip $IP -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _ldap._tcp.Default-First-Site-Name._sites.gc SRV "$2.$1 3268 0 100" "$3.$1 3268 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _ldap._tcp.gc SRV "$2.$1 3268 0 100" "$3.$1 3268 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _ldap._tcp.pdc SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool user delete ${admin}
/sbin/setcfg SAMBA4 mode 0
/sbin/setcfg SAMBA4 DC_IP $IP
/etc/init.d/smb.sh restart
}
_seize_pdc_in_dns()
{
GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
if [ -f /etc/config/br.conf ]; then
BR_CHECK=`/sbin/getcfg $GW_CHECK br_name -f /etc/config/br.conf -d "none"`
if [ "x$BR_CHECK" != "xnone" ]; then
GW_CHECK=$BR_CHECK
fi
fi
IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
#GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
#IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
DC_IP=`/sbin/getcfg SAMBA4 DC_IP`
dns_ip=`/sbin/getcfg SAMBA4 dns`
pass="admin123@qnap"
admin=`/sbin/uuidgen`
/usr/local/samba/bin/samba-tool user add ${admin} ${pass}
/usr/local/samba/bin/samba-tool group addmembers "Enterprise Admins" ${admin}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.$1 _ldap._tcp.pdc SRV "$2.$1 389 0 100" "$3.$1 389 0 100" -U${admin}%${pass}
/usr/local/samba/bin/samba-tool user delete ${admin}
/sbin/setcfg SAMBA4 mode 0
/sbin/setcfg SAMBA4 DC_IP $IP
/etc/init.d/smb.sh restart
}
_dns_update()
{
GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
if [ -f /etc/config/br.conf ]; then
BR_CHECK=`/sbin/getcfg $GW_CHECK br_name -f /etc/config/br.conf -d "none"`
if [ "x$BR_CHECK" != "xnone" ]; then
GW_CHECK=$BR_CHECK
fi
fi
IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
#GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
#IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
DC_IP=`/sbin/getcfg SAMBA4 DC_IP`
mode_t=`/sbin/getcfg SAMBA4 mode`
# if [ "x$mode_t" == "x0" ];then
if [ "x$IP" != "x$DC_IP" ]; then
ZONE_T=`/sbin/getcfg SAMBA4 domain`
NBNAME=`/sbin/getcfg global "netbios name" -f ${CONFIG}`
ifconfig ${GW_CHECK}:0 ${DC_IP} up
interface_t=`/sbin/getcfg global interface -d "x" -f ${CONFIG}`
/sbin/setcfg global interface "lo $GW_CHECK ${GW_CHECK}:0" -f ${CONFIG}
/usr/local/samba/sbin/samba_dnsupdate --verbose
ACCOUNT_TMP=`/sbin/uuidgen`
/usr/local/samba/bin/samba-tool user add ${ACCOUNT_TMP} admin123@qnap
/usr/local/samba/bin/samba-tool group addmembers "Enterprise Admins" ${ACCOUNT_TMP}
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $ZONE_T $ZONE_T A $DC_IP $IP -U${ACCOUNT_TMP}%admin123@qnap
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $ZONE_T DomainDnsZones A $DC_IP $IP -U${ACCOUNT_TMP}%admin123@qnap
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $ZONE_T ForestDnsZones A $DC_IP $IP -U${ACCOUNT_TMP}%admin123@qnap
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 $ZONE_T ${NBNAME}.${ZONE_T} A $DC_IP $IP -U${ACCOUNT_TMP}%admin123@qnap
/usr/local/samba/bin/samba-tool dns update 127.0.0.1 _msdcs.${ZONE_T} gc A $DC_IP $IP -U${ACCOUNT_TMP}%admin123@qnap
/usr/local/samba/bin/samba-tool user delete ${ACCOUNT_TMP}
ifconfig eth0:0 down
if [ "x$interface_t" == "x" ]; then
/sbin/setcfg -e global interface -f ${CONFIG}
else
/sbin/setcfg global interface $interface_t -f ${CONFIG}
fi
/sbin/setcfg SAMBA4 DC_IP $IP
/sbin/daemon_mgr smbd stop "${smbd_bin}"
/sbin/daemon_mgr samba stop "/usr/local/samba/sbin/samba"
sleep 1
/sbin/daemon_mgr smbd start "${smbd_bin}"
/usr/bin/killall smbd -q > /dev/null 2>&1
/sbin/daemon_mgr samba start "/usr/local/samba/sbin/samba"
sleep 1
else
/sbin/setcfg SAMBA4 DC_IP $IP
fi
# fi
}
_dc_check()
{
if [ `/sbin/getcfg SAMBA4 mode` != 0 ] && [ "x$1" == "x" ]; then
return 1
fi
/bin/rm /tmp/dc_check > /dev/null 2>&1
if [ "x$1" == "x" ];then
/usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid | grep dn: > /tmp/dc_check
srv_num=`/usr/bin/wc -l /tmp/dc_check | cut -d ' ' -f 7`
/bin/rm /tmp/dc_check -rf
if [ "x$srv_num" != "x1" ]; then
return 1
else
return 0
fi
else
/usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid | grep dn:
return 0;
fi
}
_modify_domain_usrs_xid()
{
group_dn=`/usr/local/samba/bin/ldbsearch -H ${DEF_VOLMP}/${SMB_TARGET_NAME}/private/idmap.ldb '(type=ID_TYPE_GID) && (xidNumber=100)' dn | grep dn | cut -d ' ' -f 2`
xid=`/usr/local/samba/bin/ldbsearch -H ${DEF_VOLMP}/${SMB_TARGET_NAME}/private/idmap.ldb -b "CN=CONFIG" xidNumber | grep xidNumber | cut -d ' ' -f 2`
new_xid=$xid
let new_xid=new_xid+1
echo "dn: CN=CONFIG
changetype: modify
replace: xidNumber
xidnumber: $new_xid
dn: $group_dn
changetype: modify
replace: xidNumber
xidnumber: $xid
" > /tmp/xid.ldif
/usr/local/samba/bin/ldbmodify -H ${DEF_VOLMP}/${SMB_TARGET_NAME}/private/idmap.ldb /tmp/xid.ldif
}
#
# bug#83374, assign suitable dc as password server
#
function set_auth_password_server()
{
#
# $1 = mode, $2 = domain, $3 = DNS IP, $4 = config
#
if [ $# -ne 4 ]; then
return 1
fi
if [ $1 -ne 2 ]; then
return 1
fi
local FOUND_DCS=`/usr/bin/getDomainServers k $2|grep addresses|cut -d '=' -f 2`
local FOUND_PRIMARY_DC
for i in ${FOUND_DCS}
do
/usr/local/samba/bin/net ads lookup -S $i > /tmp/dc.lookup.$i
cat /tmp/dc.lookup.$i |grep "Is writable:"|grep "no" > /dev/null
# skip read only domain controller
if [ $? -eq 0 ]; then
rm -rf /tmp/dc.lookup.$i
continue
fi
cat /tmp/dc.lookup.$i |grep "Is a PDC:"|grep "yes" > /dev/null
# primary domain controller
if [ $? -eq 0 ]; then
FOUND_PRIMARY_DC=$i
fi
if [ "$3" == "$i" ]; then
# DNS IP = DC IP, use this IP as password server"
/sbin/setcfg global "password server" $i -f $4
/usr/local/samba/bin/net time set -S $i
rm -rf /tmp/dc.lookup.$i
return 0
fi
rm -rf /tmp/dc.lookup.$i
done
# DNS not equal to DC, we use primary DC as password server
if [ ! -z $FOUND_PRIMARY_DC ]; then
# DNS IP != DC IP, use primary DC as password server"
/sbin/setcfg global "password server" ${FOUND_PRIMARY_DC} -f $4
/usr/local/samba/bin/net time set -S ${FOUND_PRIMARY_DC}
return 0
fi
return 1
}
_samba_domain()
{
ROLE_CHECK=`/sbin/getcfg global "server role" -d "x" -f ${CONFIG}`
if [ "$ROLE_CHECK" == "active directory domain controller" ]; then
_dc_check
if [ $? = 0 ]; then
CONF_TMP1=`/sbin/uuidgen`
CONF_TMP="${DEF_VOLMP}/${CONF_TMP1}"
/etc/init.d/smb.sh addc_backup $CONF_TMP
fi
fi
/etc/init.d/smb.sh stop
if [ "x$1" == "x1" ] || [ "x$1" == "x2" ]; then
/bin/echo "samba4: mode:$1"
if [ "$ROLE_CHECK" != "active directory domain controller" ]; then
_backup_non_addc_conf
/bin/rm /etc/config/krb5.conf -f > /dev/null 2>&1
/bin/touch /etc/config/krb5.conf > /dev/null 2>&1
fi
/sbin/setcfg libdefaults dns_lookup_realm true -f /etc/config/krb5.conf
/sbin/setcfg libdefaults dns_lookup_kdc true -f /etc/config/krb5.conf
realm_t=`echo $2 | tr [a-z] [A-Z]`
/sbin/setcfg libdefaults default_realm $realm_t -f /etc/config/krb5.conf
if [ ! -f /etc/resolv_bak ]; then
/bin/cp /etc/resolv.conf /etc/resolv_bak > /dev/null 2>&1
fi
/bin/echo "nameserver $5"> /tmp/smbp1
/sbin/setcfg SAMBA4 dns $5
/bin/cat /tmp/smbp1 /etc/resolv_bak > /etc/resolv.conf
fi
if [ -d ${DEF_VOLMP}/.samba_private_addc ]; then
/bin/rm ${DEF_VOLMP}/.samba_private_addc -rf > /dev/null 2>&1
fi
/bin/cp $CONFIG ${CONFIG}bk
/bin/echo "" > $CONFIG
/sbin/setcfg -e global "vfs objects" -f $CONFIG
netbios_wrapper $2
domain_t=$netbios
GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
if [ -f /etc/config/br.conf ]; then
BR_CHECK=`/sbin/getcfg $GW_CHECK br_name -f /etc/config/br.conf -d "none"`
if [ "x$BR_CHECK" != "xnone" ]; then
GW_CHECK=$BR_CHECK
fi
fi
IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
#GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
#IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
T_PATH_o=`/sbin/getcfg SAMBA4 TARGET_PATH`
if [ "x${DEF_VOLMP}" != "x" ]; then
/bin/mount -o remount,acl ${DEF_VOLMP}
T_PATH="${DEF_VOLMP}/${SMB_TARGET_NAME}"
TARGET_PATH="--targetdir=${T_PATH}"
fi
ADDC_DEBUG_CHECK=`/sbin/getcfg SAMBA4 enable_addc_debug_log -d 0`
QDNS_CHECK=`/sbin/getcfg QDNS Enable -u -d "FALSE" -f /etc/config/qpkg.conf`
if [ "x$1" == "x0" ]; then
if [ -f /etc/resolv_bak ]; then
/bin/cp /etc/resolv_bak /etc/resolv.conf -f
fi
if [ "x$QDNS_CHECK" == "xFALSE" ]; then
/usr/local/samba/bin/samba-tool domain provision --realm=$2 --domain=${domain_t} --adminpass="$3" --server-role=dc --host-ip=$IP $TARGET_PATH -d $ADDC_DEBUG_CHECK &>$ENABLE_ADDC_LOG
else
/usr/local/samba/bin/samba-tool domain provision --realm=$2 --domain=${domain_t} --adminpass="$3" --server-role=dc --host-ip=$IP --dns-backend=BIND9_DLZ $TARGET_PATH -d $ADDC_DEBUG_CHECK &>$ENABLE_ADDC_LOG
fi
elif [ "x$1" == "x1" ]; then
if [ "x$QDNS_CHECK" == "xFALSE" ]; then
/usr/local/samba/bin/samba-tool domain join $2 DC -U"$4"%"$3" $TARGET_PATH -d $ADDC_DEBUG_CHECK &>$ENABLE_ADDC_LOG
else
/usr/local/samba/bin/samba-tool domain join $2 DC -U"$4"%"$3" --dns-backend=BIND9_DLZ $TARGET_PATH -d $ADDC_DEBUG_CHECK &>$ENABLE_ADDC_LOG
fi
elif [ "x$1" == "x2" ]; then
if [ "x$QDNS_CHECK" == "xFALSE" ]; then
/usr/local/samba/bin/samba-tool domain join $2 RODC -U"$4"%"$3" $TARGET_PATH -d $ADDC_DEBUG_CHECK &>$ENABLE_ADDC_LOG
else
/usr/local/samba/bin/samba-tool domain join $2 RODC -U"$4"%"$3" --dns-backend=BIND9_DLZ $TARGET_PATH -d $ADDC_DEBUG_CHECK &>$ENABLE_ADDC_LOG
fi
else
/bin/echo "error 1"
exit 1
fi
if [ "x$?" != "x0" ]; then
/bin/echo "error 2"
if [ "x$T_PATH" != "x" ]; then
/bin/rm $T_PATH -rf > /dev/null 2>&1
fi
if [ "x$CONF_TMP" != "x" ] && [ -f $CONF_TMP ]; then
if [ "x$1" == "x1" ] || [ "x$1" == "x2" ]; then
/bin/cp /etc/resolv_bak /etc/resolv.conf
fi
/bin/mv ${CONFIG}bk ${CONFIG}
/etc/init.d/smb.sh addc_restore $CONF_TMP
/bin/rm $CONF_TMP > /dev/null 2>&1
else
_samba4_mode_change 1
fi
/etc/init.d/smb.sh restart
if [ "x$1" == "x1" ] || [ "x$1" == "x2" ]; then
/sbin/hwclock -s
fi
if [ "x$1" == "x0" ]; then
/sbin/write_log "[Domain Services] A domain $2 creating failed." 1 > /dev/null 2>&1
elif [ "x$1" == "x1" ]; then
/sbin/write_log "[Domain Services] An additional domain controller join to $2 failed." 1 > /dev/null 2>&1
elif [ "x$1" == "x2" ]; then
/sbin/write_log "[Domain Services] A read-only domain controller join to $2 failed." 1 > /dev/null 2>&1
fi
exit 1
fi
/sbin/setcfg -e SAMBA4 backup_enable
