Manual de Implementao do Servio de Autenticao com openLDAP + SAMBA

Histrico de Verses
Verso 1.0 Data 02/09/2008 Autor Descrio Instalao LDAP

Pgina 2 de 22

1.Objetivos das Atividades

objetivo deste documento ser descrever os procedimentos necessrios para implementao do servio de autenticao openLDAP e um PDC SAMBA 3 para criar um mecanismos de single-sign-on para usurios Linux e Windows.

1.1. Premissas definidas para as Atividades

1. Servio de DNS configurado;

Pgina 3 de 22

2.Detalhamento das Atividades Executadas

4.1. Procedimentos
2.1.1. Instalando o openLDAP
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm [root@miami ~]# yum install openldap-servers [root@miami ~]# yum install openldap-clients [root@miami ~]# yum --enablerepo=rpmforge install smbldap-tools chown -R ldap /var/lib/ldap cd /etc/openldap cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@miami openldap]# slappasswd -s @password@#

2.1.2. Arquivo /etc/openldap/ldap.conf

cat /etc/openldap/ldap.conf # O acesso ao seu servidor LDAP tem que ser resolvido sem usar LDAP. # De preferncia coloque o IP ou tenha certeza que o DNS resolve o nome. host 127.0.0.1 # O nome distinto da base de procura. base dc=lps,dc=ufrj,dc=br # A identificacao do root do Ldap, ou seja o "Root Password DN" # A senha deve ser armazenada no arquivo /etc/ldap.secret (mode 600) rootbinddn cn=root,dc=lps,dc=ufrj,dc=br # Contexto para pesquisa no LDAP (RFC2307bis) # Nos usaremos ?sub (e nao o default ?one) porque separamos # sambaAccounts no ou=Computadores,dc=lps,dc=ufrj,dc=br # e usuarios em ou=Usuarios,dc=lps,dc=ufrj,dc=br nss_base_passwd dc=lps,dc=ufrj,dc=br?sub nss_base_shadow dc=lps,dc=ufrj,dc=br?sub nss_base_group ou=Grupos,dc=lps,dc=ufrj,dc=br?one # Opcoes de seguranca ssl no pam_password crypt URI ldap://127.0.0.1/ BASE dc=lps,dc=ufrj,dc=br TLS_CACERTDIR /etc/openldap/cacerts

Pgina 4 de 22

2.1.3. Arquivo /etc/openldap/slapd.conf

cp /usr/share/doc/samba-3.0.25b/LDAP/samba.schema /etc/openldap/schema/ #cat /etc/openldap/slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/misc.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile argsfile /var/run/openldap/slapd.pid /var/run/openldap/slapd.args

# Load dynamic backend modules: # modulepath /usr/lib/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # The next three lines allow use of TLS for encrypting connections using a # dummy test certificate which you can generate by changing to # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however. # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt # TLSCertificateFile /etc/pki/tls/certs/slapd.pem # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access
Pgina 5 de 22

# Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! access to attrs=sambaLMPassword,sambaNTPassword,userPassword,sambaPasswordHistory,sambaPwdLastS et by dn="cn=root,dc=lps,dc=ufrj,dc=br" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=root,dc=lps,dc=ufrj,dc=br" write by * read ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database suffix rootdn bdb "dc=lps,dc=ufrj,dc=br" "cn=root,dc=lps,dc=ufrj,dc=br"

# Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret # rootpw {crypt}ijFYNcSNctBYg # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub

Pgina 6 de 22

# Replicas of this database #replogfile /var/lib/ldap/openldap-master-replog #replica host=ldap-1.example.com:389 starttls=critical # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com@EXAMPLE.COM rootpw {SSHA}B+bRzBJC+Mx/ZXyLLy0JwlP1uAML9RRU #service ldap start Checking configuration files for slapd: bdb_db_open: DB_CONFIG for suffix dc=lps,dc=ufrj,dc=br has changed. Performing database recovery to activate new settings. bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered. config file testing succeeded [ OK ] Starting slapd: [ OK ]

