+++ /dev/null
-##
-## schema file for OpenLDAP 2.x
-## Schema for storing Samba user accounts and group maps in LDAP
-## OIDs are owned by the Samba Team
-##
-## Prerequisite schemas - uid (cosine.schema)
-## - displayName (inetorgperson.schema)
-## - gidNumber (nis.schema)
-##
-## 1.3.6.1.4.1.7165.2.1.x - attributetypes
-## 1.3.6.1.4.1.7165.2.2.x - objectclasses
-##
-## Printer support
-## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
-## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
-##
-## Samba4
-## 1.3.6.1.4.1.7165.4.1.x - attributetypes
-## 1.3.6.1.4.1.7165.4.2.x - objectclasses
-## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
-## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
-## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
-##
-## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
-##
-## Run the 'get_next_oid' bash script in this directory to find the
-## next available OID for attribute type and object classes.
-##
-## $ ./get_next_oid
-## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
-## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
-##
-## Also ensure that new entries adhere to the declaration style
-## used throughout this file
-##
-## <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
-## ^ ^ ^
-##
-## The spaces are required for the get_next_oid script (and for
-## readability).
-##
-## ------------------------------------------------------------------
-
-# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
-# objectIdentifier Samba3 SambaRoot:2
-# objectIdentifier Samba3Attrib Samba3:1
-# objectIdentifier Samba3ObjectClass Samba3:2
-# objectIdentifier Samba4 SambaRoot:4
-
-########################################################################
-## HISTORICAL ##
-########################################################################
-
-##
-## Password hashes
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
-# DESC 'LanManager Passwd'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
-# DESC 'NT Passwd'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-##
-## Account flags in string format ([UWDX ])
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
-# DESC 'Account Flags'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
-
-##
-## Password timestamps & policies
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
-# DESC 'NT pwdLastSet'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
-# DESC 'NT logonTime'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
-# DESC 'NT logoffTime'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
-# DESC 'NT kickoffTime'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
-# DESC 'NT pwdCanChange'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
-# DESC 'NT pwdMustChange'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-##
-## string settings
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
-# DESC 'NT homeDrive'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
-# DESC 'NT scriptPath'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
-# DESC 'NT profilePath'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
-# DESC 'userWorkstations'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
-# DESC 'smbHome'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
-# DESC 'Windows NT domain to which the user belongs'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
-##
-## user and group RID
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
-# DESC 'NT rid'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
-# DESC 'NT Group RID'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-##
-## The smbPasswordEntry objectclass has been depreciated in favor of the
-## sambaAccount objectclass
-##
-#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
-# DESC 'Samba smbpasswd entry'
-# MUST ( uid $ uidNumber )
-# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
-
-#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
-# DESC 'Samba Account'
-# MUST ( uid $ rid )
-# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
-# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
-# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
-# description $ userWorkstations $ primaryGroupID $ domain ))
-
-#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
-# DESC 'Samba Auxiliary Account'
-# MUST ( uid $ rid )
-# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
-# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
-# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
-# description $ userWorkstations $ primaryGroupID $ domain ))
-
-########################################################################
-## END OF HISTORICAL ##
-########################################################################
-
-#######################################################################
-## Attributes used by Samba 3.0 schema ##
-#######################################################################
-
-##
-## Password hashes
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
- DESC 'LanManager Password'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
- DESC 'MD4 hash of the unicode password'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-##
-## Account flags in string format ([UWDX ])
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
- DESC 'Account Flags'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
-
-##
-## Password timestamps & policies
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
- DESC 'Timestamp of the last password update'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
- DESC 'Timestamp of when the user is allowed to update the password'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
- DESC 'Timestamp of when the password will expire'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
- DESC 'Timestamp of last logon'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
- DESC 'Timestamp of last logoff'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
- DESC 'Timestamp of when the user will be logged off automatically'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
- DESC 'Bad password attempt count'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
- DESC 'Time of the last bad password attempt'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
- DESC 'Logon Hours'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
-
-##
-## string settings
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
- DESC 'Driver letter of home directory mapping'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
- DESC 'Logon script path'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
- DESC 'Roaming profile path'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
- DESC 'List of user workstations the user is allowed to logon to'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
- DESC 'Home directory UNC path'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
- DESC 'Windows NT domain to which the user belongs'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
- DESC 'Base64 encoded user parameter string'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
- DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
-
-##
-## SID, of any type
-##
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
- DESC 'Security ID'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseExactIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
-
-##
-## Primary group SID, compatible with ntSid
-##
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
- DESC 'Primary Group Security ID'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
- DESC 'Security ID List'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
-
-##
-## group mapping attributes
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