/sbin/setcfg -e SAMBA4 bk_freq
/sbin/setcfg -e SAMBA4 bk_start
/sbin/setcfg -e SAMBA4 bk_dest
/sbin/setcfg -e SAMBA4 bk_overwrite
/bin/sed -i '/smb.sh addc_backupf/d' /etc/config/crontab > /dev/null 2>&1
GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
if [ -f /etc/config/br.conf ]; then
BR_CHECK=`/sbin/getcfg $GW_CHECK br_name -f /etc/config/br.conf -d "none"`
if [ "x$BR_CHECK" != "xnone" ]; then
GW_CHECK=$BR_CHECK
fi
fi
IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
#GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
#IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
/sbin/setcfg SAMBA4 DC_IP $IP
/sbin/setcfg -e SAMBA4 TARGET_PATH
/sbin/setcfg -e SAMBA4 MOUNT_PATH
if [ "x$T_PATH" != "x" ]; then
if [ "x$T_PATH_o" != "x$T_PATH" ]; then
/bin/rm $T_PATH_o -rf > /dev/null 2>&1
fi
/sbin/setcfg SAMBA4 TARGET_PATH $T_PATH
/sbin/setcfg SAMBA4 MOUNT_PATH $DEF_VOLMP
CONFIG=${T_PATH}/etc/smb.conf
PRIVATE_DIR=`/sbin/getcfg global "private dir" -f $CONFIG`
LOCK_DIR=`/sbin/getcfg global "lock directory" -f $CONFIG`
STATE_DIR=`/sbin/getcfg global "state directory" -f $CONFIG`
CACHE_DIR=`/sbin/getcfg global "cache directory" -f $CONFIG`
#QDNS test
QDNS_CHECK=`/sbin/getcfg QDNS Enable -u -d "FALSE" -f /etc/config/qpkg.conf`
if [ "x$QDNS_CHECK" == "xTRUE" ]; then
SERVER_SERVICES=`/sbin/getcfg global "server services" -f $CONFIG`
fi
fi
if [ "x$1" == "x0" ]; then
/usr/local/samba/bin/samba-tool domain passwordsettings set --min-pwd-age=0 -s $CONFIG
_modify_domain_usrs_xid
fi
if [ -f $CONF_TMP ]; then
/bin/rm $CONF_TMP > /dev/null 2>&1
fi
WORKGROUP_T=`/sbin/getcfg global "workgroup" -d "QNAPNAS" -f $CONFIG`
if [ "x$T_PATH" != "x" ]; then
DOMAIN_SID=`/usr/local/samba/bin/ldbsearch -H ${T_PATH}/private/sam.ldb "(&(objectClass=top)(objectClass=domainDNS)(name=${domain_t}))" --cross-ncs objectSid | grep objectSid | cut -d ' ' -f 2`
DOMAIN_ADMINS=`/usr/local/samba/bin/ldbsearch -H ${T_PATH}/private/sam.ldb "(objectSid=${DOMAIN_SID}-512)" name | grep "name:" | /bin/sed -n "s/name: //p"`
DOMAIN_USERS=`/usr/local/samba/bin/ldbsearch -H ${T_PATH}/private/sam.ldb "(objectSid=${DOMAIN_SID}-513)" name | grep "name:" | /bin/sed -n "s/name: //p"`
else
DOMAIN_SID=`/usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb "(&(objectClass=top)(objectClass=domainDNS)(name=${domain_t}))" --cross-ncs objectSid | grep objectSid | cut -d ' ' -f 2`
DOMAIN_ADMINS=`/usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb "(objectSid=${DOMAIN_SID}-512)" name | grep "name:" | /bin/sed -n "s/name: //p"`
DOMAIN_USERS=`/usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb "(objectSid=${DOMAIN_SID}-513)" name | grep "name:" | /bin/sed -n "s/name: //p"`
fi
NB_NAME=`/sbin/getcfg global "netbios name" -d "QNAPNAS" -f $CONFIG`
N_PATH=`/sbin/getcfg netlogon "path" -d "x" -f $CONFIG`
S_PATH=`/sbin/getcfg sysvol "path" -d "x" -f $CONFIG`
/bin/mv /etc/config/smb.confbk $CONFIG -f > /dev/null
/sbin/setcfg -e global "private dir" -f $CONFIG
/sbin/setcfg -e global "lock directory" -f $CONFIG
/sbin/setcfg -e global "state directory" -f $CONFIG
/sbin/setcfg -e global "cache directory" -f $CONFIG
/sbin/setcfg global realm $2 -f $CONFIG
/sbin/setcfg global workgroup ${WORKGROUP_T} -f $CONFIG
/sbin/setcfg global "netbios name" $NB_NAME -f $CONFIG
/sbin/setcfg global "server role" "active directory domain controller" -f $CONFIG
# Bug#87266, windows AD member cannot auto sync time with NAS DC
# set a directory for IPC with ntpd
#
/sbin/setcfg global "ntp signd socket directory" "/usr/local/samba/var/lib/ntp_signd" -f $CONFIG
dns_forwarder=`grep nameserver /etc/resolv_bak | head -n 1`
if [ "x$T_PATH" != "x" ]; then
/sbin/setcfg global "private dir" $PRIVATE_DIR -f $CONFIG
/sbin/setcfg global "lock directory" $LOCK_DIR -f $CONFIG
/sbin/setcfg global "state directory" $STATE_DIR -f $CONFIG
/sbin/setcfg global "cache directory" $CACHE_DIR -f $CONFIG
#QDNS test
QDNS_CHECK=`/sbin/getcfg QDNS Enable -u -d "FALSE" -f /etc/config/qpkg.conf`
if [ "x$QDNS_CHECK" == "xTRUE" ]; then
/sbin/setcfg global "server services" "$SERVER_SERVICES" -f $CONFIG
/bin/echo "dlz \"AD DNS Zone\" {" > ${T_PATH}/private/${DLZ_FILE}
/bin/echo "database \"dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so\";" >> ${T_PATH}/private/${DLZ_FILE}
/bin/echo "};" >> ${T_PATH}/private/${DLZ_FILE}
fi
fi
if [ "x$dns_forwarder" != "x" ]; then
dns_t=`echo "$dns_forwarder" | cut -d ' ' -f 2`
/sbin/setcfg global "dns forwarder" $dns_t -f $CONFIG
fi
/sbin/setcfg global "guest account" guest -f $CONFIG
/sbin/setcfg -e global "wide links" -f $CONFIG
/sbin/setcfg -e global security -f $CONFIG
/sbin/setcfg -e global "password server" -f $CONFIG
/sbin/setcfg -e global "pam password change" -f $CONFIG
/sbin/setcfg -e global "winbind separator" -f $CONFIG
/sbin/setcfg -e global "winbind enum users" -f $CONFIG
/sbin/setcfg -e global "winbind enum groups" -f $CONFIG
/sbin/setcfg -e global "winbind cache time" -f $CONFIG
/bin/sed -i "/idmap config /d" $CONFIG
/sbin/setcfg -e global "pid directory" -f $CONFIG
/sbin/setcfg netlogon "comment" "netlogon" -f $CONFIG
/sbin/setcfg netlogon "path" $N_PATH -f $CONFIG
/sbin/setcfg netlogon "invalid users" "" -f $CONFIG
/sbin/setcfg netlogon "read list" "@\"${WORKGROUP_T}\\${DOMAIN_USERS}\"" -f $CONFIG
/sbin/setcfg netlogon "write list" "@\"${WORKGROUP_T}\\${DOMAIN_ADMINS}\"" -f $CONFIG
/sbin/setcfg netlogon "valid users" "@\"${WORKGROUP_T}\\${DOMAIN_ADMINS}\",@\"${WORKGROUP_T}\\${DOMAIN_USERS}\"" -f $CONFIG
/sbin/setcfg netlogon "browsable" yes -f $CONFIG
/sbin/setcfg sysvol "comment" "sysvol" -f $CONFIG
/sbin/setcfg sysvol "path" $S_PATH -f $CONFIG
/sbin/setcfg sysvol "invalid users" "" -f $CONFIG
/sbin/setcfg sysvol "read list" "@\"${WORKGROUP_T}\\${DOMAIN_USERS}\"" -f $CONFIG
/sbin/setcfg sysvol "write list" "@\"${WORKGROUP_T}\\${DOMAIN_ADMINS}\"" -f $CONFIG
/sbin/setcfg sysvol "valid users" "@\"${WORKGROUP_T}\\${DOMAIN_ADMINS}\",@\"${WORKGROUP_T}\\${DOMAIN_USERS}\"" -f $CONFIG
/sbin/setcfg sysvol "browsable" yes -f $CONFIG
/sbin/setcfg sysvol "inherit permissions" Yes -f $CONFIG
/sbin/setcfg sysvol "inherit owner" Yes -f $CONFIG
/sbin/setcfg sysvol "inherit acls" Yes -f $CONFIG
/sbin/setcfg SAMBA4 domain $2
if [ "x$T_PATH" != "x" ]; then
/bin/mv $CONFIG /etc/config/smb.conf
/bin/rm ${SMB_PATH}/samba/var/locks -rf
/bin/rm ${SMB_PATH}/samba/var/cache -rf
/bin/rm ${SMB_PATH}/samba/var/lock -rf
/bin/rm ${SMB_PATH}/samba/private -rf
/bin/ln -sf ${T_PATH}/state ${SMB_PATH}/samba/var/locks
/bin/ln -sf ${T_PATH}/cache ${SMB_PATH}/samba/var/cache
/bin/ln -sf ${T_PATH} ${SMB_PATH}/samba/var/lock
/bin/ln -sf ${T_PATH}/private ${SMB_PATH}/samba/private
for sysvol_check in `ls ${DEF_VOLMP}/${SMB_TARGET_NAME}/state/sysvol`; do
if [ "x$sysvol_check" != "x" ] && [ "x$sysvol_check" != "x$2" ]; then
/bin/rm ${DEF_VOLMP}/${SMB_TARGET_NAME}/state/sysvol/${sysvol_check} -rf
fi
done
fi
#
# bug#83374, assign suitable dc as password server
#
set_auth_password_server $1 $2 $5 /etc/config/smb.conf
if [ "x$1" == "x1" ] || [ "x$1" == "x2" ]; then
GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
if [ -f /etc/config/br.conf ]; then
BR_CHECK=`/sbin/getcfg $GW_CHECK br_name -f /etc/config/br.conf -d "none"`
if [ "x$BR_CHECK" != "xnone" ]; then
GW_CHECK=$BR_CHECK
fi
fi
IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
#GW_CHECK=`/sbin/getcfg Network "Default GW Device" -d "eth0"`
#IP=`/sbin/ifconfig $GW_CHECK | grep "inet addr" | cut -f 2 -d ':' | cut -f 1 -d ' '`
/usr/local/samba/bin/samba-tool dns add $5 $2 ${NB_NAME} A $IP -U"$4"%"$3" > /dev/null 2>&1
OBJID=`/usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid | /bin/sed -n "/${NB_NAME}/,/objectGUID/p" | grep objectGUID | /bin/cut -d " " -f 2`
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 $OBJID CNAME ${NB_NAME}.$2 -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 $2 NS ${NB_NAME}.$2 -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 $2 A $IP -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _kerberos._tcp.Default-First-Site-Name._sites SRV "${NB_NAME}.$2 88 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _ldap._tcp.Default-First-Site-Name._sites SRV "${NB_NAME}.$2 389 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _gc._tcp.Default-First-Site-Name._sites SRV "${NB_NAME}.$2 3268 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _gc._tcp SRV "${NB_NAME}.$2 3268 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _kerberos._tcp SRV "${NB_NAME}.$2 88 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _kpasswd._tcp SRV "${NB_NAME}.$2 464 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _ldap._tcp SRV "${NB_NAME}.$2 389 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _kerberos._udp SRV "${NB_NAME}.$2 88 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _kpasswd._udp SRV "${NB_NAME}.$2 464 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 DomainDnsZones A $IP -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones SRV "${NB_NAME}.$2 389 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _ldap._tcp.DomainDnsZones SRV "${NB_NAME}.$2 389 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 ForestDnsZones A $IP -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones SRV "${NB_NAME}.$2 389 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 $2 _ldap._tcp.ForestDnsZones SRV "${NB_NAME}.$2 389 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 _msdcs.$2 NS ${NB_NAME}.$2 -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 _ldap._tcp.Default-First-Site-Name._sites.dc SRV "${NB_NAME}.$2 389 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 _kerberos._tcp.Default-First-Site-Name._sites.dc SRV "${NB_NAME}.$2 88 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 _ldap._tcp.dc SRV "${NB_NAME}.$2 389 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 _kerberos._tcp.dc SRV "${NB_NAME}.$2 88 0 100" -U"$4"%"$3" > /dev/null 2>&1
guid=`/usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb "objectClass=domainDNS" objectGUID | grep objectGUID | cut -d ' ' -f 2`
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 _ldap._tcp.$guid.domains SRV "${NB_NAME}.$2 389 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 gc A $IP -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 _ldap._tcp.Default-First-Site-Name._sites.gc SRV "${NB_NAME}.$2 3268 0 100" -U"$4"%"$3" > /dev/null 2>&1