2.1.4. Criando a base inicial do LDAP e populando o banco de dados

# vi base.ldif dn: dc=lps,dc=ufrj,dc=br dc: lps objectClass: top objectClass: domain dn: ou=usuarios,dc=lps,dc=ufrj,dc=br ou: usuarios objectClass: top objectClass: organizationalUnit dn: ou=computadores,dc=lps,dc=ufrj,dc=br ou: computadores objectClass: top objectClass: organizationalUnit dn: ou=grupos,dc=lps,dc=ufrj,dc=br ou: grupos objectClass: top objectClass: organizationalUnit

ldapadd -x -D cn=root,dc=lps,dc=ufrj,dc=br -W -f base.ldif

Pgina 7 de 22

2.1.5. Arquivo /etc/smbldap-tools/smbldap.conf

############################################################################## # # General Configuration # ############################################################################## # Put your own SID. To obtain this number do: "net getlocalsid". # If not defined, parameter is taking from "net getlocalsid" return SID="S-1-5-21-3041103067-508309359-3073237874" # Domain name the Samba server is in charged. # If not defined, parameter is taking from smb.conf configuration file # Ex: sambaDomain="IDEALX-NT" sambaDomain="LPSUFRJ" ############################################################################## # # LDAP Configuration # ############################################################################## # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Slave LDAP server # Ex: slaveLDAP=127.0.0.1 # If not defined, parameter is set to "127.0.0.1" slaveLDAP="127.0.0.1" # Slave LDAP port # If not defined, parameter is set to "389" slavePort="389" # Master LDAP server: needed for write operations # Ex: masterLDAP=127.0.0.1 # If not defined, parameter is set to "127.0.0.1" masterLDAP="127.0.0.1" # Master LDAP port # If not defined, parameter is set to "389" #masterPort="389" masterPort="389" # Use TLS for LDAP # If set to 1, this option will use start_tls for connection # (you should also used the port 389) # If not defined, parameter is set to "0" ldapTLS="0"
Pgina 8 de 22

# Use SSL for LDAP # If set to 1, this option will use SSL for connection # (standard port for ldaps is 636) # If not defined, parameter is set to "0" ldapSSL="0" # How to verify the server's certificate (none, optional or require) # see "man Net::LDAP" in start_tls section for more details verify="require" # CA certificate # see "man Net::LDAP" in start_tls section for more details cafile="/etc/smbldap-tools/ca.pem" # certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key" # LDAP Suffix # Ex: suffix=dc=IDEALX,dc=ORG suffix="dc=lps,dc=ufrj,dc=br" # Where are stored Users # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for usersdn usersdn="ou=usuarios,${suffix}" # Where are stored Computers # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for computersdn computersdn="ou=computadores,${suffix}" # Where are stored Groups # Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for groupsdn groupsdn="ou=grupos,${suffix}" # Where are stored Idmap entries (used if samba is a domain member server) # Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for idmapdn idmapdn="ou=Idmap,${suffix}" # Where to store next uidNumber and gidNumber available for new users and groups # If not defined, entries are stored in sambaDomainName object. # Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" # Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" # Default scope Used scope="sub"
Pgina 9 de 22

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) hash_encrypt="SSHA" # if hash_encrypt is set to CRYPT, you may set a salt format. # default is "%s", but many systems will generate MD5 hashed # passwords if you use "$1$%.8s". This parameter is optional! crypt_salt_format="%s" ############################################################################## # # Unix Accounts Configuration # ############################################################################## # Login defs # Default Login Shell # Ex: userLoginShell="/bin/bash" userLoginShell="/bin/bash" # Home directory # Ex: userHome="/home/%U" userHome="/home/%U" # Default mode used for user homeDirectory userHomeDirectoryMode="700" # Gecos userGecos="System User" # Default User (POSIX and Samba) GID defaultUserGid="513" # Default Computer (Samba) GID defaultComputerGid="515" # Skel dir skeletonDir="/etc/skel" # Default password validation time (time in days) Comment the next line if # you don't want password to be enable for defaultMaxPasswordAge days (be # careful to the sambaPwdMustChange attribute's value) defaultMaxPasswordAge="45" ############################################################################## # # SAMBA Configuration # ############################################################################## # The UNC path to home drives location (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon home' # directive and/or disable roaming profiles # Ex: userSmbHome="\\PDC-SMB3\%U" userSmbHome="\\LPSUFRJ\%U"
Pgina 10 de 22

# The UNC path to profiles locations (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon path' # directive and/or disable roaming profiles # Ex: userProfile="\\PDC-SMB3\profiles\%U" userProfile="\\LPSUFRJ\profiles\%U" # The default Home Drive Letter mapping # (will be automatically mapped at logon time if home directory exist) # Ex: userHomeDrive="H:" userHomeDrive="H:" # The default user netlogon script name (%U username substitution) # if not used, will be automatically username.cmd # make sure script file is edited under dos # Ex: userScript="startup.cmd" # make sure script file is edited under dos userScript="logon.bat" # Domain appended to the users "mail"-attribute # when smbldap-useradd -M is used # Ex: mailDomain="idealx.com" mailDomain="lps.ufrj.br" ############################################################################## # # SMBLDAP-TOOLS Configuration (default are ok for a RedHat) # ############################################################################## # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but # prefer Crypt::SmbHash library with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) # but prefer Crypt:: libraries with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" # comment out the following line to get rid of the default banner # no_banner="1"