- DESC 'NT Group Type'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-##
-## Store info on the domain
-##
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
- DESC 'Next NT rid to give our for users'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
- DESC 'Next NT rid to give out for groups'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
- DESC 'Next NT rid to give out for anything'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
- DESC 'Base at which the samba RID generation algorithm should operate'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
- DESC 'Share Name'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
- DESC 'Option Name'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
- DESC 'A boolean option'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
- DESC 'An integer option'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
- DESC 'A string option'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
- DESC 'A string list option'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-
-##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
-## SUP name )
-
-##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
-## DESC 'Privileges List'
-## EQUALITY caseIgnoreIA5Match
-## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
- DESC 'Trust Password Flags'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# "min password length"
-attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
- DESC 'Minimal password length (default: 5)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "password history"
-attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
- DESC 'Length of Password History Entries (default: 0 => off)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "user must logon to change password"
-attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
- DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "maximum password age"
-attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
- DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "minimum password age"
-attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
- DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "lockout duration"
-attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
- DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "reset count minutes"
-attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
- DESC 'Reset time after lockout in minutes (default: 30)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "bad lockout attempt"
-attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
- DESC 'Lockout users after bad logon attempts (default: 0 => off)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "disconnect time"
-attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
- DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "refuse machine password change"
-attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
- DESC 'Allow Machine Password changes (default: 0 => off)'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#
-attributetype ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
- DESC 'Clear text password (used for trusted domain passwords)'
- EQUALITY octetStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-
-#
-attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword'
- DESC 'Previous clear text password (used for trusted domain passwords)'
- EQUALITY octetStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-
-
-
-#######################################################################
-## objectClasses used by Samba 3.0 schema ##
-#######################################################################
-
-## The X.500 data model (and therefore LDAPv3) says that each entry can
-## only have one structural objectclass. OpenLDAP 2.0 does not enforce
-## this currently but will in v2.1
-
-##
-## added new objectclass (and OID) for 3.0 to help us deal with backwards
-## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
- DESC 'Samba 3.0 Auxilary SAM Account'
- MUST ( uid $ sambaSID )
- MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
- sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
- sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
- displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
- sambaProfilePath $ description $ sambaUserWorkstations $
- sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
- sambaBadPasswordCount $ sambaBadPasswordTime $
- sambaPasswordHistory $ sambaLogonHours))
-
-##
-## Group mapping info
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
- DESC 'Samba Group Mapping'
- MUST ( gidNumber $ sambaSID $ sambaGroupType )
- MAY ( displayName $ description $ sambaSIDList ))
-
-##
-## Trust password for trust relationships (any kind)
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
- DESC 'Samba Trust Password'
- MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
- MAY ( sambaSID $ sambaPwdLastSet ))
-
-##
-## Trust password for trusted domains
-## (to be stored beneath the trusting sambaDomain object in the DIT)
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
- DESC 'Samba Trusted Domain Password'
- MUST ( sambaDomainName $ sambaSID $
- sambaClearTextPassword $ sambaPwdLastSet )
- MAY ( sambaPreviousClearTextPassword ))
-
-##
-## Whole-of-domain info
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
- DESC 'Samba Domain Information'
- MUST ( sambaDomainName $
- sambaSID )
- MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
- sambaAlgorithmicRidBase $
- sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
- sambaMaxPwdAge $ sambaMinPwdAge $
- sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
- sambaForceLogoff $ sambaRefuseMachinePwdChange ))
-
-##
-## used for idmap_ldap module
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
- DESC 'Pool for allocating UNIX uids/gids'
- MUST ( uidNumber $ gidNumber ) )
-
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
- DESC 'Mapping from a SID to an ID'
- MUST ( sambaSID )
- MAY ( uidNumber $ gidNumber ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
- DESC 'Structural Class for a SID'
- MUST ( sambaSID ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
- DESC 'Samba Configuration Section'
- MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
- DESC 'Samba Share Section'
- MUST ( sambaShareName )
- MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
- DESC 'Samba Configuration Option'
- MUST ( sambaOptionName )
- MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $
- sambaStringListoption $ description ) )
-
-
-## retired during privilege rewrite
-##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
-## DESC 'Samba Privilege'
-## MUST ( sambaSID )
-## MAY ( sambaPrivilegeList ) )
+++ /dev/null
-# This is the main Samba configuration file. You should read the
-# smb.conf(5) manual page in order to understand the options listed
-# here. Samba has a huge number of configurable options (perhaps too
-# many!) most of which are not shown in this example
-#
-# For a step to step guide on installing, configuring and using samba,
-# read the Samba-HOWTO-Collection. This may be obtained from:
-# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
-#
-# Many working examples of smb.conf files can be found in the
-# Samba-Guide which is generated daily and can be downloaded from:
-# http://www.samba.org/samba/docs/Samba-Guide.pdf
-#
-# Any line which starts with a ; (semi-colon) or a # (hash)
-# is a comment and is ignored. In this example we will use a #
-# for commentry and a ; for parts of the config file that you
-# may wish to enable
-#
-# NOTE: Whenever you modify this file you should run the command "testparm"
-# to check that you have not made any basic syntactic errors.