/usr/local/samba/bin/samba-tool dns add $5 _msdcs.$2 _ldap._tcp.gc SRV "${NB_NAME}.$2 3268 0 100" -U"$4"%"$3" > /dev/null 2>&1
fi
if [ "x$1" == "x0" ]; then
/sbin/write_log "[Domain Services] A domain $2 was created." 4 > /dev/null 2>&1
elif [ "x$1" == "x1" ]; then
/sbin/write_log "[Domain Services] An additional domain controller join to $2 was successful." 4 > /dev/null 2>&1
elif [ "x$1" == "x2" ]; then
/sbin/write_log "[Domain Services] A read-only domain controller join to $2 was successful." 4 > /dev/null 2>&1
fi
}
_select_shared()
{
i=1
/bin/cat $2 | while read line
do
s_check=`/bin/echo ${line} | grep '^\[.*\]'`
if [ "x$s_check" != "x" ]; then
s_name_t=${s_check#[}
s_name=${s_name_t%]}
if [ "x$s_name" != "xglobal" ] && [ "x$s_name" != "xnetlogon" ] && [ "x$s_name" != "xsysvol" ]; then
if [ "x$1" == "x1" ]; then
G_CHECK="yes"
else
G_CHECK="no"
fi
else
if [ "x$1" == "x1" ]; then
G_CHECK="no"
else
G_CHECK="yes"
fi
fi
fi
if [ "x$G_CHECK" != "xyes" ]; then
/bin/sed -i "${i}d" $2 >/dev/null 2>&1
else
let i=i+1
fi
done
}
_samba4_conf()
{
/bin/echo _samba4_conf
/sbin/setcfg -e global "wide links" -f $CONFIG
/sbin/setcfg -e global "force directory security mode" -f $CONFIG
/sbin/setcfg -e global "display charset" -f ${CONFIG}
grep '^\[.*\]' $CONFIG | while read line
do
s_name_t=${line#[}
s_name=${s_name_t%]}
if [ "x$s_name" != "xglobal" ]; then
# /sbin/setcfg $s_name "wide links" yes -f $CONFIG
/sbin/setcfg -e $s_name "ftp write only" -f $CONFIG
fi
d_name1=`/sbin/getcfg SAMBA4 domain| /bin/cut -d . -f 1 | tr [a-z] [A-Z]`
d_name="${d_name1}\\\\Domain Users"
READ_LIST=`/sbin/getcfg $s_name "read list" -f $CONFIG`
WRITE_LIST=`/sbin/getcfg $s_name "write list" -f $CONFIG`
VALID_USERS=`/sbin/getcfg $s_name "valid users" -f $CONFIG`
if [ "x$READ_LIST" != "x" ]; then
REP_NAME1=`echo $READ_LIST | /bin/sed "s/^admin$/administrator/g"`
REP_NAME2=`echo $REP_NAME1 | /bin/sed "s/,admin$/,administrator/g"`
REP_NAME3=`echo $REP_NAME2 | /bin/sed "s/^admin,/administrator,/g"`
REP_NAME4=`echo $REP_NAME3 | /bin/sed "s/,admin,/,administrator,/g"`
REP_NAME5=`echo $REP_NAME4 | /bin/sed "s/^\"admin\"$/\"administrator\"/g"`
REP_NAME6=`echo $REP_NAME5 | /bin/sed "s/,\"admin\"$/,\"administrator\"/g"`
REP_NAME7=`echo $REP_NAME6 | /bin/sed "s/^\"admin\",/\"administrator\",/g"`
REP_NAME8=`echo $REP_NAME7 | /bin/sed "s/,\"admin\",/,\"administrator\",/g"`
REP_NAME9=`echo $REP_NAME8 | /bin/sed "s/^@\"everyone\"$/@\"${d_name}\"/g"`
REP_NAME10=`echo $REP_NAME9 | /bin/sed "s/,@\"everyone\"$/,@\"${d_name}\"/g"`
REP_NAME11=`echo $REP_NAME10 | /bin/sed "s/^@\"everyone\",/@\"${d_name}\",/g"`
REP_NAME=`echo $REP_NAME11 | /bin/sed "s/,@\"everyone\",/,@\"${d_name}\",/g"`
/sbin/setcfg $s_name "read list" "$REP_NAME" -f $CONFIG
fi
if [ "x$WRITE_LIST" != "x" ]; then
REP_NAME1=`echo $WRITE_LIST | /bin/sed "s/^admin$/administrator/g"`
REP_NAME2=`echo $REP_NAME1 | /bin/sed "s/,admin$/,administrator/g"`
REP_NAME3=`echo $REP_NAME2 | /bin/sed "s/^admin,/administrator,/g"`
REP_NAME4=`echo $REP_NAME3 | /bin/sed "s/,admin,/,administrator,/g"`
REP_NAME5=`echo $REP_NAME4 | /bin/sed "s/^\"admin\"$/\"administrator\"/g"`
REP_NAME6=`echo $REP_NAME5 | /bin/sed "s/,\"admin\"$/,\"administrator\"/g"`
REP_NAME7=`echo $REP_NAME6 | /bin/sed "s/^\"admin\",/\"administrator\",/g"`
REP_NAME8=`echo $REP_NAME7 | /bin/sed "s/,\"admin\",/,\"administrator\",/g"`
REP_NAME9=`echo $REP_NAME8 | /bin/sed "s/^@\"everyone\"$/@\"${d_name}\"/g"`
REP_NAME10=`echo $REP_NAME9 | /bin/sed "s/,@\"everyone\"$/,@\"${d_name}\"/g"`
REP_NAME11=`echo $REP_NAME10 | /bin/sed "s/^@\"everyone\",/@\"${d_name}\",/g"`
REP_NAME=`echo $REP_NAME11 | /bin/sed "s/,@\"everyone\",/,@\"${d_name}\",/g"`
/sbin/setcfg $s_name "write list" "$REP_NAME" -f $CONFIG
fi
if [ "x$VALID_USERS" != "x" ]; then
REP_NAME1=`echo $VALID_USERS | /bin/sed "s/^admin$/administrator/g"`
REP_NAME2=`echo $REP_NAME1 | /bin/sed "s/,admin$/,administrator/g"`
REP_NAME3=`echo $REP_NAME2 | /bin/sed "s/^admin,/administrator,/g"`
REP_NAME4=`echo $REP_NAME3 | /bin/sed "s/,admin,/,administrator,/g"`
REP_NAME5=`echo $REP_NAME4 | /bin/sed "s/^\"admin\"$/\"administrator\"/g"`
REP_NAME6=`echo $REP_NAME5 | /bin/sed "s/,\"admin\"$/,\"administrator\"/g"`
REP_NAME7=`echo $REP_NAME6 | /bin/sed "s/^\"admin\",/\"administrator\",/g"`
REP_NAME8=`echo $REP_NAME7 | /bin/sed "s/,\"admin\",/,\"administrator\",/g"`
REP_NAME9=`echo $REP_NAME8 | /bin/sed "s/^@\"everyone\"$/@\"${d_name}\"/g"`
REP_NAME10=`echo $REP_NAME9 | /bin/sed "s/,@\"everyone\"$/,@\"${d_name}\"/g"`
REP_NAME11=`echo $REP_NAME10 | /bin/sed "s/^@\"everyone\",/@\"${d_name}\",/g"`
REP_NAME=`echo $REP_NAME11 | /bin/sed "s/,@\"everyone\",/,@\"${d_name}\",/g"`
/sbin/setcfg $s_name "valid users" "$REP_NAME" -f $CONFIG
F_PATH=`/sbin/getcfg $s_name "path" -f $CONFIG`
/usr/bin/setfacl -m g:100:rwx ${F_PATH}
fi
done
}
_fix41beta()
{
if [ -d /mnt/HDA_ROOT/samba ] ; then
AD_CHECK=`/sbin/getcfg global "server role" -f $CONFIG`
if [ "$AD_CHECK" != "active directory domain controller" ]; then
#non-DC
/bin/echo non-DC mode
if [ -f /mnt/HDA_ROOT/samba/var/log.winbindd-dc-connect ] || [ ! -f /etc/config/secrets.tdb ]; then
/bin/cp /mnt/HDA_ROOT/samba/private/secrets.tdb /etc/config/ -f
fi
/bin/cp /mnt/HDA_ROOT/samba/private/cache/* ${SMB_PATH}/samba/private/cache/ -rf
/bin/cp /mnt/HDA_ROOT/samba/private/lib/* ${SMB_PATH}/samba/private/lib/ -rf
/bin/cp /mnt/HDA_ROOT/samba/private/lock/* ${SMB_PATH}/samba/private/lock/ -rf
/bin/cp /mnt/HDA_ROOT/samba/private/locks/* ${SMB_PATH}/samba/private/locks/ -rf
/bin/cp /mnt/HDA_ROOT/samba/private/run/* ${SMB_PATH}/samba/private/run/ -rf
/bin/cp /mnt/HDA_ROOT/samba/share/* ${SMB_PATH}/samba/share/ -rf
if [ "x$DEF_VOLMP" == "x" ]; then
/bin/echo "no default volume, stop move samba path"
return;
fi
if [ -d /mnt/HDA_ROOT/samba_private_addc ]; then
/bin/mkdir -p ${DEF_VOLMP}/${SMB_TARGET_NAME}
/bin/mkdir -p ${DEF_VOLMP}/${SMB_TARGET_NAME}/cache
/bin/mkdir -p ${DEF_VOLMP}/${SMB_TARGET_NAME}/state
/bin/mkdir -p ${DEF_VOLMP}/${SMB_TARGET_NAME}/private
/bin/ln -sf ${DEF_VOLMP}/${SMB_TARGET_NAME}/cache ${DEF_VOLMP}/.samba_cache_addc
/bin/ln -sf ${DEF_VOLMP}/${SMB_TARGET_NAME} ${DEF_VOLMP}/.samba_lock_addc
/bin/ln -sf ${DEF_VOLMP}/${SMB_TARGET_NAME}/state ${DEF_VOLMP}/.samba_locks_addc
/bin/ln -sf ${DEF_VOLMP}/${SMB_TARGET_NAME}/private ${DEF_VOLMP}/.samba_private_addc
/bin/cp /mnt/HDA_ROOT/samba_private_addc/* ${DEF_VOLMP}/${SMB_TARGET_NAME}/private/ -rf
/bin/cp /mnt/HDA_ROOT/samba/var/locks/* ${DEF_VOLMP}/${SMB_TARGET_NAME}/state/ -rf
/bin/cp /mnt/HDA_ROOT/samba/var/cache/* ${DEF_VOLMP}/${SMB_TARGET_NAME}/cache/ -rf
/bin/cp /mnt/HDA_ROOT/samba/var/lock/* ${DEF_VOLMP}/${SMB_TARGET_NAME}/ -rf
if [ -d /mnt/HDA_ROOT/samba_sysvol_addc ]; then
/bin/cp /mnt/HDA_ROOT/samba_sysvol_addc/* ${DEF_VOLMP}/.samba_locks_addc -rf
/bin/rm /mnt/HDA_ROOT/samba_sysvol_addc -rf
fi
/sbin/setcfg SAMBA4 TARGET_PATH "${DEF_VOLMP}/${SMB_TARGET_NAME}"
/sbin/setcfg SAMBA4 MOUNT_PATH "${DEF_VOLMP}"
if [ -f ${CONFIG}_addc ]; then
/sbin/setcfg global "private dir" "${DEF_VOLMP}/${SMB_TARGET_NAME}/private" -f ${CONFIG}_addc
/sbin/setcfg global "lock directory" "${DEF_VOLMP}/${SMB_TARGET_NAME}" -f ${CONFIG}_addc
/sbin/setcfg global "state directory" "${DEF_VOLMP}/${SMB_TARGET_NAME}/state" -f ${CONFIG}_addc
/sbin/setcfg global "cache directory" "${DEF_VOLMP}/${SMB_TARGET_NAME}/cache" -f ${CONFIG}_addc
fi
/bin/rm /mnt/HDA_ROOT/samba_private_addc -rf
fi
/bin/rm /mnt/HDA_ROOT/samba -rf
else
#DC
/bin/echo DC mode
if [ "x$DEF_VOLMP" == "x" ]; then
/bin/echo "no default volume, stop move samba path"
return;
fi
/bin/mkdir -p ${DEF_VOLMP}/${SMB_TARGET_NAME}
/bin/mkdir -p ${DEF_VOLMP}/${SMB_TARGET_NAME}/cache
/bin/mkdir -p ${DEF_VOLMP}/${SMB_TARGET_NAME}/state
/bin/mkdir -p ${DEF_VOLMP}/${SMB_TARGET_NAME}/private
/bin/mkdir -p ${DEF_VOLMP}/.samba_cache_non_addc
/bin/mkdir -p ${DEF_VOLMP}/.samba_lock_non_addc
if [ ! -d ${DEF_VOLMP}/.locks ]; then
/bin/mkdir -p ${DEF_VOLMP}/.locks
fi
/bin/ln -sf ${DEF_VOLMP}/.locks ${DEF_VOLMP}/.samba_locks_non_addc
/bin/mv ${SMB_PATH}/samba/private ${DEF_VOLMP}/.samba_private_non_addc -f
if [ -f /mnt/HDA_ROOT/samba/var/log.winbindd-dc-connect ]; then
/bin/cp /mnt/HDA_ROOT/samba/private/secrets.tdb /etc/config/ -f
else
if [ ! -f /etc/config/secrets.tdb ]; then
if [ -f /mnt/HDA_ROOT/samba_private_non_addc/secrets.tdb ]; then
/bin/cp /mnt/HDA_ROOT/samba_private_non_addc/secrets.tdb /etc/config/ -f
else
/bin/cp /mnt/HDA_ROOT/samba/private/secrets.tdb /etc/config/ -f
fi
fi
fi
#/bin/cp /mnt/HDA_ROOT/samba/var/lock/* ${DEF_VOLMP}/.samba_lock_non_addc/ -rf
#/bin/cp /mnt/HDA_ROOT/samba/var/locks/* ${DEF_VOLMP}/.samba_locks_non_addc/ -rf
#/bin/cp /mnt/HDA_ROOT/samba/var/cache/* ${DEF_VOLMP}/.samba_cache_non_addc/ -rf
/bin/cp /mnt/HDA_ROOT/samba/private/* ${DEF_VOLMP}/${SMB_TARGET_NAME}/private/ -rf
/bin/rm ${SMB_PATH}/samba/private -rf
/bin/ln -sf ${DEF_VOLMP}/${SMB_TARGET_NAME}/private ${SMB_PATH}/samba/private
/bin/cp /mnt/HDA_ROOT/samba/share/* ${SMB_PATH}/samba/share/ -rf
/sbin/setcfg SAMBA4 TARGET_PATH "${DEF_VOLMP}/${SMB_TARGET_NAME}"
/sbin/setcfg SAMBA4 MOUNT_PATH "${DEF_VOLMP}"
/sbin/setcfg global "private dir" "${DEF_VOLMP}/${SMB_TARGET_NAME}/private" -f $CONFIG
/sbin/setcfg global "lock directory" "${DEF_VOLMP}/${SMB_TARGET_NAME}" -f $CONFIG
/sbin/setcfg global "state directory" "${DEF_VOLMP}/${SMB_TARGET_NAME}/state" -f $CONFIG
/sbin/setcfg global "cache directory" "${DEF_VOLMP}/${SMB_TARGET_NAME}/cache" -f $CONFIG
/bin/rm /mnt/HDA_ROOT/samba /mnt/HDA_ROOT/samba_private_non_addc -rf
fi
fi
}
_set_cpu_core()
{
system_model=`/sbin/getcfg System Model -f /etc/config/uLinux.conf`
display_name="`/sbin/get_display_name`"
if [ "x${system_model}" == "xTS-X31" ]; then
for smbd_pid in `/bin/pidof smbd`; do
/bin/busybox_1.19.4 taskset -p 2 ${smbd_pid} > /dev/null 2>&1
/bin/renice -10 ${smbd_pid} > /dev/null 2>&1
done
if [ -x /etc/init.d/init_platform.sh ]; then
/etc/init.d/init_platform.sh
fi
elif [ "xTS-531P" == "x${display_name}" ]; then
/usr/sbin/ethtool -i eth4 2>/dev/null | /bin/grep tn40xx > /dev/null 2>&1
tehuti_exist="$?"