Pgina 11 de 22

2.1.6. Arquivo /etc/smbldap-tools/smbldap_bind.conf

[root@miami /]# cat /etc/smbldap-tools/smbldap_bind.conf ############################ # Credential Configuration # ############################ # Notes: you can specify two differents configuration if you use a # master ldap for writing access and a slave ldap server for reading access # By default, we will use the same DN (so it will work for standard Samba # release) slaveDN="cn=root,dc=lps,dc=ufrj,dc=br" slavePw="@password@#" masterDN="cn=root,dc=lps,dc=ufrj,dc=br" masterPw="@password@#"

2.1.7. Arquivo /etc/samba

[global] load printers = yes cups options = raw server string = PDC Server Version %v socket options = TCP_NODELAY workgroup = LPSUFRJ encrypt passwords = yes security = user passdb backend = tdbsam netbios name = LPS ; ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 hosts allow = 127. 192.168. log file = /var/log/samba/%m.log max log size = 50 domain master = yes domain logons = yes ; ; ; ; # the login script name depends on the machine name logon script = %m.bat # the login script name depends on the unix user used logon script = %u.bat logon path = \\%L\Profiles\%u # disables profiles support by specifing an empty path logon path = local master = yes os level = 65 preferred master = yes

Pgina 12 de 22

# Configuracoes para o LDAP passdb backend = ldapsam:ldap://127.0.0.1 ldap passwd sync = yes ldap delete dn = Yes ldap admin dn = cn=root,dc=lps,dc=ufrj,dc=br ldap suffix = dc=lps,dc=ufrj,dc=br ldap machine suffix = ou=computadores ldap user suffix = ou=usuarios ldap group suffix = ou=grupos ldap idmap suffix = sambaDomainName=LPSUFRJ idmap backend = ldap:ldap://127.0.0.1 idmap uid = 10000-20000 idmap gid = 10000-20000 admin users = Administrator @"Domain Admins" # Permitir que usuarios do grupo "Administradores do Dominio" possam ingressar maquinas # WinXP/Win2000 ao dominio samba # to the domain enable privileges = yes # Scrips utilizados para Gerenciar Usuarios da M$ # adiconar/remover Usuarios add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" # adiconar/remover Grupos add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" # Scripts para adiconar/remover Usuarios nos Grupos add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" # Script para definir o grupo primario do usuario set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" # Script par adicionar maquina Win NT/XP ingressar no Dominio add machine script = /usr/sbin/smbldap-useradd -W "%u" # Otimizacoes recomendadas em smb ports = 445 139 name resolve order = lmhosts host wins bcast utmp = Yes time server = Yes template shell = /bin/false winbind use default domain = no map acl inherit = Yes strict locking = Yes # Como o cliente ira' se comunicar com o servidor socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# --------------------------- Filesystem Options --------------------------# # The following options can be uncommented if the filesystem supports
Pgina 13 de 22

# Extended Attributes and they are enabled (usually by the mount option # user_xattr). Thess options will let the admin store the DOS attributes # in an EA and make samba not mess with the permission bits. # # Note: these options can also be set just per share, setting them in global # makes them the default for all shares ; ; ; ; ; map archive = no map hidden = no map read only = no map system = no store dos attributes = yes

#============================ Share Definitions ============================= [homes] comment = Home Directories browseable = no writable = yes valid users = %S ; valid users = MYDOMAIN\%S [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon/scripts guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles] path = /var/lib/samba/profiles browseable = no guest ok = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes
Pgina 14 de 22

; ;

printable = no write list = +staff

2.1.8. Configurando cliente openLDAP

authconfig-tui

Pgina 15 de 22

#cat /etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis Pgina 16 de 22

#group: passwd: shadow: group: #hosts: hosts:

db files nisplus nis files ldap files ldap files ldap db files nisplus nis dns files dns

# Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus

2.1.9. Configurando integrao SAMBA + LDAP

a) Ativando senha do administrador SAMBA smbpasswd -w @password@# b) Populando a base de dados do PDC no LDAP smbldap-populate -a root c) Criando usurio e definindo a senha no ambiente LDAP + SAMBA smbldap-useradd -a -m -F "" malves smbldap-passwd malves [root@miami etc]# id malves uid=1123(malves) gid=513(Domain Users) groups=513(Domain Users)

