Remark: Old version. Can be deleted after 2011-06 (ChristianKuelker)
CipUX Samba
Status of the project: |
||
Name: |
cipux-samba |
|
Concept: |
||
Programmers: |
||
Status: |
implentation |
|
Start: |
2008-05-22 |
|
End: |
2008-10-27 |
|
Planned-release: |
3.4.0 |
|
Alpha-release: |
- |
|
Beta-release: |
- |
|
Stable-release: |
- |
This task are for Skolelinux/Debian-Edu:
|
Task |
Status |
0 |
Basic infrastructure |
partly accomplished |
0.1 |
We use the hole Skolelinux LDAP tree |
OK |
0.2 |
Install Skolelinux |
installed |
0.3 |
create image (t0) from Skolelinux |
link to t0 missing |
0.4 |
Functional test of Skolelinux: Can Clients join domain? |
yes |
0.5 |
If yes: create image (t1) |
restored |
0.6 |
If yes: restore to image (t0) |
yes |
0.7 |
Is t0 OK? |
yes |
0.8 |
yes t0 is OK: install packages CipUX |
installed |
0.9 |
if t0 OK: create image (t2) from Skolelinux SVN CipUX |
link to t2 missing |
0.10 |
Pam should already be configured |
OK |
1 |
Admin Group |
accomplished |
1.1 |
Exists cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no? |
yes |
1.2 |
If no, create it with LDIF |
created |
1.3 |
save the LDIF of that account in SVN |
|
2 |
CAT administrator "cipadmin" |
partly accomplished |
2.1 |
create that account via LWAT with relevant samba attr. |
created |
2.2 |
The account has all samba entries |
yes |
2.3 |
The account has all CipUX entries |
yes |
2.4 |
save LDIF in SVN |
|
2.5 |
add "cipadmin" to "admins" via LDIF |
added |
2.6 |
save the LDIF in SVN |
link |
2.7 |
"cipadmin" can be used to add win clients to domains |
yes |
3 |
Adoption of CipUX installation on Debian-Edu |
accomplished |
3.1 |
The trust account for CipUX under DebianEdu is cn=admin,ou=People |
OK |
3.2 |
Can cn=admin access all needed attributes: check ACL. |
yes |
3.3 |
Create a different cipux-storage-structure.conf |
created |
3.4 |
Change relevant RDN in this file ou=User -> ou=People |
OK |
3.5 |
save this in SVN as an example for Debian-Edu |
|
3.6 |
create a seperate cipux-storage-access.conf |
created |
3.7 |
change the Tree in this file: |
OK |
3.8 |
change or check the URL in this file |
OK |
3.9 |
save this in SVN as an example for Debian-Edu |
|
4 |
Some PAM tests: check ... |
accomplished |
4.1 |
... if "id admins" works |
OK |
4.2 |
... if "id cipadmin" works |
OK |
4.3 |
... if "cipadmin" is in "admins" group |
OK |
4.4 |
... if cipadmin can login from console (not terminal) |
OK |
4.5 |
... if cipadmin can add a windows machines to a domain |
OK |
4.6 |
... if he can make image (t3) |
OK |
4.7 |
save valid machine account as LDIF in SVN |
|
5 |
Samba Users |
not accomplished |
5.1 |
add samba LDAP configuration cipux-samba.conf |
OK |
5.2 |
commit cipux-samba.conf to SVN |
not committed |
5.3 |
add 3 auto calc "if" to CipUX::Object::Action::Create |
work in progress |
5.4 |
commit CipUX::Object::Action::Create to SVN |
not committed |
5.10 |
Check if ... |
not done |
5.11 |
... samba user is created, if cipux-samba is installed |
not done |
5.12 |
... users are indentical to Skole execpt additional CipUX attr. |
not done |
5.13 |
... no samba user is creaed, if cipux-samba is not installed |
not done |
5.14 |
... id <LOGIN> works |
not done |
5.15 |
... login with such a user on a windows (within a domain) works |
not done |
6 |
Samba Groups |
not accomplished |
6.1 |
add samba LDAP configuration cipux-samba.conf (if any) |
OK |
6.2 |
find a solution for exporting created groups with samba |
not done |
6.10 |
Check if ... |
not done |
6.11 |
... samba group is created if cipux-samba is installed |
not done |
6.12 |
... groups are indentical to Skole execpt additional CipUX attr. |
not done |
6.13 |
... no samba group is creaed, if cipux-samba is not installed |
not done |
6.14 |
... group shows up in PAM |
not done |
6.15 |
... if samba group exists, it should be exported to users who are member of this group |
not done |
Todo for Future:
|
=> Fuer die Zukunft muss ein neues CipUX Object oder eine CipUX Object Erweiterung in den Konfigurations Dateien erstellt werden, mit der man diese Admin Groups anlegen kann. Im Moment koennen wir das hardgecoded lassen. |
|