for smbd_pid in `/bin/pidof smbd`; do
if [ "x0" == "x${tehuti_exist}" ]; then
# tehuti is existed.
# TEHUTI_IRQ on core: 3 (see init_platform.sh).
# smbd on core: 0,1,2 (mask: 7=0b0111).
/bin/busybox_1.19.4 taskset -p 7 ${smbd_pid} > /dev/null 2>&1
fi
/bin/renice -10 ${smbd_pid} > /dev/null 2>&1
done
elif [ "x${system_model}" == "xTS-X28" ]; then
for smbd_pid in `/bin/pidof smbd`; do
/bin/busybox_1.19.4 taskset -p 2 ${smbd_pid} > /dev/null 2>&1
/bin/renice -10 ${smbd_pid} > /dev/null 2>&1
done
elif [ "x${system_model}" == "xTS-X31X" ]; then
for smbd_pid in `/bin/pidof smbd`; do
/bin/busybox_1.19.4 taskset -p 3 ${smbd_pid} > /dev/null 2>&1
/bin/renice -10 ${smbd_pid} > /dev/null 2>&1
done
elif [ "x${system_model}" == "xTS-269H" ]; then
for smbd_pid in `/bin/pidof smbd`; do
/sbin/taskset -p 2 ${smbd_pid} > /dev/null 2>&1
done
else
for smbd_pid in `/bin/pidof smbd`; do
/bin/renice -0 ${smbd_pid} > /dev/null 2>&1
done
fi
}
_backup_online()
{
/bin/rm ${DEF_VOLMP}/.samba_cache_addc ${DEF_VOLMP}/.samba_lock_addc ${DEF_VOLMP}/.samba_locks_addc ${DEF_VOLMP}/.samba_private_addc $BACKUP_TAR_LOG -rf
/bin/ln -sf ${DEF_VOLMP}/${SMB_TARGET_NAME}/cache ${DEF_VOLMP}/.samba_cache_addc
/bin/ln -sf ${DEF_VOLMP}/${SMB_TARGET_NAME} ${DEF_VOLMP}/.samba_lock_addc
/bin/ln -sf ${DEF_VOLMP}/${SMB_TARGET_NAME}/state ${DEF_VOLMP}/.samba_locks_addc
/bin/ln -sf ${DEF_VOLMP}/${SMB_TARGET_NAME}/private ${DEF_VOLMP}/.samba_private_addc
/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/private -name "*.ldb.bak" | xargs /bin/rm > /dev/null 2>&1
for ldb in `/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/private -name "*.ldb"`; do
/usr/local/samba/bin/tdbbackup $ldb
if [ $? -ne 0 ]; then
/usr/local/samba/bin/tdbbackup -l $ldb
if [ $? -ne 0 ]; then
/bin/echo "Error while backuping $ldb"
/bin/rm $BACKUP_CHECK > /dev/null 2>&1
exit 1
fi
fi
done
/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/ -name "*.tdb.bak" | xargs /bin/rm > /dev/null 2>&1
for tdb in `/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/ -name "*.tdb"`; do
/usr/local/samba/bin/tdbbackup $tdb
if [ $? -ne 0 ]; then
/usr/local/samba/bin/tdbbackup -l $tdb
if [ $? -ne 0 ]; then
/bin/echo "Error while backuping $tdb"
/bin/rm $BACKUP_CHECK > /dev/null 2>&1
exit 1
fi
fi
done
/bin/cp /etc/config/uLinux.conf /tmp/samba4_back_uLinux.conf -f > /dev/null 2>&1
/bin/cp /etc/config/smb.conf /etc/config/smb.conf_addc -f
TARGET_PATH=`/sbin/getcfg SAMBA4 TARGET_PATH`
smbd_pid_org=`pidof smbd`
P_CHECK=`/sbin/getcfg global workgroup -f $CONFIG`
/bin/echo "${NEW_TAR} --acls --xattrs -jcf '$1' ${DEF_VOLMP}/.samba_private_addc ${DEF_VOLMP}/.samba_locks_addc ${DEF_VOLMP}/.samba_lock_addc ${DEF_VOLMP}/.samba_cache_addc ${SMB_PATH}/samba/share /etc/config/smb.conf_addc /tmp/samba4_back_uLinux.conf $TARGET_PATH --exclude=*.ldb --exclude=*.tdb" | /bin/sh > /dev/null 2> $BACKUP_TAR_LOG
/bin/rm /tmp/samba4_back_uLinux.conf -f > /dev/null 2>&1
# /bin/pidof smbd > /tmp/smbd_pid_new
# /bin/sed -i "s/${smbd_pid_org}//g" /tmp/smbd_pid_new
# /bin/sed -i "s/ /\n/g" /tmp/smbd_pid_new
# /bin/cat /tmp/smbd_pid_new | xargs kill -9
/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/private -name "*.ldb.bak" | xargs /bin/rm > /dev/null 2>&1
/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/ -name "*.tdb.bak" | xargs /bin/rm > /dev/null 2>&1
/bin/rm ${DEF_VOLMP}/.samba_cache_addc ${DEF_VOLMP}/.samba_lock_addc ${DEF_VOLMP}/.samba_locks_addc ${DEF_VOLMP}/.samba_private_addc -rf
}
create_smb_usb_conf()
{
while read -r line
do
if [ "x$NORMAL_IF" == "x" ]; then
NORMAL_IF=$line
else
NORMAL_IF="$NORMAL_IF $line"
fi
done <<< "$(/sbin/ifconfig | /bin/grep HWaddr | /bin/cut -d ' ' -f 1 | /bin/grep -v ^${1}$ )"
#if [ -f /etc/config/smb.conf_org ]; then
# SOURCE_CONF="/etc/config/smb.conf_org"
#else
# SOURCE_CONF="/etc/config/smb.conf"
#fi
/bin/cp $CONFIG $USB_Q_CONFIG
#/sbin/setcfg global "bind interfaces only" yes -f /etc/config/smb.conf
#/sbin/setcfg global interfaces "$NORMAL_IF" -f /etc/config/smb.conf
/sbin/setcfg global "bind interfaces only" yes -f $USB_Q_CONFIG
/sbin/setcfg global interfaces "$1" -f $USB_Q_CONFIG
if [ "x$2" != "xreload" ]; then
/bin/rm -rf ${DEF_VOLMP}/smb_usb/run ${DEF_VOLMP}/smb_usb/cache ${DEF_VOLMP}/smb_usb/cache ${DEF_VOLMP}/smb_usb/state ${DEF_VOLMP}/smb_usb/cache > /dev/null 2>&1
fi
/bin/mkdir -p ${DEF_VOLMP}/smb_usb/run ${DEF_VOLMP}/smb_usb/cache ${DEF_VOLMP}/smb_usb/cache ${DEF_VOLMP}/smb_usb/state ${DEF_VOLMP}/smb_usb/cache > /dev/null 2>&1
NB_NAME=`hostname`_USB
/sbin/setcfg global "netbios name" "${NB_NAME}" -f $USB_Q_CONFIG
/sbin/setcfg global "pid directory" "${DEF_VOLMP}/smb_usb/run" -f $USB_Q_CONFIG
/sbin/setcfg global "lock directory" "${DEF_VOLMP}/smb_usb/cache" -f $USB_Q_CONFIG
/sbin/setcfg global "private dir" "${DEF_VOLMP}/smb_usb/cache" -f $USB_Q_CONFIG
/sbin/setcfg global "state directory" "${DEF_VOLMP}/smb_usb/state" -f $USB_Q_CONFIG
/sbin/setcfg global "cache directory" "${DEF_VOLMP}/smb_usb/cache" -f $USB_Q_CONFIG
/sbin/setcfg global "security" "user" -f $USB_Q_CONFIG
/sbin/setcfg global "server role" auto -f $USB_Q_CONFIG
/sbin/setcfg global "passdb backend" "smbpasswd" -f $USB_Q_CONFIG
}
set_usb_account()
{
USER_LIST=""
GROUP_LIST=""
if [ -f ${USB_Q_USER} ];then
while read -r line
do
if [ "x$line" != "x" ]; then
if [ "x$USER_LIST" == "x" ]; then
USER_LIST=\"$line\"
else
USER_LIST="$USER_LIST,\"$line\""
fi
fi
done <<< "$(/bin/cat ${USB_Q_USER})"
fi
if [ -f ${USB_Q_GROUP} ];then
while read -r line
do
if [ "x$line" != "x" ]; then
if [ "x$GROUP_LIST" == "x" ]; then
GROUP_LIST=@\"$line\"
else
GROUP_LIST="$GROUP_LIST,@\"$line\""
fi
fi
done <<< "$(/bin/cat ${USB_Q_GROUP})"
fi
if [ "x$USER_LIST" == "x" ] && [ "x$GROUP_LIST" == "x" ]; then
/sbin/setcfg -f $CONFIG "$1" "usb users" "\"\""
elif [ "x$USER_LIST" != "x" ] && [ "x$GROUP_LIST" == "x" ]; then
/sbin/setcfg -f $CONFIG "$1" "usb users" "${USER_LIST}"
elif [ "x$USER_LIST" == "x" ] && [ "x$GROUP_LIST" != "x" ]; then
/sbin/setcfg -f $CONFIG "$1" "usb users" "${GROUP_LIST}"
else
/sbin/setcfg -f $CONFIG "$1" "usb users" "${USER_LIST},${GROUP_LIST}"
fi
}
_backup_GPO()
{
sysvol="${DEF_VOLMP}/${SMB_TARGET_NAME}/state/sysvol"
computer_policy="Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit"
if [[ -d "${sysvol}" ]]; then
for domain in "${sysvol}"/* ; do
/bin/mkdir -p "${domain}/${computer_policy}"
GptTmpl="${domain}/${computer_policy}/GptTmpl.inf"
if [[ "$1" == "disable" ]]; then
if [[ -f "${GptTmpl}" ]]; then
/bin/mv "${GptTmpl}" "${GptTmpl}.backup" &>/dev/null
fi
/bin/ln -sf /dev/null "${GptTmpl}" &>/dev/null
elif [[ ! -f "${GptTmpl}" ]]; then
echo "${GptTmpl}">/dev/pts/1
if [[ -f "${GptTmpl}.backup" ]]; then
/bin/mv "${GptTmpl}.backup" "${GptTmpl}" &>/dev/null
else
/bin/touch "${GptTmpl}" &>/dev/null
fi
fi
done
fi
}
_disable_GPO()
{
_backup_GPO disable
# set default values
/usr/local/samba/bin/samba-tool domain passwordsettings set --min-pwd-age=0 &>/dev/null
/usr/local/samba/bin/samba-tool domain passwordsettings set --max-pwd-age=0 &>/dev/null
/usr/local/samba/bin/samba-tool domain passwordsettings set --min-pwd-length=8 &>/dev/null
/usr/local/samba/bin/samba-tool domain passwordsettings set --history-length=0 &>/dev/null
/usr/local/samba/bin/samba-tool domain passwordsettings set --complexity=on &>/dev/null
/usr/local/samba/bin/samba-tool domain passwordsettings set --store-plaintext=off &>/dev/null
}
_enable_GPO()
{
_backup_GPO
/usr/bin/qooba --ads gpo
}
# Init logrotate config.
_init_logrotate_config()
{
# Generate logrotate config if not exist.
if [ ! -f /etc/config/logrotate.conf ]; then
/bin/cp -af /etc/default_config/logrotate.conf /etc/config/ 2>/dev/null
fi
# Generate logrotate database if not exist.
if [ ! -d /etc/config/logrotate.d ]; then
/bin/cp -af /etc/default_config/logrotate.d /etc/config/ 2>/dev/null
fi
# # FIXME: so far only one single application 'samba', so comment out.
# # Generate new application into logrotate database.
# for application in `/bin/ls /etc/default_config/logrotate.d/`
# do
# if [ ! -f "/etc/config/logrotate.d/${application}" ]; then
# /bin/cp -af \
# /etc/default_config/logrotate.d/"${application}" \
# /etc/config/logrotate.d/
# fi
# done
}
# Add logrotate on crontab.
_add_logrotate_crontab()
{
logrotate_enable=`/sbin/getcfg SAMBA4 logrotate -d TRUE -u`
if [ "x${logrotate_enable}" != "xTRUE" ]; then
return
fi
if [ ! -x /usr/sbin/logrotate ]; then
return
fi
if [ ! -f /etc/config/logrotate.d/samba ]; then
return
fi
/bin/grep logrotate /etc/config/crontab >/dev/null 2>&1
logrotate_exist=$?
if [ "x${logrotate_exist}" == "x0" ]; then
return
fi
/bin/echo "0-59/20 * * * * /usr/sbin/logrotate /etc/config/logrotate.conf" >> /etc/config/crontab
/usr/bin/crontab /etc/config/crontab -c /tmp/cron/crontabs > /dev/null 2>&1
}
# Delete logrotate on crontab.
_delete_logrotate_crontab()
{
/bin/grep logrotate /etc/config/crontab >/dev/null 2>&1
logrotate_exist=$?
if [ "x${logrotate_exist}" == "x0" ]; then
/bin/sed -i '/logrotate/d' /etc/config/crontab > /dev/null 2>&1
/usr/bin/crontab /etc/config/crontab -c /tmp/cron/crontabs > /dev/null 2>&1
fi
}
# See how we were called.
case "$1" in
start)
_fix41beta
conv_old_msdfs
test -f ${smbd_bin} || exit 0
if [ `/sbin/getcfg Samba Enable -u -d TRUE` = FALSE ]
then
_del_home
_init_home
_del_qbox
echo "Starting SMB Services: disabled."
exit 0
fi
if [ x`/sbin/getcfg Samba "Win ACL" -u -d FALSE` = xTRUE ]; then
[ ! -f /usr/local/samba/lib/acl_xattr.so.disable ] || /bin/mv /usr/local/samba/lib/acl_xattr.so.disable /usr/local/samba/lib/acl_xattr.so 2>>/dev/null
else
[ ! -f /usr/local/samba/lib/acl_xattr.so ] || /bin/mv /usr/local/samba/lib/acl_xattr.so /usr/local/samba/lib/acl_xattr.so.disable 2>>/dev/null
fi
_init_smbconf
_init_logrotate_config
AD_CHECK=`/sbin/getcfg global "server role" -f $CONFIG`
if [ "$AD_CHECK" != "active directory domain controller" ]; then
_locks
fi
_init_group
_del_home
_del_qbox
/etc/init.d/winbind restart
_init_home
# for VioStor NVR
if [ -e /var/._viostor_ ] && [ -f /usr/bin/genSmbConfig ]; then
/usr/bin/genSmbConfig >& /tmp/genSmbConfigLogFile
fi
/bin/echo -n "Starting SMB services:"
MS_SERVER_TYPE=`/sbin/getcfg global "security" -f $CONFIG`
if [ "$MS_SERVER_TYPE" == "ADS" ] || [ "$AD_CHECK" == "active directory domain controller" ]; then
/sbin/setcfg "CP_PRIVSET" "computers" "1" -f "/etc/qos.ui.cp.conf"
/sbin/user_cmd -2 /etc/qos.ui.cp.conf > /home/httpd/cgi-bin/apps/systemPreferences/systemPreferences.json
else
/sbin/setcfg "CP_PRIVSET" "computers" "0" -f "/etc/qos.ui.cp.conf"
/sbin/user_cmd -2 /etc/qos.ui.cp.conf > /home/httpd/cgi-bin/apps/systemPreferences/systemPreferences.json
fi
if [ "$AD_CHECK" == "active directory domain controller" ]; then
/bin/echo "server role = active directory domain controller!!"
if [ "x$2" != "x" ]; then
/etc/init.d/smb.sh start_addc "$2"
else
/etc/init.d/smb.sh start_addc
fi
/bin/rm /mnt/HDA_ROOT/.domain_* -f
else
if [ -f /etc/samba4_flag ]; then
BACKEND=`/sbin/getcfg global "passdb backend" -f ${CONFIG}_org | grep ldapsam |grep 127.0.0.1`
if [ "x$BACKEND" != "x" ]; then
SERVER_CHECK=`ldapsearch`
if [ "x$SERVER_CHECK" == "x" ]; then
/bin/echo "local ldap server start!!"
/etc/init.d/ldap_server.sh start
fi
fi
fi
/sbin/setcfg global "server signing" "disabled" -f $CONFIG
/sbin/daemon_mgr smbd start "${smbd_bin} -l /var/log -D -s $CONFIG"
if [ "$?" = "0" ]; then echo -n " smbd"; fi
_set_cpu_core
nmbdpids=`pidof nmbd`
for pid in $nmbdpids; do
/bin/kill -TERM $pid 2>/dev/null 1>/dev/null
done
/sbin/daemon_mgr nmbd start "${nmbd_bin} -l /var/log -D -s $CONFIG"
if [ "$?" = "0" ]; then echo -n " nmbd"; fi
echo "."
touch /var/lock/subsys/smb
fi
#/sbin/storage_util --encrypted_share_startup >/dev/null 2>&1 &
E_CHECK=`/sbin/getcfg USB_QUICK_SHARE Enable -d 1`
USBQCHECK=`/sbin/getcfg USB_QUICK_SHARE mode -d 1`
if [ "x$E_CHECK" = "x1" ] && [ "x$USBQCHECK" = "x2" ]; then
#/bin/ls /sys/class/net/ -l | /bin/grep usb > /dev/null 2>&1
#if [ "x$?" == "x0" ]; then
USB_IF=`/sbin/getcfg USB_QUICK_SHARE interface`
#if [ "x$USB_IF" == "x" ]; then
# USB_IF=`/bin/ls /sys/class/net/ -l | /bin/grep usb | /bin/cut -d '>' -f2| /bin/sed 's/ //g' | /bin/sed 's/net/ /g' | /bin/cut -d ' ' -f 2 | /bin/sed 's/\///g'`
#fi
/sbin/ifconfig $USB_IF 2>/dev/null | grep "inet addr" > /dev/null 2>&1
if [ "x$?" == "x0" ] && [ "x$USB_IF" != "x" ]; then
/etc/init.d/smb.sh usb $USBQCHECK $USB_IF
fi
#fi
fi
## Bug#85261 & Bug#85262
/etc/init.d/bonjour.sh reload > /dev/null 2>&1
;;
stop)
echo -n "Shutting down SMB services:"
AD_CHECK=`/sbin/getcfg global "server role" -f $CONFIG`
if [ "$AD_CHECK" == "active directory domain controller" ]; then
/bin/echo "server role = active directory domain controller!!"
/etc/init.d/smb.sh stop_addc
/bin/rm /mnt/HDA_ROOT/.domain_* -f
else
## we have to get all the smbd process here instead of just the
## main parent (i.e. killproc) because it can take a long time
## for an individual process to process a TERM signal
smbdpids=`pidof smbd`
/sbin/daemon_mgr smbd stop ${smbd_bin}
for pid in $smbdpids; do
/bin/kill -TERM $pid 2>/dev/null 1>/dev/null
done
echo -n " smbd"
notifyd_cleanupd_pids=`pidof smbd-notifyd cleanupd`
for pid in $notifyd_cleanupd_pids; do
/bin/kill -KILL $pid 2>/dev/null 1>/dev/null
done
echo -n " smbd-notifyd cleanupd"
nmbdpids=`pidof nmbd`
/sbin/daemon_mgr nmbd stop ${nmbd_bin}
for pid in $nmbdpids; do
/bin/kill -TERM $pid 2>/dev/null 1>/dev/null
done
echo " nmbd."