Pgina 17 de 22

d) Atualizando os dados de um usurio [root@miami etc]# smbldap-userinfo malves Changing the user information for malves Enter the new value, or press ENTER for the default User Shell [/bin/bash]: Full Name [Marcos Alves]: Room Number []: Work Phone []: Home Phone []: Other []: LDAP updated e) Mostrando os dados do usurio # smbldap-usershow malves dn: uid=malves,ou=Usuarios,dc=lps,dc=ufrj,dc=br objectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount,in etLocalMailRecipient uid: malves uidNumber: 1123 gidNumber: 513 homeDirectory: /home/malves sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: malves sambaSID: S-1-5-21-3041103067-508309359-3073237874-3246 sambaLogonScript: logon.bat sambaProfilePath: \\LPSUFRJ\profiles\malves sambaHomePath: \\LPSUFRJ\malves sambaPrimaryGroupSID: S-1-5-21-3041103067-508309359-3073237874-513 sambaHomeDrive: H: mailLocalAddress: malves mail: malves@lps.ufrj.br sambaLMPassword: 853CA1CD2A92A81D25AD3B83FA6627C7 sambaAcctFlags: [U] sambaNTPassword: F6E7FA906A0E97AF28D99556ABCFDF3C sambaPwdLastSet: 1220370854 sambaPwdMustChange: 1224258854 userPassword: {SSHA}//+QUqI5FZP/zWVukct0FSM5r59MYlhw shadowLastChange: 14124 shadowMax: 45 gecos: Marcos Alves,,,, cn: Marcos Alves sn: Alves givenName: Marcos loginShell: /bin/bash

Pgina 18 de 22

f) Testando o cliente no Samba/LDAP [root@miami etc]# smbclient -L //LPS/home/malves --user=malves Password: Domain=[LPSUFRJ] OS=[Unix] Server=[Samba 3.0.28-1.el5_2.1] Sharename Type Comment -----------------netlogon Disk Network Logon Service IPC$ IPC IPC Service (PDC Server Version 3.0.28-1.el5_2.1) malves Disk Home Directories Domain=[LPSUFRJ] OS=[Unix] Server=[Samba 3.0.28-1.el5_2.1] Server --------LPS Comment ------PDC Server Version 3.0.28-1.el5_2.1

Workgroup Master --------------GRUPO ITACA LPS2 GRENOBLE LPSUFRJ LPS WORKGROUP MONACO smbclient -L LPS -U% Domain=[LPSUFRJ] OS=[Unix] Server=[Samba 3.0.28-1.el5_2.1] Sharename Type Comment -----------------netlogon Disk Network Logon Service IPC$ IPC IPC Service (PDC Server Version 3.0.28-1.el5_2.1) Domain=[LPSUFRJ] OS=[Unix] Server=[Samba 3.0.28-1.el5_2.1] Server --------LPS Comment ------PDC Server Version 3.0.28-1.el5_2.1

Workgroup Master --------------GRUPO ITACA LPS2 GRENOBLE LPSUFRJ LPS WORKGROUP MONACO

Pgina 19 de 22

g) Criando uma mquina Windows no Samba+LDAP smbldap-useradd -W barbacena

2.1.10. Script para administrao de usurios

[root@miami etc]# cat /root/cria-user.sh #!/bin/bash clear while true do clear echo -e "****************************************" echo -e "** Cadastro LDAP+SAMBA **" echo -e "** by Marcos Pitanga **" echo -e "** **" echo -e "** 1 - Cria usuario **" echo -e "** 2 - Cria maquina **" echo -e "** 3 - Apaga usuario **" echo -e "** 4 - Alterar senha **" echo -e "** 5 - Cria grupo **" echo -e "** 6 - Remove Grupo **" echo -e "** 7 - Sair **" echo -e "*****************************************" read opcao case "$opcao" in 1) echo -e "Digite o usuario: " read usuario echo -e "Digite o nome completo do usuario: " read nome smbldap-useradd -a -m -M $usuario -c "$nome" $usuario echo "Cadastro efetuado com sucesso!!!" sleep 2 ;; echo -e "Digite o nome da estacao Windows " read maquina smbldap-useradd -W $maquina echo "Maquina inserida com sucesso!!!" sleep 2 ;; 3) echo -e "Digite o nome do usuario/maquina para apagar" read user smbldap-userdel -r $user sleep 2 ;;
Pgina 20 de 22

2)

4)

echo -e "Digite o usuario: " read usuario smbldap-passwd $usuario sleep 2 ;; echo -e "Digite o nome do grupo: " read grupo smbldap-groupadd -a $grupo sleep 2 ;; echo -e "Digite o nome do grupo a ser removido: " read grupo smbldap-groupdel $grupo sleep 2 ;; echo "Ate logo ......." exit ;; echo "Somente sao validas opcoes 1, 2, 3, 4 e 5 " sleep 2 ;;

5)

6)

7)

*)

esac done exit

Pgina 21 de 22

2.1.11. Ferramenta de Administrao Grfica sobre Windows LDAP Admin

Pgina 22 de 22