-#
-#======================= Global Settings =====================================
-[global]
-
-# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
- workgroup = MYGROUP
-
-# server string is the equivalent of the NT Description field
- server string = Samba Server
-
-# Security mode. Defines in which mode Samba will operate. Possible
-# values are share, user, server, domain and ads. Most people will want
-# user level security. See the Samba-HOWTO-Collection for details.
- security = user
-
-# This option is important for security. It allows you to restrict
-# connections to machines which are on your local network. The
-# following example restricts access to two C class networks and
-# the "loopback" interface. For more examples of the syntax see
-# the smb.conf man page
-; hosts allow = 192.168.1. 192.168.2. 127.
-
-# If you want to automatically load your printer list rather
-# than setting them up individually then you'll need this
- load printers = yes
-
-# you may wish to override the location of the printcap file
-; printcap name = /etc/printcap
-
-# on SystemV system setting printcap name to lpstat should allow
-# you to automatically obtain a printer list from the SystemV spool
-# system
-; printcap name = lpstat
-
-# It should not be necessary to specify the print system type unless
-# it is non-standard. Currently supported print systems include:
-# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
-; printing = cups
-
-# Uncomment this if you want a guest account, you must add this to /etc/passwd
-# otherwise the user "nobody" is used
-; guest account = pcguest
-
-# this tells Samba to use a separate log file for each machine
-# that connects
- log file = /var/log/samba/log.%m
-
-# Put a capping on the size of the log files (in Kb).
- max log size = 50
-
-# Use password server option only with security = server
-# The argument list may include:
-# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
-# or to auto-locate the domain controller/s
-# password server = *
-; password server = <NT-Server-Name>
-
-# Use the realm option only with security = ads
-# Specifies the Active Directory realm the host is part of
-; realm = MY_REALM
-
-# Backend to store user information in. New installations should
-# use either tdbsam or ldapsam. smbpasswd is available for backwards
-# compatibility. tdbsam requires no further configuration. If you're
-# migrating from < samba 3.4, you'll have to convert your old user
-# passwords to the new backend with the command:
-# pdbedit -i smbpasswd:/var/lib/samba/private/smbpasswd -e
-; passdb backend = tdbsam
-
-# Using the following line enables you to customise your configuration
-# on a per machine basis. The %m gets replaced with the netbios name
-# of the machine that is connecting.
-# Note: Consider carefully the location in the configuration file of
-# this line. The included file is read at that point.
-; include = /etc/samba/smb.conf.%m
-
-# Configure Samba to use multiple interfaces
-# If you have multiple network interfaces then you must list them
-# here. See the man page for details.
-; interfaces = 192.168.12.2/24 192.168.13.2/24
-
-# Browser Control Options:
-# set local master to no if you don't want Samba to become a master
-# browser on your network. Otherwise the normal election rules apply
-; local master = no
-
-# OS Level determines the precedence of this server in master browser
-# elections. The default value should be reasonable
-; os level = 33
-
-# Domain Master specifies Samba to be the Domain Master Browser. This
-# allows Samba to collate browse lists between subnets. Don't use this
-# if you already have a Windows NT domain controller doing this job
-; domain master = yes
-
-# Preferred Master causes Samba to force a local browser election on startup
-# and gives it a slightly higher chance of winning the election
-; preferred master = yes
-
-# Enable this if you want Samba to be a domain logon server for
-# Windows95 workstations.