/bin/rm -f /var/lock/subsys/smb
/bin/rm -f /var/lock/smbd.pid /var/lock/nmbd.pid
/etc/init.d/winbind stop
#if [ -f /etc/samba4_flag ]; then
# /bin/rm -rf /usr/local/samba/var/locks
#fi
BACKEND=`/sbin/getcfg global "passdb backend" -f $CONFIG | grep ldapsam`
if [ "x$BACKEND" != "x" ]; then
SERVER_CHECK=`ldapsearch`
if [ "x$SERVER_CHECK" != "x" ]; then
echo "ldap server live!!"
_del_group
else
echo "ldap server down!!"
fi
else
_del_group
fi
fi
if [ -f $USB_Q_CONFIG ]; then
USB_PID_P=`/sbin/getcfg global "pid directory" -f $USB_Q_CONFIG`
if [ -f ${USB_PID_P}/smbd.pid ]; then
/sbin/daemon_mgr smbd_usb stop "/usr/local/samba/sbin/smbd_usb -s $USB_Q_CONFIG -D"
/bin/kill -9 `cat ${USB_PID_P}/smbd.pid`
fi
fi
cache_path=`/sbin/getcfg global "cache directory" -d "${DEF_VOLMP}/.samba/cache" -f ${CONFIG}`
/bin/rm ${cache_path} -rf
_umount_messaging_tmpfs
_delete_logrotate_crontab
#/sbin/storage_util --encrypted_share_shutdown >/dev/null 2>&1
;;
nmbdrestart)
test -f ${smbd_bin} || exit 0
if [ `/sbin/getcfg Samba Enable -u -d TRUE` = FALSE ]
then
echo "Starting nmbd Services: disabled."
exit 0
fi
echo -n "Restarting nmbd services:"
nmbdpids=`pidof nmbd`
for pid in $nmbdpids; do
/bin/kill -TERM $pid 2>/dev/null 1>/dev/null
done
/sbin/daemon_mgr nmbd start "${nmbd_bin} -l /var/log -D -s $CONFIG"
if [ "$?" = "0" ]; then echo -n " nmbd"; fi
echo "."
echo "done."
;;
restart)
echo "Restarting SMB services:"
$0 stop
$0 start
echo "done."
;;
start_addc)
/bin/echo "SAMBA4 start ADDC"
/bin/rm $BACKUP_CHECK $SMB_DO_CMD -rf > /dev/null 2>&1
#BACKEND=`/sbin/getcfg global "passdb backend" -f ${CONFIG}_org | grep ldapsam |grep 127.0.0.1`
#if [ "x$BACKEND" != "x" ]; then
BACKEND=`/sbin/getcfg LDAP Enable`
if [ "x$BACKEND" == "xTRUE" ]; then
/sbin/setcfg LDAP Enable FALSE
_nsswitch_sh delete_ldap
fi
SERVER_CHECK=`ldapsearch`
if [ "x$SERVER_CHECK" != "x" ]; then
/bin/echo "ldap server live!!"
/etc/init.d/ldap_server.sh stop
else
/bin/echo "ldap server down!!"
fi
#fi
MODE_CHECK=`/sbin/getcfg SAMBA4 mode`
if [ "x$MODE_CHECK" == "x0" ]; then
_ad_resolv
if [ -f /usr/local/samba/private/krb5.conf ]; then
/bin/cp /usr/local/samba/private/krb5.conf /etc/config/ -f > /dev/null 2>&1
fi
else
if [ ! -f /etc/resolv_bak ]; then
/bin/cp /etc/resolv.conf /etc/resolv_bak > /dev/null 2>&1
fi
DNS=`/sbin/getcfg SAMBA4 dns`
RESOLV_CHECK=`grep $DNS /etc/resolv.conf`
if [ "x$RESOLV_CHECK" == "x" ]; then
/sbin/setcfg Network "DNS type" "manual"
/sbin/setcfg Network "Domain Name Server 1" "$DNS"
/etc/init.d/network.sh reconfig
fi
/bin/sed -i "/domain/d" /etc/resolv.conf
fi
/bin/rm ${SMB_PATH}/samba/private -rf
PRI_DIR=`/sbin/getcfg global "private dir" -f $CONFIG`
/bin/ln -sf $PRI_DIR ${SMB_PATH}/samba/private
if [ "x${DEF_VOLMP}" != "x" ]; then
/bin/mount -o remount,acl ${DEF_VOLMP}
fi
PLATFORM=`/sbin/getcfg "" "Platform" -f /etc/platform.conf`
if [ "x$PLATFORM" = "xARM_AL" ];then
/sbin/setcfg global "tls enabled" "no" -f $CONFIG
fi
/sbin/setcfg global "server signing" "required" -f $CONFIG
_nsswitch_sh append_winbind
/sbin/daemon_mgr smbd start "${smbd_bin} -s $CONFIG"
/usr/bin/killall smbd -q > /dev/null 2>&1
/sbin/daemon_mgr samba start "/usr/local/samba/sbin/samba -s $CONFIG"
for(( i=1; i<=10; i=i+1 ))
do
let p=10-i
if [ ! -f /usr/local/samba/var/run/samba.pid ] || [ ! -f /usr/local/samba/var/run/smbd.pid ]; then
/bin/echo "waitinig....$p"
/bin/sleep 1
fi
done
if [ ! -f /usr/local/samba/var/run/samba.pid ] || [ ! -f /usr/local/samba/var/run/smbd.pid ]; then
/bin/echo "samba4 addc enable error!!!!"
/etc/init.d/smb.sh addc_disable > /dev/null 2>&1
if [ "x$MODE_CHECK" == "x1" ] || [ "x$MODE_CHECK" == "x2" ]; then
/sbin/hwclock -s
fi
exit 1
fi
# Bug#79952, wbinfo authentication sometimes failed after NAS reboot.
# The root cause not sure, but usually happend on slower model, like TS-269 and TS-869.
# So we sleep a short time to make sure samba/smbd startup complete.
# In this case, sleep 5 seconds keep wbinfo authentication always successful.
sleep 5
_dns_update
/sbin/setcfg SAMBA4 enable 1
if [ "x$MODE_CHECK" != "x0" ] && [ "x$2" != "x" ]; then
admin_acc=`/sbin/getcfg SAMBA4 admin_account`
/usr/local/samba/bin/samba-tool drs kcc -U"$admin_acc"%"$2" $DNS > /dev/null 2>&1
fi
if [ "x$MODE_CHECK" == "x1" ] || [ "x$MODE_CHECK" == "x2" ]; then
/sbin/hwclock -w
fi
NTP_CHECK=`/sbin/getcfg NTP ntpd_enable -u`
if [ "x$NTP_CHECK" != "xTRUE" ]; then
/sbin/setcfg NTP ntpd_enable TRUE
/etc/init.d/ntpf.sh restart
fi
#QDNS_CHECK=`/sbin/getcfg QDNS Enable -u -d "FALSE" -f /etc/config/qpkg.conf`
#if [ "x$QDNS_CHECK" == "xTRUE" ]; then
# #/usr/sbin/rndc -c /etc/bind/default/rndc.conf reload
# if [ -f ${NAMED_RESTART} ]; then
# /etc/init.d/named.sh restart
# /bin/rm ${NAMED_RESTART} -rf
# fi
#fi
_add_logrotate_crontab
;;
stop_addc)
/bin/echo "SAMBA4 stop ADDC"
/sbin/daemon_mgr samba stop "/usr/local/samba/sbin/samba"
/sbin/daemon_mgr smbd stop "${smbd_bin}"
/bin/cat /usr/local/samba/var/run/*.pid|xargs /bin/kill -TERM > /dev/null 2>&1
/bin/rm /usr/local/samba/var/run/* -rf > /dev/null 2>&1
/bin/rm $BACKUP_CHECK $SMB_DO_CMD -rf > /dev/null 2>&1
PLATFORM=`/sbin/getcfg "" "Platform" -f /etc/platform.conf`
if [ "x$PLATFORM" = "xARM_AL" ];then
/sbin/setcfg -e global "tls enabled" -f $CONFIG
fi
/sbin/setcfg SAMBA4 enable 0
if [ "x${DEF_VOLMP}" != "x" ]; then
ACL_CHECK=`/sbin/getcfg System "ACL Enable" -d "FALSE"`
if [ "x${ACL_CHECK}" != "xTRUE" ]; then
/bin/mount -o remount,noacl ${DEF_VOLMP}
fi
fi
_delete_logrotate_crontab
_nsswitch_sh delete_winbind
;;
samba4_import)
/bin/echo "Import local group/user to SAMBA4"
if [ -d /usr/local/samba/private/sam.ldb.d ]; then
/bin/cp /etc/config/smbpasswd /tmp/smbpasswd_t -f > /dev/null 2>&1
/bin/sed -i "/admin/d" /tmp/smbpasswd_t
/bin/sed -i "/guest/d" /tmp/smbpasswd_t
/usr/local/samba/bin/pdbedit -i smbpasswd:/tmp/smbpasswd_t > /dev/null 2>&1
/bin/cp /etc/group /tmp/group_t -f > /dev/null 2>&1
/bin/sed -i "/guest/d" /tmp/group_t
/bin/cat /tmp/group_t | awk -F: '
$3>100 {
printf("/usr/local/samba/bin/samba-tool group add %s\n", $1);
printf("/usr/local/samba/bin/samba-tool group addmembers %s %s\n", $1, $4);
}' | /bin/sh
/bin/rm /tmp/smbpasswd_t -rf > /dev/null 2>&1
/bin/echo "OK"
else
/bin/echo "Failed: need samb.ldb"
fi
;;
upgrade_from_ldap_backend)
if [ ! "$2" ]; then
echo "usage: /etc/init.d/smb.sh upgrade_from_ldap_backend <administrator password>"
exit 1
fi
echo "upgrade_from_ldap_backend"
_backup_non_addc_conf
/usr/sbin/slapcat > /tmp/slapcat
i=1
CHECKER=`/bin/sed -n '/cn=Domain Users/,/sambaSID/p' /tmp/slapcat | grep sambaSID | cut -d "-" -f $i`
while [ "x$CHECKER" != "x" ]
do
RESULT=$CHECKER
let i=i+1
CHECKER=`/bin/sed -n '/cn=Domain Users/,/sambaSID/p' /tmp/slapcat | grep sambaSID | cut -d "-" -f $i`
done
if [ -f ${SMB_PATH}/samba/share/setup/provision_users.ldif ]; then
if [ -f ${SMB_PATH}/samba/share/setup/provision_users_org ]; then
/bin/cp ${SMB_PATH}/samba/share/setup/provision_users_org ${SMB_PATH}/samba/share/setup/provision_users.ldif
else
/bin/cp ${SMB_PATH}/samba/share/setup/provision_users.ldif ${SMB_PATH}/samba/share/setup/provision_users_org
fi
/bin/sed -i "s/\${DOMAINSID}-513/\${DOMAINSID}-${RESULT}/g" ${SMB_PATH}/samba/share/setup/provision_users.ldif
else
echo "no provision_users.ldif"
fi
/bin/cp ${CONFIG}_org ${SMB_PATH}/.samba_private_non_addc/smb.conf -rf
/sbin/setcfg -e global "server role" -f ${SMB_PATH}/.samba_private_non_addc/smb.conf
LDAP_SUFFIX=`/sbin/getcfg global "ldap suffix" -d "x" -f ${SMB_PATH}/.samba_private_non_addc/smb.conf`
i=1
F_CHECK="x"
CHECKER=`/bin/echo $LDAP_SUFFIX | cut -d "," -f $i`
while [ "x$CHECKER" != "x" ]
do
REALM_TMP=`/bin/echo $CHECKER | cut -d "=" -f 2`
if [ "$F_CHECK" == "x" ]; then
REALM=${REALM_TMP}
F_CHECK="y"
else
REALM=${REALM}.${REALM_TMP}
fi
let i=i+1
CHECKER=`/bin/echo $LDAP_SUFFIX | cut -d "," -f $i`
done
/usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=${SMB_PATH}/.samba_private_non_addc/ --use-xattrs=yes --realm=$REALM ${SMB_PATH}/.samba_private_non_addc/smb.conf
NB_NAME=`/sbin/getcfg global "netbios name" -d "QNAPNAS" -f $CONFIG`
IP_F=`/sbin/getcfg global "dns forwarder" -d "127.0.0.1" -f $CONFIG`
N_PATH=`/sbin/getcfg netlogon "path" -d "x" -f $CONFIG`
S_PATH=`/sbin/getcfg sysvol "path" -d "x" -f $CONFIG`
/bin/cp ${CONFIG}_org $CONFIG -rf
netbios_wrapper $2
domain_t=$netbios
/sbin/setcfg global realm $REALM -f $CONFIG
/sbin/setcfg global workgroup $domain_t -f $CONFIG
/sbin/setcfg global "netbios name" $NB_NAME -f $CONFIG
/sbin/setcfg global "server role" "active directory domain controller" -f $CONFIG
/sbin/setcfg global "dns forwarder" $IP_F -f $CONFIG
/sbin/setcfg global "guest account" guest -f $CONFIG
/sbin/setcfg global "idmap_ldb:use rfc2307" "yes" -f $CONFIG
/sbin/setcfg netlogon "comment" "netlogon" -f $CONFIG
/sbin/setcfg netlogon "path" $N_PATH -f $CONFIG
/sbin/setcfg netlogon "read only" no -f $CONFIG
/sbin/setcfg sysvol "comment" "sysvol" -f $CONFIG
/sbin/setcfg sysvol "path" $S_PATH -f $CONFIG
/sbin/setcfg sysvol "read only" no -f $CONFIG
/sbin/setcfg sysvol "inherit permissions" Yes -f $CONFIG
/sbin/setcfg sysvol "inherit owner" Yes -f $CONFIG
/sbin/setcfg sysvol "inherit acls" Yes -f $CONFIG
/bin/echo "/usr/local/samba/bin/samba-tool user setpassword administrator --newpassword='$2'" | /bin/sh
;;
addc_enable)
##DC
if [ "x$2" == "x0" ]; then
/bin/echo "addc_enable: Domain Controller"
ROLE_CHECK=`/sbin/getcfg global "server role" -d "x" -f ${CONFIG}`
if [ "$ROLE_CHECK" == "active directory domain controller" ]; then
DOMAIN_CHECK=`/sbin/getcfg global "realm" -f ${CONFIG}`
MODE_CHECK=`/sbin/getcfg SAMBA4 mode`
if [ "x$DOMAIN_CHECK" == "x$3" ] && [ "x$MODE_CHECK" == "x0" ]; then
if [ "x$4" != "x" ]; then
/usr/local/samba/bin/samba-tool user setpassword administrator --newpassword="$4" > /dev/null 2>&1
fi
/sbin/setcfg SAMBA4 mode $2
/sbin/setcfg Samba Enable TRUE
/etc/init.d/smb.sh restart
else
if [ ! "$3" ] || [ ! "$4" ]; then
echo "usage: /etc/init.d/smb.sh addc_enable 0 <realm> <administrator password>"
exit 1
fi
_samba_domain $2 $3 "$4"
/sbin/setcfg SAMBA4 mode $2
/sbin/setcfg Samba Enable TRUE
