Remark: Old version. Can be deleted after 2011-06 (ChristianKuelker)

CipUX Samba

Status of the project:

Name:

cipux-samba

Concept:

ChristianKuelker

Programmers:

AlexejPastuchow

Status:

implentation

Start:

2008-05-22

End:

2008-10-27

Planned-release:

3.4.0

Alpha-release:

-

Beta-release:

-

Stable-release:

-

This task are for Skolelinux/Debian-Edu:

Task

Status

0

Basic infrastructure

partly accomplished

0.1

We use the hole Skolelinux LDAP tree

OK

0.2

Install Skolelinux

installed

0.3

create image (t0) from Skolelinux

link to t0 missing

0.4

Functional test of Skolelinux: Can Clients join domain?

yes

0.5

If yes: create image (t1)

restored

0.6

If yes: restore to image (t0)

yes

0.7

Is t0 OK?

yes

0.8

yes t0 is OK: install packages CipUX

installed

0.9

if t0 OK: create image (t2) from Skolelinux SVN CipUX

link to t2 missing

0.10

Pam should already be configured

OK

1

Admin Group

accomplished

1.1

Exists cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no?

yes

1.2

If no, create it with LDIF

created

1.3

save the LDIF of that account in SVN

link

2

CAT administrator "cipadmin"

partly accomplished

2.1

create that account via LWAT with relevant samba attr.

created

2.2

The account has all samba entries

yes

2.3

The account has all CipUX entries

yes

2.4

save LDIF in SVN

link

2.5

add "cipadmin" to "admins" via LDIF

added

2.6

save the LDIF in SVN

link

2.7

"cipadmin" can be used to add win clients to domains

yes

3

Adoption of CipUX installation on Debian-Edu

accomplished

3.1

The trust account for CipUX under DebianEdu is cn=admin,ou=People

OK

3.2

Can cn=admin access all needed attributes: check ACL.

yes

3.3

Create a different cipux-storage-structure.conf

created

3.4

Change relevant RDN in this file ou=User -> ou=People

OK

3.5

save this in SVN as an example for Debian-Edu

link

3.6

create a seperate cipux-storage-access.conf

created

3.7

change the Tree in this file:

OK

3.8

change or check the URL in this file

OK

3.9

save this in SVN as an example for Debian-Edu

link

4

Some PAM tests: check ...

accomplished

4.1

... if "id admins" works

OK

4.2

... if "id cipadmin" works

OK

4.3

... if "cipadmin" is in "admins" group

OK

4.4

... if cipadmin can login from console (not terminal)

OK

4.5

... if cipadmin can add a windows machines to a domain

OK

4.6

... if he can make image (t3)

OK

4.7

save valid machine account as LDIF in SVN

link

5

Samba Users

not accomplished

5.1

add samba LDAP configuration cipux-samba.conf

OK

5.2

commit cipux-samba.conf to SVN

not committed

5.3

add 3 auto calc "if" to CipUX::Object::Action::Create

work in progress

5.4

commit CipUX::Object::Action::Create to SVN

not committed

5.10

Check if ...

not done

5.11

... samba user is created, if cipux-samba is installed

not done

5.12

... users are indentical to Skole execpt additional CipUX attr.

not done

5.13

... no samba user is creaed, if cipux-samba is not installed

not done

5.14

... id <LOGIN> works

not done

5.15

... login with such a user on a windows (within a domain) works

not done

6

Samba Groups

not accomplished

6.1

add samba LDAP configuration cipux-samba.conf (if any)

OK

6.2

find a solution for exporting created groups with samba

not done

6.10

Check if ...

not done

6.11

... samba group is created if cipux-samba is installed

not done

6.12

... groups are indentical to Skole execpt additional CipUX attr.

not done

6.13

... no samba group is creaed, if cipux-samba is not installed

not done

6.14

... group shows up in PAM

not done

6.15

... if samba group exists, it should be exported to users who are member of this group

not done

Todo for Future:

=> Fuer die Zukunft muss ein neues CipUX Object oder eine CipUX Object Erweiterung in den Konfigurations Dateien erstellt werden, mit der man diese Admin Groups anlegen kann. Im Moment koennen wir das hardgecoded lassen.