-; domain logons = yes
-
-# if you enable domain logons then you may want a per-machine or
-# per user logon script
-# run a specific logon batch file per workstation (machine)
-; logon script = %m.bat
-# run a specific logon batch file per username
-; logon script = %U.bat
-
-# Where to store roving profiles (only for Win95 and WinNT)
-# %L substitutes for this servers netbios name, %U is username
-# You must uncomment the [Profiles] share below
-; logon path = \\%L\Profiles\%U
-
-# Windows Internet Name Serving Support Section:
-# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
-; wins support = yes
-
-# WINS Server - Tells the NMBD components of Samba to be a WINS Client
-# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
-; wins server = w.x.y.z
-
-# WINS Proxy - Tells Samba to answer name resolution queries on
-# behalf of a non WINS capable client, for this to work there must be
-# at least one WINS Server on the network. The default is NO.
-; wins proxy = yes
-
-# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
-# via DNS nslookups. The default is NO.
- dns proxy = no
-
-# These scripts are used on a domain controller or stand-alone
-# machine to add or delete corresponding unix accounts
-; add user script = /usr/sbin/useradd %u
-; add group script = /usr/sbin/groupadd %g
-; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
-; delete user script = /usr/sbin/userdel %u
-; delete user from group script = /usr/sbin/deluser %u %g
-; delete group script = /usr/sbin/groupdel %g
-
-
-#============================ Share Definitions ==============================
-[homes]
- comment = Home Directories
- browseable = no
- writable = yes
-
-# Un-comment the following and create the netlogon directory for Domain Logons
-; [netlogon]
-; comment = Network Logon Service
-; path = /var/lib/samba/netlogon
-; guest ok = yes
-; writable = no
-; share modes = no
-
-
-# Un-comment the following to provide a specific roving profile share
-# the default is to use the user's home directory
-;[Profiles]
-; path = /var/lib/samba/profiles
-; browseable = no
-; guest ok = yes
-
-
-# NOTE: If you have a BSD-style print system there is no need to
-# specifically define each individual printer
-[printers]
- comment = All Printers
- path = /var/spool/samba
- browseable = no
-# Set public = yes to allow user 'guest account' to print
- guest ok = no
- writable = no
- printable = yes
-
-# This one is useful for people to share files
-;[tmp]
-; comment = Temporary file space
-; path = /tmp
-; read only = no
-; public = yes
-
-# A publicly accessible directory, but read only, except for people in
-# the "staff" group
-;[public]
-; comment = Public Stuff
-; path = /home/samba
-; public = yes
-; writable = yes
-; printable = no
-; write list = @staff
-
-# Other examples.
-#
-# A private printer, usable only by fred. Spool data will be placed in fred's
-# home directory. Note that fred must have write access to the spool directory,
-# wherever it is.
-;[fredsprn]
-; comment = Fred's Printer
-; valid users = fred
-; path = /homes/fred
-; printer = freds_printer
-; public = no
-; writable = no
-; printable = yes
-
-# A private directory, usable only by fred. Note that fred requires write
-# access to the directory.
-;[fredsdir]
-; comment = Fred's Service
-; path = /usr/somewhere/private
-; valid users = fred
-; public = no
-; writable = yes
-; printable = no
-
-# a service which has a different directory for each machine that connects
-# this allows you to tailor configurations to incoming machines. You could
-# also use the %U option to tailor it by user name.
-# The %m gets replaced with the machine name that is connecting.
-;[pchome]
-; comment = PC Directories
-; path = /usr/pc/%m
-; public = no
-; writable = yes
-
-# A publicly accessible directory, read/write to all users. Note that all files
-# created in the directory by users will be owned by the default user, so
-# any user with access can delete any other user's files. Obviously this
-# directory must be writable by the default user. Another user could of course
-# be specified, in which case all files would be owned by that user instead.
-;[public]
-; path = /usr/somewhere/else/public
-; public = yes
-; only guest = yes
-; writable = yes
-; printable = no
-
-# The following two entries demonstrate how to share a directory so that two
-# users can place files there that will be owned by the specific users. In this
-# setup, the directory should be writable by both users and should have the
-# sticky bit set on it to prevent abuse. Obviously this could be extended to
-# as many users as required.
-;[myshare]
-; comment = Mary's and Fred's stuff
-; path = /usr/somewhere/shared
-; valid users = mary fred
-; public = no
-; writable = yes
-; printable = no
-; create mask = 0765
-
-