/etc/init.d/smb.sh start
fi
else
DOMAIN_CHECK=`/sbin/getcfg SAMBA4 "domain"`
if [ "x$DOMAIN_CHECK" != "x$3" ]; then
if [ ! "$3" ] || [ ! "$4" ]; then
echo "usage: /etc/init.d/smb.sh addc_enable 0 <realm> <administrator password>"
exit 1
fi
_backup_non_addc_conf
_samba_domain $2 $3 "$4"
/sbin/setcfg SAMBA4 mode $2
/sbin/setcfg Samba Enable TRUE
/etc/init.d/smb.sh start
else
/etc/init.d/smb.sh stop
_samba4_mode_change
if [ "x$4" != "x" ]; then
/bin/echo "/usr/local/samba/bin/samba-tool user setpassword administrator --newpassword='$4'" | /bin/sh
fi
/sbin/setcfg SAMBA4 mode $2
/sbin/setcfg Samba Enable TRUE
/etc/init.d/smb.sh start
fi
fi
/sbin/setcfg -e SAMBA4 dns
/sbin/setcfg -e SAMBA4 admin_account
##JOIN DOMAIN or RODC
elif [ "x$2" == "x1" ] || [ "x$2" == "x2" ]; then
if [ ! $3 ] || [ ! $4 ] || [ ! "$5" ] || [ ! "$6" ]; then
echo "usage: /etc/init.d/smb.sh addc_enable 1 <realm> <DNS> <administrator_account> <administrator_password>"
exit 1
fi
if [ "x$2" == "x1" ]; then
/bin/echo "addc_enable: Join Domain"
else
/bin/echo "addc_enable: Read-Only DC"
fi
#
# Bug#97283, check DNS IP validation first. If not, exit smb.sh
#
nslookup $3 $4
if [ $? != 0 ]; then
exit 1
fi
_samba_domain $2 $3 "$6" "$5" $4
/sbin/setcfg SAMBA4 mode $2
/sbin/setcfg SAMBA4 dns $4
/bin/echo "/sbin/setcfg SAMBA4 admin_account '$5'" | /bin/sh
/etc/init.d/smb.sh start "$6"
_modify_domain_usrs_xid
/etc/init.d/smb.sh restart
elif [ "x$2" == "x3" ]; then
ROLE_CHECK=`/sbin/getcfg global "server role" -d "x" -f ${CONFIG}`
if [ "$ROLE_CHECK" != "active directory domain controller" ]; then
/etc/init.d/smb.sh stop
_samba4_mode_change
fi
/sbin/setcfg Samba Enable TRUE
/etc/init.d/smb.sh start
else
echo "usage: Domain Controller :/etc/init.d/smb.sh addc_enable 0 <realm> <administrator password>"
echo "usage: Join Domain :/etc/init.d/smb.sh addc_enable 1 <realm> <DNS> <administrator_account> <administrator_password>"
echo "usage: Read-Only DC :/etc/init.d/smb.sh addc_enable 2 <realm> <DNS> <administrator_account> <administrator_password>"
/bin/echo "error"
exit 1
fi
/etc/init.d/network.sh write_hosts
QDNS_CHECK=`/sbin/getcfg QDNS Enable -u -d "FALSE" -f /etc/config/qpkg.conf`
if [ "x$QDNS_CHECK" == "xTRUE" ]; then
/bin/sed -i "/${DLZ_FILE}/d" /etc/bind/named.conf
/bin/echo "include \"${DEF_VOLMP}/${SMB_TARGET_NAME}/private/${DLZ_FILE}\";" >> /etc/bind/named.conf
/etc/init.d/named.sh restart
fi
# Bug#73378 incorrect acl on sysvol cause GPO fail
T_PATH=`/sbin/getcfg SAMBA4 TARGET_PATH`
if [ -d "${T_PATH}/state/sysvol" ]; then
DOMAIN_USERS_GID=`wbinfo --group-info="Domain Users" | cut -d ':' -f 3`
DOMAIN_ADMINS_GID=`wbinfo --group-info="Domain Admins" | cut -d ':' -f 3`
/usr/bin/setfacl -R -m g:${DOMAIN_ADMINS_GID}:rwx ${T_PATH}/state/sysvol
/usr/bin/setfacl -R -m d:g:${DOMAIN_ADMINS_GID}:rwx ${T_PATH}/state/sysvol
/usr/bin/setfacl -R -m g:${DOMAIN_USERS_GID}:rx ${T_PATH}/state/sysvol
/usr/bin/setfacl -R -m d:g:${DOMAIN_USERS_GID}:rx ${T_PATH}/state/sysvol
fi
_enable_GPO
;;
addc_disable)
ROLE_CHECK=`/sbin/getcfg global "server role" -d "x" -f ${CONFIG}`
if [ "$ROLE_CHECK" == "active directory domain controller" ]; then
/bin/echo "ADDC disable"
/etc/init.d/smb.sh stop
_samba4_mode_change
BACKEND=`/sbin/getcfg global "passdb backend" -f $CONFIG | grep ldapsam`
if [ "x$BACKEND" != "x" ]; then
/sbin/setcfg LDAP Enable TRUE
_nsswitch_sh append_ldap
fi
/etc/init.d/smb.sh start
/etc/init.d/network.sh write_hosts
QDNS_CHECK=`/sbin/getcfg QDNS Enable -u -d "FALSE" -f /etc/config/qpkg.conf`
if [ "x$QDNS_CHECK" == "xTRUE" ]; then
/bin/sed -i "/${DLZ_FILE}/d" /etc/bind/named.conf
#/bin/echo "include \"${DEF_VOLMP}/${SMB_TARGET_NAME}/private/${DLZ_FILE}\";" >> /etc/bind/named.conf
/etc/init.d/named.sh restart
fi
fi
/bin/kill `pidof qooba` &>/dev/null
;;
addc_backup)
/bin/touch $BACKUP_CHECK
while [ -f $SMB_DO_CMD ]
do
SMB_DO_CMD_CHECK=`/usr/bin/find $SMB_DO_CMD -mtime -1`
if [ "x$SMB_DO_CMD_CHECK" != "x" ]; then
#/bin/echo "$SMB_DO_CMD exist and be modified in the last full day ..."
/bin/sleep 1
else
#/bin/echo "I think $SMB_DO_CMD is already expired ..."
/bin/rm $SMB_DO_CMD -rf > /dev/null 2>&1
fi
done
ROLE_CHECK=`/sbin/getcfg global "server role" -d "x" -f ${CONFIG}`
if [ "$ROLE_CHECK" != "active directory domain controller" ]; then
if [ ! -f /etc/config/smb.conf_addc ]; then
/bin/echo "NO DC can be backup"
/bin/rm $BACKUP_CHECK > /dev/null 2>&1
exit 1
fi
/bin/cp /etc/config/uLinux.conf /tmp/samba4_back_uLinux.conf -f > /dev/null 2>&1
TARGET_PATH=`/sbin/getcfg SAMBA4 TARGET_PATH`
/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/private -name "*.ldb.bak" | xargs /bin/rm > /dev/null 2>&1
for ldb in `/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/private -name "*.ldb"`; do
/usr/local/samba/bin/tdbbackup $ldb
if [ $? -ne 0 ]; then
/bin/echo "Error while backuping $ldb"
/bin/rm $BACKUP_CHECK > /dev/null 2>&1
exit 1
fi
done
/bin/rm $BACKUP_TAR_LOG -f
/bin/echo "${NEW_TAR} --acls --xattrs -jcf '$2' ${DEF_VOLMP}/.samba_private_addc ${DEF_VOLMP}/.samba_locks_addc ${DEF_VOLMP}/.samba_lock_addc ${DEF_VOLMP}/.samba_cache_addc ${SMB_PATH}/samba/share /etc/config/smb.conf_addc /tmp/samba4_back_uLinux.conf $TARGET_PATH --exclude=*.ldb" | /bin/sh > /dev/null 2> $BACKUP_TAR_LOG
/bin/rm /tmp/samba4_back_uLinux.conf -f > /dev/null 2>&1
/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/private -name "*.ldb.bak" | xargs /bin/rm > /dev/null 2>&1
else
_backup_online "$2"
fi
if [ ! -f "$2" ]; then
/bin/echo "backup error!!!"
/bin/rm $BACKUP_CHECK > /dev/null 2>&1
exit 1
fi
/bin/rm $BACKUP_CHECK > /dev/null 2>&1
;;
addc_restore)
if [ ! -f "$2" ]; then
/bin/echo "No $2"
exit 1
fi
file_basename="`basename $2`"
/bin/rm /tmp/samba4_back_uLinux.conf > /dev/null 2>&1
${NEW_TAR} --acls --xattrs -jxf "$2" -C / tmp/samba4_back_uLinux.conf > /dev/null 2>&1
if [ $? != 0 ]; then
echo no uLinux.conf
exit 1
fi
${NEW_TAR} --acls --xattrs -jvtf "$2" | grep "^d.*.samba_target/cache" >/dev/null 2>&1
if [ $? != 0 ]; then
/sbin/write_log "[Domain Services] Domain controller restore fail - $file_basename does NOT include cache directory!! Please do another backup then restore later." 1 > /dev/null 2>&1
exit 1
fi
tar_model=`/sbin/getcfg System Model -f /tmp/samba4_back_uLinux.conf`
tar_name=`/sbin/getcfg System "Server Name" -f /tmp/samba4_back_uLinux.conf`
TARGET_PATH=`/sbin/getcfg SAMBA4 TARGET_PATH -f /tmp/samba4_back_uLinux.conf`
MOUNT_PATH=`/sbin/getcfg SAMBA4 MOUNT_PATH -f /tmp/samba4_back_uLinux.conf`
model_c=`/sbin/getcfg System Model`
name_c=`/sbin/getcfg System "Server Name"`
if [ "x$tar_model" != "x$model_c" ] || [ "x$tar_name" != "x$name_c" ] || [ "x$MOUNT_PATH" != "x$DEF_VOLMP" ]; then
echo "restore file does not belong to this machine!!"
/bin/rm /tmp/samba4_back_uLinux.conf > /dev/null 2>&1
/sbin/write_log "[Domain Services] Domain controller restore fail - restore file does not belong to this machine!! !!" 1 > /dev/null 2>&1
exit 2;
fi
if [ ! -d $MOUNT_PATH ] ; then
echo "Targetdir mount path: $MOUNT_PATH does not exist!!"
/bin/rm /tmp/samba4_back_uLinux.conf > /dev/null 2>&1
/sbin/write_log "[Domain Services] Domain controller restore fail - targetdir mount path \"$MOUNT_PATH\" does not exist" 1 > /dev/null 2>&1
exit 2;
fi
/bin/rm /tmp/samba4_back_uLinux.conf > /dev/null 2>&1
/etc/init.d/smb.sh addc_disable
/etc/init.d/smb.sh stop
if [ ! -f /etc/config/smb.conf_addc ]; then
NO_DC_PROVISION=1
/bin/cp /etc/config/smb.conf /tmp/dc_restore_backup_smb.conf -rf > /dev/null 2>&1
else
/bin/cp /etc/config/uLinux.conf ${DEF_VOLMP}/.samba_private_addc/uLinux.conf -rf > /dev/null 2>&1
TARGET_PATH_o=`/sbin/getcfg SAMBA4 TARGET_PATH -f ${DEF_VOLMP}/.samba_private_addc/uLinux.conf`
if [ "x$TARGET_PATH_o" != "x" ]; then
/bin/mv ${TARGET_PATH_o} ${TARGET_PATH_o}_o > /dev/null 2>&1
fi
/bin/mv ${DEF_VOLMP}/.samba_private_addc /${DEF_VOLMP}/.samba_private_addc_o > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_locks_addc /${DEF_VOLMP}/.samba_locks_addc_o > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_lock_addc /${DEF_VOLMP}/.samba_lock_addc_o > /dev/null 2>&1
/bin/mv ${DEF_VOLMP}/.samba_cache_addc /${DEF_VOLMP}/.samba_cache_addc_o > /dev/null 2>&1
/bin/mv /etc/config/smb.conf_addc /etc/config/smb.conf_addc_o > /dev/null 2>&1
/bin/mv ${SMB_PATH}/samba/share /${DEF_VOLMP}/.share_o > /dev/null 2>&1
fi
/bin/echo "${NEW_TAR} --acls --xattrs -jxf '$2' -C / " | /bin/sh > /dev/null 2>&1
if [ ! -d ${DEF_VOLMP}/.samba_private_addc ] || [ ! -d ${DEF_VOLMP}/.samba_locks_addc ] || [ ! -d ${DEF_VOLMP}/.samba_lock_addc ] || [ ! -d ${DEF_VOLMP}/.samba_cache_addc ] || [ ! -f /etc/config/smb.conf_addc ] || [ ! -d ${SMB_PATH}/samba/share ]; then
/bin/echo "restore file error!!"
/sbin/write_log "[Domain Services] Domain controller restore fail - restore file error" 1 > /dev/null 2>&1
exit 1
fi
domain_t=`/sbin/getcfg SAMBA4 domain -f /tmp/samba4_back_uLinux.conf`
mode_t=`/sbin/getcfg SAMBA4 mode -f /tmp/samba4_back_uLinux.conf`
dns_t=`/sbin/getcfg SAMBA4 dns -f /tmp/samba4_back_uLinux.conf`
admin_account=`/sbin/getcfg SAMBA4 admin_account -f /tmp/samba4_back_uLinux.conf`
DC_IP=`/sbin/getcfg SAMBA4 DC_IP -f /tmp/samba4_back_uLinux.conf`
/bin/rm /tmp/samba4_back_uLinux.conf -f > /dev/null 2>&1
/sbin/setcfg SAMBA4 domain $domain_t
/sbin/setcfg SAMBA4 mode $mode_t
if [ "x$mode_t" != "x0" ]; then
/sbin/setcfg SAMBA4 dns $dns_t
/bin/echo "/sbin/setcfg SAMBA4 admin_account '$admin_account'" | /bin/sh
fi
/sbin/setcfg SAMBA4 DC_IP $DC_IP
if [ "x$TARGET_PATH" != "x" ]; then
/sbin/setcfg SAMBA4 TARGET_PATH $TARGET_PATH
fi
_samba4_mode_change
/sbin/setcfg Samba Enable TRUE
/sbin/setcfg global "panic action" "/bin/echo samba panic" -f ${CONFIG}
/usr/bin/find /usr/local/samba/private/ -type f -name '*.ldb.bak' | while read f;do /bin/mv "$f" "${f%.bak}"; done
/usr/bin/find ${DEF_VOLMP}/${SMB_TARGET_NAME}/ -type f -name '*.tdb.bak' | while read f;do /bin/mv "$f" "${f%.bak}"; done
/etc/init.d/smb.sh start
check_t1=`pidof samba`
check_t2=`pidof smbd`
if [ "x$check_t1" == "x" ] || [ "x$check_t2" == "x" ]; then
/bin/echo "restore error!!"
/bin/rm ${DEF_VOLMP}/.samba_private_addc ${DEF_VOLMP}/.samba_locks_addc ${DEF_VOLMP}/.samba_lock_addc ${DEF_VOLMP}/.samba_cache_addc /etc/config/smb.conf_addc ${SMB_PATH}/samba/share $TARGET_PATH -rf > /dev/null 2>&1
if [ $NO_DC_PROVISION == 1 ]; then
/etc/init.d/smb.sh reinstall_samba
/bin/cp /tmp/dc_restore_backup_smb.conf /etc/config/smb.conf
/etc/init.d/smb.sh restart
else
if [ "x$TARGET_PATH_o" != "x" ]; then
/bin/mv ${TARGET_PATH_o}_o ${TARGET_PATH_o} > /dev/null 2>&1
fi
/bin/mv /${DEF_VOLMP}/.samba_private_addc_o ${DEF_VOLMP}/.samba_private_addc > /dev/null 2>&1
/bin/mv /${DEF_VOLMP}/.samba_locks_addc_o ${DEF_VOLMP}/.samba_locks_addc > /dev/null 2>&1
/bin/mv /${DEF_VOLMP}/.samba_lock_addc_o ${DEF_VOLMP}/.samba_lock_addc > /dev/null 2>&1
/bin/mv /${DEF_VOLMP}/.samba_cache_addc_o ${DEF_VOLMP}/.samba_cache_addc > /dev/null 2>&1
/bin/mv /etc/config/smb.conf_addc_o /etc/config/smb.conf_addc > /dev/null 2>&1
/bin/mv /${DEF_VOLMP}/.share_o ${SMB_PATH}/samba/share > /dev/null 2>&1
domain_t=`/sbin/getcfg SAMBA4 domain -f ${DEF_VOLMP}/.samba_private_addc/uLinux.conf`
mode_t=`/sbin/getcfg SAMBA4 mode -f ${DEF_VOLMP}/.samba_private_addc/uLinux.conf`
dns_t=`/sbin/getcfg SAMBA4 dns -f ${DEF_VOLMP}/.samba_private_addc/uLinux.conf`
admin_account=`/sbin/getcfg SAMBA4 admin_account -f ${DEF_VOLMP}/.samba_private_addc/uLinux.conf`
DC_IP=`/sbin/getcfg SAMBA4 DC_IP -f ${DEF_VOLMP}/.samba_private_addc/uLinux.conf`
/bin/rm ${DEF_VOLMP}/.samba_private_addc/uLinux.conf
/sbin/setcfg SAMBA4 domain $domain_t
/sbin/setcfg SAMBA4 mode $mode_t
if [ "x$mode_t" != "x0" ]; then
/sbin/setcfg SAMBA4 dns $dns_t
/bin/echo "/sbin/setcfg SAMBA4 admin_account '$admin_account'" | /bin/sh
fi
/sbin/setcfg SAMBA4 DC_IP $DC_IP
if [ "x$TARGET_PATH_o" != "x" ]; then
/sbin/setcfg SAMBA4 TARGET_PATH $TARGET_PATH_o
fi
_samba4_mode_change
/sbin/setcfg Samba Enable TRUE
/etc/init.d/smb.sh start
fi
exit 1
fi
if [ "x$NO_DC_PROVISION" != "x1" ]; then
/bin/rm /${DEF_VOLMP}/.samba_private_addc_o /${DEF_VOLMP}/.samba_locks_addc_o /${DEF_VOLMP}/.samba_lock_addc_o /${DEF_VOLMP}/.samba_cache_addc_o /etc/config/smb.conf_addc_o /${DEF_VOLMP}/.share_o ${TARGET_PATH_o}_o -rf
#> /dev/null 2>&1
fi
#/usr/local/samba/bin/samba-tool ntacl sysvolreset > /dev/null 2>&1
# Bug#73378 incorrect acl on sysvol cause GPO fail
if [ -d "${TARGET_PATH}/state/sysvol" ]; then
DOMAIN_USERS_GID=`wbinfo --group-info="Domain Users" | cut -d ':' -f 3`
DOMAIN_ADMINS_GID=`wbinfo --group-info="Domain Admins" | cut -d ':' -f 3`
/usr/bin/setfacl -R -m g:${DOMAIN_ADMINS_GID}:rwx ${TARGET_PATH}/state/sysvol
/usr/bin/setfacl -R -m d:g:${DOMAIN_ADMINS_GID}:rwx ${TARGET_PATH}/state/sysvol
/usr/bin/setfacl -R -m g:${DOMAIN_USERS_GID}:rx ${TARGET_PATH}/state/sysvol
/usr/bin/setfacl -R -m d:g:${DOMAIN_USERS_GID}:rx ${TARGET_PATH}/state/sysvol
fi
;;
addc_backupf)
name_t=`/sbin/getcfg SAMBA4 "bk_dest"`
if [ "x$name_t" == "x" ]; then
/bin/echo "no dest!!"
exit 1;
fi
# Bug#82501, check bk_dest in locked volume or not. If yes, pop-up event notifications
check_basedir=`/bin/echo ${name_t} | cut -d '/' -f 2`
bk_basedir=`readlink "/share/${check_basedir}" | cut -d '/' -f 1`
mount | grep "on /share/"${bk_basedir}" "
if [ $? -ne 0 ]; then
/sbin/log_tool -a "[Domain Services] Job domain controller backup failed: All folder pairs are invalid or inaccessible"'!' -t 1
exit 1;
fi
name_t2=`/bin/echo $name_t | /bin/cut -d '/' -f 2`
path_t=`/sbin/getcfg "$name_t2" "path" -f $CONFIG`
if [ "x$path_t" != "x" ]; then
name_t3=`/bin/echo $name_t | /bin/sed "s/^\/$name_t2//g"`
dest_t="${path_t}${name_t3}"
else
dest_t="${name_t}"
fi
if [ ! -d "$dest_t" ]; then
/bin/mkdir -p "$dest_t"
fi
overwrite_t=`/sbin/getcfg SAMBA4 "bk_overwrite" -d 1`
if [ "x$overwrite_t" == "x1" ]; then
fullpath_t="${dest_t}/${BACKUP_NAME}.exp"
else
date_t=`/bin/date --date="now" +%Y_%m_%d`
fullpath_t="${dest_t}/${BACKUP_NAME}${date_t}.exp"
fi
/sbin/write_log "[Domain Services] An ADDC database backup to $fullpath_t started." 4 > /dev/null 2>&1
/etc/init.d/smb.sh addc_backup "$fullpath_t" > /dev/null 2>&1
if [ "x$?" == "x1" ]; then
if [ -f $BACKUP_TAR_LOG ]; then
/bin/sed -i "/socket ignored/d" $BACKUP_TAR_LOG
/bin/sed -i "/Removing leading/d" $BACKUP_TAR_LOG
TAR_LOG=`/bin/cat $BACKUP_TAR_LOG`
if [ "x$TAR_LOG" != "x" ];then
/sbin/write_log "[Domain Services] Log of ADDC database backup to $fullpath_t: $TAR_LOG" 2 > /dev/null 2>&1
fi
/bin/rm $BACKUP_TAR_LOG -f
fi
/sbin/write_log "[Domain Services] An ADDC database backup to $fullpath_t failed." 1 > /dev/null 2>&1
else
if [ -f $BACKUP_TAR_LOG ]; then
/bin/sed -i "/socket ignored/d" $BACKUP_TAR_LOG
/bin/sed -i "/Removing leading/d" $BACKUP_TAR_LOG
TAR_LOG=`/bin/cat $BACKUP_TAR_LOG`
if [ "x$TAR_LOG" != "x" ];then
/sbin/write_log "[Domain Services] Log of ADDC database backup to $fullpath_t: $TAR_LOG" 2 > /dev/null 2>&1
fi
/bin/rm $BACKUP_TAR_LOG -f
fi
/sbin/write_log "[Domain Services] An ADDC database backup to $fullpath_t was successful." 4 > /dev/null 2>&1
fi
final_t=`/sbin/getcfg SAMBA4 "enable"`
if [ "x$final_t" != "x1" ]; then
/sbin/setcfg SAMBA4 backup_enable FALSE
/bin/sed -i '/smb.sh addc_backupf/d' /etc/config/crontab > /dev/null 2>&1
/usr/bin/crontab /etc/config/crontab -c /tmp/cron/crontabs > /dev/null 2>&1
fi
;;
clean_dc)
/etc/init.d/smb.sh addc_disable
/etc/init.d/smb.sh stop
/bin/rm ${SMB_PATH}/.samba_* ${CONFIG}_* -rf > /dev/null 2>&1
T_PATH=`/sbin/getcfg SAMBA4 TARGET_PATH`
/bin/rm ${T_PATH} -rf
/sbin/setcfg -e SAMBA4 domain
/sbin/setcfg -e SAMBA4 mode
/sbin/setcfg -e SAMBA4 dns
/sbin/setcfg -e SAMBA4 admin_account
/sbin/setcfg -e SAMBA4 enable
/sbin/setcfg -e SAMBA4 backup_enable
/sbin/setcfg -e SAMBA4 bk_freq
/sbin/setcfg -e SAMBA4 bk_start
/sbin/setcfg -e SAMBA4 bk_dest
/sbin/setcfg -e SAMBA4 bk_overwrite
/sbin/setcfg -e SAMBA4 DC_IP
/sbin/setcfg -e SAMBA4 TARGET_PATH
/sbin/setcfg -e SAMBA4 MOUNT_PATH
/sbin/setcfg -e SAMBA4 vol_no
/bin/sed -i '/smb.sh addc_backupf/d' /etc/config/crontab > /dev/null 2>&1
/usr/bin/crontab /etc/config/crontab -c /tmp/cron/crontabs > /dev/null 2>&1
/etc/init.d/smb.sh start
;;
addc_reset)
MODE_CHECK=`/sbin/getcfg SAMBA4 mode`
if [ "x$MODE_CHECK" != "x0" ]; then
echo "mode is not 0!!!!"
exit 1
fi
if [ "x$2" == "x" ]; then
echo "Please input password!!!!"
exit 1
fi
/etc/init.d/smb.sh addc_disable
/etc/init.d/smb.sh stop
DOMAIN_t=`/sbin/getcfg SAMBA4 domain`
MOUNT_PATH=`/sbin/getcfg SAMBA4 MOUNT_PATH`
/bin/rm ${SMB_PATH}/.samba_* ${CONFIG}_* -rf > /dev/null 2>&1
/sbin/setcfg -e SAMBA4 domain
/sbin/setcfg -e SAMBA4 mode
/sbin/setcfg -e SAMBA4 dns
/sbin/setcfg -e SAMBA4 admin_account
/sbin/setcfg -e SAMBA4 enable
/sbin/setcfg -e SAMBA4 backup_enable
/sbin/setcfg -e SAMBA4 bk_freq
/sbin/setcfg -e SAMBA4 bk_start
/sbin/setcfg -e SAMBA4 bk_dest
/sbin/setcfg -e SAMBA4 bk_overwrite
/sbin/setcfg -e SAMBA4 DC_IP
/sbin/setcfg -e SAMBA4 TARGET_PATH
/sbin/setcfg -e SAMBA4 MOUNT_PATH
/sbin/setcfg -e SAMBA4 vol_no
/bin/sed -i '/smb.sh addc_backupf/d' /etc/config/crontab > /dev/null 2>&1
/usr/bin/crontab /etc/config/crontab -c /tmp/cron/crontabs > /dev/null 2>&1
_backup_non_addc_conf
_samba_domain 0 $DOMAIN_t "$2"
/sbin/setcfg SAMBA4 mode 0
/sbin/setcfg Samba Enable TRUE
/etc/init.d/smb.sh start
;;
reinstall_samba)
if [ -f /mnt/HDA_ROOT/update_pkg/samba4.tgz ]; then
/bin/echo "reinstall samba!!!!"
T_PATH=`/sbin/getcfg SAMBA4 TARGET_PATH`
if [ "x$2" != "xkeep" ]; then
/etc/init.d/smb.sh addc_disable
fi
/etc/init.d/smb.sh stop
/usr/bin/killall net > /dev/null 2>&1
/usr/bin/killall smbd > /dev/null 2>&1
/usr/bin/killall nmbd > /dev/null 2>&1
/usr/bin/killall samba > /dev/null 2>&1
/bin/rm ${SMB_PATH}/samba* /etc/config/smb.conf_* $T_PATH ${DEF_VOLMP}/.samba* -rf > /dev/null 2>&1
/sbin/setcfg -e SAMBA4 domain
/sbin/setcfg -e SAMBA4 mode
/sbin/setcfg -e SAMBA4 dns
/sbin/setcfg -e SAMBA4 admin_account
/sbin/setcfg -e SAMBA4 enable
/sbin/setcfg -e SAMBA4 backup_enable
/sbin/setcfg -e SAMBA4 bk_freq
/sbin/setcfg -e SAMBA4 bk_start
/sbin/setcfg -e SAMBA4 bk_dest
/sbin/setcfg -e SAMBA4 bk_overwrite
/sbin/setcfg -e SAMBA4 DC_IP
/sbin/setcfg -e SAMBA4 TARGET_PATH
/sbin/setcfg -e SAMBA4 MOUNT_PATH
/sbin/setcfg -e SAMBA4 vol_no
/bin/sed -i '/smb.sh addc_backupf/d' /etc/config/crontab > /dev/null 2>&1
/usr/bin/crontab /etc/config/crontab -c /tmp/cron/crontabs > /dev/null 2>&1
/etc/init.d/installtgz.sh samba4 /mnt/HDA_ROOT/update_pkg/samba4.tgz
if [ "x$2" != "xkeep" ]; then
/bin/cp /etc/default_config/smb.conf /etc/config/smb.conf > /dev/null 2>&1
/bin/mkdir -p ${DEF_VOLMP}/Public
/sbin/setcfg "Public" "comment" "System default share" -f ${CONFIG}
/sbin/setcfg "Public" "path" "${DEF_VOLMP}/Public" -f ${CONFIG}
/sbin/setcfg "Public" "browsable" "yes" -f ${CONFIG}
/sbin/setcfg "Public" "oplocks" "yes" -f ${CONFIG}
/sbin/setcfg "Public" "ftp write only" "no" -f ${CONFIG}
/sbin/setcfg "Public" "recycle bin" "yes" -f ${CONFIG}
/sbin/setcfg "Public" "recycle bin administrators only" "no" -f ${CONFIG}
/sbin/setcfg "Public" "public" "yes" -f ${CONFIG}
/sbin/setcfg "Public" "invalid users" "guest" -f ${CONFIG}
/sbin/setcfg "Public" "read list" "@\"everyone\"" -f ${CONFIG}
/sbin/setcfg "Public" "write list" "admin" -f ${CONFIG}
/sbin/setcfg "Public" "valid users" "root,@\"everyone\",admin" -f ${CONFIG}
/sbin/setcfg "Public" "inherit permissions" "yes" -f ${CONFIG}
/sbin/setcfg "Public" "smb encrypt" "disabled" -f ${CONFIG}
fi
/etc/init.d/smb.sh restart
else
/bin/echo "NO /mnt/HDA_ROOT/update_pkg/samba4.tgz"
fi
;;
import_csv)
/usr/local/samba/bin/samba-tool domain passwordsettings set --complexity=off
/usr/local/samba/bin/samba-tool domain passwordsettings set --min-pwd-length=1
/bin/cat $2 | while read line
do
id_t=`/bin/echo $line | /bin/cut -d ',' -f1`
pw_t=`/bin/echo $line | /bin/cut -d ',' -f2`
desc_t=`/bin/echo $line | /bin/cut -d ',' -f3`
email_t=`/bin/echo $line | /bin/cut -d ',' -f4`
if [ "x$id_t" == "x" ]; then
/bin/echo "id is null!!"
exit 1;
fi
if [ "x$pw_t" == "x" ]; then
/bin/echo "pw is null!!"
exit 1;
fi
cmd_t="/usr/local/samba/bin/samba-tool user add $id_t $pw_t"
if [ "x$desc_t" != "x" ]; then
cmd_t="${cmd_t} --description=\"'${desc_t}'\""
fi
if [ "x$email_t" != "x" ]; then
cmd_t="${cmd_t} --mail-address=\"'${email_t}'\""
fi
${cmd_t} > /dev/null
done
/usr/local/samba/bin/samba-tool domain passwordsettings set --complexity=on
/usr/local/samba/bin/samba-tool domain passwordsettings set --min-pwd-length=7
;;
create_home)
/bin/mkdir -m 1700 -p $3
/bin/chown $2 $3
;;
samba4_dnsupdate)
_dns_update
;;
replace_fail_dc_in_dns)
if [ ! "$2" ] || [ ! "$3" ] || [ ! "$4" ]; then
echo "usage: /etc/init.d/smb.sh replace_failed_dc_in_dns <realm> <orginal_hostname> <new_hostname>"
exit 1
fi
#_update_dns_after_fsmo $2 $3 $4
_seize_pdc_in_dns $2 $3 $4
;;
seize_pdc_in_dns)
if [ ! "$2" ] || [ ! "$3" ] || [ ! "$4" ]; then
echo "usage: /etc/init.d/smb.sh seize_pdc_in_dns <realm> <orginal_hostname> <new_hostname>"
exit 1
fi
_seize_pdc_in_dns $2 $3 $4
;;
panic)
echo "samba panic action"
killall net
killall smbd
killall nmbd
killall samba
killall smb.sh
;;
multiple_dc_check)
_dc_check $2
if [ $? = 1 ]; then
exit 1
fi
;;
clear_wbcache_ndr_u)
if [ -f /usr/local/samba/var/locks/winbindd_cache.tdb ]; then
/usr/local/samba/bin/tdbdump /usr/local/samba/var/locks/winbindd_cache.tdb | grep \"NDR\/ | cut -d "\"" -f 2 | while read -r line
do
/usr/local/samba/bin/tdbtool /usr/local/samba/var/locks/winbindd_cache.tdb delete ${line}
done
/usr/local/samba/bin/tdbdump /usr/local/samba/var/locks/winbindd_cache.tdb | grep \"U\/ | cut -d "\"" -f 2 | while read -r line
do
/usr/local/samba/bin/tdbtool /usr/local/samba/var/locks/winbindd_cache.tdb delete ${line}
done
fi
;;
clear_bad_cache)
WBCACHE_PATH=`/sbin/getcfg global "state directory" -d "/usr/local/samba/var/locks" -f $CONFIG`
WBCACHE="${WBCACHE_PATH}/winbindd_cache.tdb"
GENCACHE_PATH=`/sbin/getcfg global "cache directory" -d "/usr/local/samba/var/cache" -f $CONFIG`
GENCACHE="${GENCACHE_PATH}/gencache.tdb"
if [ -f $WBCACHE ]; then
/usr/local/samba/bin/tdbdump $WBCACHE | grep \"NDR\/ | cut -d "\"" -f 2 | while read -r line
do
/usr/local/samba/bin/tdbtool $WBCACHE delete ${line}
done
fi
if [ -f $GENCACHE ]; then
/usr/local/samba/bin/tdbdump $GENCACHE | grep \"NEG_CONN_CACHE\/ | cut -d "\"" -f 2 | while read -r line
do
/usr/local/samba/bin/tdbtool $GENCACHE delete ${line}
done
fi
;;
usb)
MODEL_CHECK=`/sbin/hal_app --check_qa_port_support`
if [ "x$MODEL_CHECK" != "xyes" ];then
exit 0
fi
if [ "x$2" == "x0" ] || [ "x$2" == "x1" ];then
E_CHECK=`/sbin/getcfg USB_QUICK_SHARE Enable -d 1`
if [ "x$E_CHECK" = "x0" ] && [ "x$2" == "x1" ]; then
/sbin/setcfg USB_QUICK_SHARE Enable 1
/etc/init.d/smb.sh usb 4 > /dev/null 2>&1
else
if [ -f $USB_Q_CONFIG ]; then
USB_PID_P=`/sbin/getcfg global "pid directory" -f $USB_Q_CONFIG`
if [ -f ${USB_PID_P}/smbd.pid ]; then
/sbin/daemon_mgr smbd_usb stop "/usr/local/samba/sbin/smbd_usb -s $USB_Q_CONFIG -D"
/bin/kill -9 `cat ${USB_PID_P}/smbd.pid`
fi
fi
/sbin/setcfg -e -f $CONFIG global "usb interface"
/bin/cat $CONFIG | /bin/grep "\[" | /bin/grep -v '\[global\]' | /bin/grep -v '\[printers\]' | sed 's/\[//g'| sed 's/\]//g' |while read line
do
/sbin/setcfg -e -f $CONFIG "$line" "usb users"
done
/bin/kill -HUP `/sbin/pidof smbd` 2>/dev/null 1>/dev/null
/bin/kill -HUP `/sbin/pidof nmbd` 2>/dev/null 1>/dev/null
if [ "x$2" == "x1" ]; then
C_CHECK=`/sbin/getcfg USB_QUICK_SHARE mode`
if [ "x$C_CHECK" != "x$2" ]; then
/sbin/setcfg USB_QUICK_SHARE Enable 1
/sbin/setcfg USB_QUICK_SHARE mode $2
/sbin/write_log "[Network & Virtual Switch] [USB QuickAccess] Switch authentication to \"All NAS Users\"." 4 > /dev/null 2>&1
fi
else
/sbin/setcfg USB_QUICK_SHARE Enable $2
fi
fi
elif [ "x$2" == "x2" ];then
#/bin/ls /sys/class/net/ -l | /bin/grep usb > /dev/null 2>&1
#if [ "x$?" == "x0" ]; then
if [ "x$3" != "x" ]; then
USB_IF="$3"
else
USB_IF=`/sbin/getcfg USB_QUICK_SHARE interface`
#if [ "x$USB_IF" == "x" ]; then
# USB_IF=`/bin/ls /sys/class/net/ -l | /bin/grep usb | /bin/cut -d '>' -f2| /bin/sed 's/ //g' | /bin/sed 's/net/ /g' | /bin/cut -d ' ' -f 2 | /bin/sed 's/\///g'`
#fi
fi
if [ -f $USB_Q_CONFIG ]; then
USB_PID_P=`/sbin/getcfg global "pid directory" -f $USB_Q_CONFIG`
if [ -f ${USB_PID_P}/smbd.pid ] && [ "x$4" != "xreload" ]; then
/sbin/daemon_mgr smbd_usb stop "/usr/local/samba/sbin/smbd_usb -s $USB_Q_CONFIG -D"
/bin/kill -9 `/bin/cat ${USB_PID_P}/smbd.pid`
fi
fi
create_smb_usb_conf $USB_IF reload
/sbin/setcfg -e -f $USB_Q_CONFIG global "usb interface"
/sbin/setcfg -e -f $CONFIG global "usb interface"
/bin/cat $USB_Q_CONFIG | /bin/grep "\[" | /bin/grep -v '\[global\]' | /bin/grep -v '\[printers\]' | sed 's/\[//g'| sed 's/\]//g' |while read line
do
/sbin/setcfg -e -f $USB_Q_CONFIG "$line" "invalid users"
/sbin/setcfg -e -f $USB_Q_CONFIG "$line" "read list"
/sbin/setcfg -e -f $USB_Q_CONFIG "$line" "write list"
/sbin/setcfg -e -f $USB_Q_CONFIG "$line" "valid users"
/sbin/setcfg -e -f $USB_Q_CONFIG "$line" "usb users"
/sbin/setcfg -e -f $CONFIG "$line" "usb users"
/sbin/setcfg -f $USB_Q_CONFIG "$line" "guest ok" yes
/sbin/setcfg -f $USB_Q_CONFIG "$line" "read only" no
/sbin/setcfg -f $USB_Q_CONFIG "$line" "valid users" "\"guest\",\"admin\""
/sbin/setcfg -f $USB_Q_CONFIG "$line" "admin users" guest
/sbin/setcfg -f $USB_Q_CONFIG "$line" "force group" administrators
done
/sbin/setcfg -f $USB_Q_CONFIG home "path" ${DEF_VOLMP}/homes/admin
/sbin/setcfg -f $USB_Q_CONFIG home "shadow:basedir" ${DEF_VOLMP}/homes/admin
/sbin/setcfg USB_QUICK_SHARE interface "$USB_IF"
C_CHECK=`/sbin/getcfg USB_QUICK_SHARE mode`
if [ "x$C_CHECK" != "x$2" ]; then
/sbin/setcfg USB_QUICK_SHARE Enable 1
/sbin/setcfg USB_QUICK_SHARE mode $2
/sbin/write_log "[Network & Virtual Switch] [USB QuickAccess] Switch authentication to \"Everyone\"." 4 > /dev/null 2>&1
fi
ad_check="`/sbin/getcfg global "server role" -f ${CONFIG} -d AUTO`"
if [ "x$ad_check" = "xactive directory domain controller" ]; then
SMB_PID_P="/usr/local/samba/var/run"
else
SMB_PID_P=`/sbin/getcfg global "pid directory" -f $CONFIG`
fi
if [ -f ${SMB_PID_P}/smbd.pid ]; then
if [ -f ${USB_PID_P}/smbd.pid ] && [ "x$4" == "xreload" ]; then
/bin/kill -HUP `/sbin/pidof smbd` 2>/dev/null 1>/dev/null
/bin/kill -HUP `/sbin/pidof nmbd` 2>/dev/null 1>/dev/null
else
/sbin/ifconfig $USB_IF 2>/dev/null | grep "inet addr" > /dev/null 2>&1
if [ "x$?" == "x0" ]; then
/bin/ln -sf /usr/local/samba/sbin/smbd /usr/local/samba/sbin/smbd_usb
/sbin/daemon_mgr smbd_usb start "/usr/local/samba/sbin/smbd_usb -s $USB_Q_CONFIG -D"
fi
fi
fi
#fi
elif [ "x$2" == "x3" ];then
#/bin/ls /sys/class/net/ -l | /bin/grep usb > /dev/null 2>&1
#if [ "x$?" == "x0" ]; then
if [ "x$3" != "x" ]; then
USB_IF="$3"
else
USB_IF=`/sbin/getcfg USB_QUICK_SHARE interface`
#if [ "x$USB_IF" == "x" ]; then
# USB_IF=`/bin/ls /sys/class/net/ -l | /bin/grep usb | /bin/cut -d '>' -f2| /bin/sed 's/ //g' | /bin/sed 's/net/ /g' | /bin/cut -d ' ' -f 2 | /bin/sed 's/\///g'`
#fi
fi
/sbin/setcfg -f $CONFIG global "usb interface" $USB_IF
/bin/cat $CONFIG | /bin/grep "\[" | /bin/grep -v '\[global\]' | /bin/grep -v '\[home\]' | /bin/grep -v '\[printers\]' | sed 's/\[//g'| sed 's/\]//g' |while read line
do
set_usb_account "$line"
done
/sbin/setcfg USB_QUICK_SHARE interface "$USB_IF"
if [ -f $USB_Q_CONFIG ]; then
USB_PID_P=`/sbin/getcfg global "pid directory" -f $USB_Q_CONFIG`
if [ -f ${USB_PID_P}/smbd.pid ]; then
/sbin/daemon_mgr smbd_usb stop "/usr/local/samba/sbin/smbd_usb -s $USB_Q_CONFIG -D"
/bin/kill -9 `cat ${USB_PID_P}/smbd.pid`
fi
fi
C_CHECK=`/sbin/getcfg USB_QUICK_SHARE mode`
if [ "x$C_CHECK" != "x$2" ]; then
/sbin/setcfg USB_QUICK_SHARE Enable 1
/sbin/setcfg USB_QUICK_SHARE mode $2
/sbin/write_log "[Network & Virtual Switch] [USB QuickAccess] Switch authentication to \"Selected Users/Groups\"." 4 > /dev/null 2>&1
fi
/sbin/ifconfig $USB_IF 2>/dev/null | grep "inet addr" > /dev/null 2>&1
if [ "x$?" == "x0" ]; then
/bin/kill -HUP `/sbin/pidof smbd` 2>/dev/null 1>/dev/null
/bin/kill -HUP `/sbin/pidof nmbd` 2>/dev/null 1>/dev/null
fi
#fi
elif [ "x$2" == "x4" ]; then
E_CHECK=`/sbin/getcfg USB_QUICK_SHARE Enable -d 1`
MODE_CHECK=`/sbin/getcfg USB_QUICK_SHARE mode -d 1`
#/bin/ls /sys/class/net/ -l | /bin/grep usb > /dev/null 2>&1
if [ "x$E_CHECK" = "x1" ]; then
USB_IF=`/sbin/getcfg USB_QUICK_SHARE interface`
/sbin/ifconfig $USB_IF 2>/dev/null | grep "inet addr" > /dev/null 2>&1
#if [ "x$?" != "x0" ] || [ "x$USB_IF" == "x" ]; then
# USB_IF=`/bin/ls /sys/class/net/ -l | /bin/grep usb | /bin/cut -d '>' -f2| /bin/sed 's/ //g' | /bin/sed 's/net/ /g' | /bin/cut -d ' ' -f 2 | /bin/sed 's/\///g'`
#fi
if [ "x$MODE_CHECK" == "x2" ] || [ "x$MODE_CHECK" == "x3" ];then
/sbin/ifconfig $USB_IF 2>/dev/null | grep "inet addr" > /dev/null 2>&1
if [ "x$?" == "x0" ] && [ "x$USB_IF" != "x" ]; then
/etc/init.d/smb.sh usb $MODE_CHECK $USB_IF reload
else
if [ "x$MODE_CHECK" == "x2" ]; then
if [ -f $USB_Q_CONFIG ]; then
USB_PID_P=`/sbin/getcfg global "pid directory" -f $USB_Q_CONFIG`
if [ -f ${USB_PID_P}/smbd.pid ]; then
/sbin/daemon_mgr smbd_usb stop "/usr/local/samba/sbin/smbd_usb -s $USB_Q_CONFIG -D"
/bin/kill -9 `cat ${USB_PID_P}/smbd.pid`
fi
fi
fi
fi
elif [ "x$MODE_CHECK" == "x1" ]; then
/etc/init.d/smb.sh usb $MODE_CHECK $USB_IF
fi
fi
fi
;;
tm_redirect)
[ -d ${DEF_VOLMP}/.timemachine_v2 ] || /bin/mkdir -p ${DEF_VOLMP}/.timemachine_v2
if [ "x${2}" = "xTimeMachine" ]; then
/bin/ln -sf ${DEF_VOLMP}/.timemachine ${DEF_VOLMP}/.timemachine_v2/${2}
/bin/chmod 777 ${DEF_VOLMP}/.timemachine_v2/${2}
/bin/chown ${3} ${DEF_VOLMP}/.timemachine_v2/${2}
/bin/chgrp ${4} ${DEF_VOLMP}/.timemachine_v2/${2}
elif [ ! -d ${DEF_VOLMP}/.timemachine_v2/${2} ]; then
link_p=`/sbin/getcfg "${2}" path -f /etc/config/tmmap`
/bin/ln -sf /share/${link_p} ${DEF_VOLMP}/.timemachine_v2/${2}
/bin/chmod 777 ${DEF_VOLMP}/.timemachine_v2/${2}
/bin/chown ${3} ${DEF_VOLMP}/.timemachine_v2/${2}
/bin/chgrp ${4} ${DEF_VOLMP}/.timemachine_v2/${2}
fi
;;
wbinfo_m)
/bin/rm /tmp/.trusted_domain.tmp > /dev/null 2>&1
for Wname in `/usr/local/samba/bin/wbinfo -m | /bin/sed "1,3d"`
do
/bin/echo $Wname
/usr/local/samba/bin/wbinfo -D $Wname |grep Alt_Name | cut -d ':' -f 2 | sed 's/ /Domain:/g' >> /tmp/.trusted_domain.tmp
/bin/echo Pre-Win2kDomain:$Wname >> /tmp/.trusted_domain.tmp
done
;;
*)
echo "Usage: smb {start|stop|restart|addc_enable|addc_disable|samba4_import}"
exit 1
esac
[ ! -f /etc/config/smb.conf ] || /bin/chmod 644 /etc/config/smb.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment