Manual de Implementação do Serviço de Autenticação com openLDAP + SAMBA

Histórico de Versões

Versão Data Autor Descrição1.0 02/09/2008 Instalação LDAP

Página 2 de 22

1.Objetivos das Atividades

É objetivo deste documento será descrever os procedimentos necessários para implementação do serviço de autenticação openLDAP e um PDC SAMBA 3 para criar um mecanismos de single-sign-on para usuários Linux e Windows.

1.1. Premissas definidas para as Atividades

1. Serviço de DNS configurado;

Página 3 de 22

2.Detalhamento das Atividades Executadas

4.1. Procedimentos

2.1.1. Instalando o openLDAP

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

[root@miami ~]# yum install openldap-servers[root@miami ~]# yum install openldap-clients[root@miami ~]# yum --enablerepo=rpmforge install smbldap-tools

chown -R ldap /var/lib/ldap

cd /etc/openldap

cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

[root@miami openldap]# slappasswd -s @password@#

2.1.2. Arquivo /etc/openldap/ldap.conf

cat /etc/openldap/ldap.conf# O acesso ao seu servidor LDAP tem que ser resolvido sem usar LDAP.# De preferência coloque o IP ou tenha certeza que o DNS resolve o nome.host 127.0.0.1

# O nome distinto da base de procura.base dc=lps,dc=ufrj,dc=br

# A identificacao do root do Ldap, ou seja o "Root Password DN"# A senha deve ser armazenada no arquivo /etc/ldap.secret (mode 600)rootbinddn cn=root,dc=lps,dc=ufrj,dc=br

# Contexto para pesquisa no LDAP (RFC2307bis)# Nos usaremos ?sub (e nao o default ?one) porque separamos# sambaAccounts no ou=Computadores,dc=lps,dc=ufrj,dc=br# e usuarios em ou=Usuarios,dc=lps,dc=ufrj,dc=brnss_base_passwd dc=lps,dc=ufrj,dc=br?subnss_base_shadow dc=lps,dc=ufrj,dc=br?subnss_base_group ou=Grupos,dc=lps,dc=ufrj,dc=br?one

# Opcoes de segurancassl nopam_password crypt

URI ldap://127.0.0.1/BASE dc=lps,dc=ufrj,dc=brTLS_CACERTDIR /etc/openldap/cacerts

Página 4 de 22

2.1.3. Arquivo /etc/openldap/slapd.conf

cp /usr/share/doc/samba-3.0.25b/LDAP/samba.schema /etc/openldap/schema/

#cat /etc/openldap/slapd.conf## See slapd.conf(5) for details on configuration options.# This file should NOT be world readable.#include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/samba.schemainclude /etc/openldap/schema/misc.schema

# Allow LDAPv2 client connections. This is NOT the default.allow bind_v2

# Do not enable referrals until AFTER you have a working directory# service AND an understanding of referrals.#referral ldap://root.openldap.org

pidfile /var/run/openldap/slapd.pidargsfile /var/run/openldap/slapd.args

# Load dynamic backend modules:# modulepath /usr/lib/openldap# moduleload back_bdb.la# moduleload back_ldap.la# moduleload back_ldbm.la# moduleload back_passwd.la# moduleload back_shell.la

# The next three lines allow use of TLS for encrypting connections using a# dummy test certificate which you can generate by changing to# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on# slapd.pem so that the ldap user or group can read it. Your client software# may balk at self-signed certificates, however.# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt# TLSCertificateFile /etc/pki/tls/certs/slapd.pem# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

# Sample security restrictions# Require integrity protection (prevent hijacking)# Require 112-bit (3DES or better) encryption for updates# Require 63-bit encryption for simple bind# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:# Root DSE: allow anyone to read it# Subschema (sub)entry DSE: allow anyone to read it# Other DSEs:# Allow self write access# Allow authenticated users read access

Página 5 de 22

# Allow anonymous users to authenticate# Directives needed to implement policy:# access to dn.base="" by * read# access to dn.base="cn=Subschema" by * read# access to *# by self write# by users read# by anonymous auth## if no access controls are present, the default policy# allows anyone and everyone to read anything but restricts# updates to rootdn. (e.g., "access to * by * read")## rootdn can always read and write EVERYTHING!

access to attrs=sambaLMPassword,sambaNTPassword,userPassword,sambaPasswordHistory,sambaPwdLastSet by dn="cn=root,dc=lps,dc=ufrj,dc=br" write by anonymous auth by self write by * none

access to dn.base="" by * read

access to * by dn="cn=root,dc=lps,dc=ufrj,dc=br" write by * read

######################################################################## ldbm and/or bdb database definitions#######################################################################

database bdbsuffix "dc=lps,dc=ufrj,dc=br"rootdn "cn=root,dc=lps,dc=ufrj,dc=br"

# Cleartext passwords, especially for the rootdn, should# be avoided. See slappasswd(8) and slapd.conf(5) for details.# Use of strong authentication encouraged.# rootpw secret# rootpw {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND# should only be accessible by the slapd and slap tools.# Mode 700 recommended.directory /var/lib/ldap

# Indices to maintain for this databaseindex objectClass eq,presindex ou,cn,mail,surname,givenname eq,pres,subindex uidNumber,gidNumber,loginShell eq,presindex uid,memberUid eq,pres,subindex nisMapName,nisMapEntry eq,pres,sub

Página 6 de 22

# Replicas of this database#replogfile /var/lib/ldap/openldap-master-replog#replica host=ldap-1.example.com:389 starttls=critical# bindmethod=sasl saslmech=GSSAPI# authcId=host/ldap-master.example.com@EXAMPLE.COMrootpw {SSHA}B+bRzBJC+Mx/ZXyLLy0JwlP1uAML9RRU

#service ldap start

Checking configuration files for slapd: bdb_db_open: DB_CONFIG for suffix dc=lps,dc=ufrj,dc=br has changed.Performing database recovery to activate new settings.bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered.config file testing succeeded [ OK ]Starting slapd: [ OK ]

2.1.4. Criando a base inicial do LDAP e populando o banco de dados

# vi base.ldif

dn: dc=lps,dc=ufrj,dc=brdc: lpsobjectClass: topobjectClass: domain

dn: ou=usuarios,dc=lps,dc=ufrj,dc=brou: usuariosobjectClass: topobjectClass: organizationalUnit

dn: ou=computadores,dc=lps,dc=ufrj,dc=brou: computadoresobjectClass: topobjectClass: organizationalUnit

dn: ou=grupos,dc=lps,dc=ufrj,dc=brou: gruposobjectClass: topobjectClass: organizationalUnit

ldapadd -x -D cn=root,dc=lps,dc=ufrj,dc=br -W -f base.ldif

Página 7 de 22

2.1.5. Arquivo /etc/smbldap-tools/smbldap.conf

################################################################################ General Configuration###############################################################################

# Put your own SID. To obtain this number do: "net getlocalsid".# If not defined, parameter is taking from "net getlocalsid" returnSID="S-1-5-21-3041103067-508309359-3073237874"

# Domain name the Samba server is in charged.# If not defined, parameter is taking from smb.conf configuration file# Ex: sambaDomain="IDEALX-NT"sambaDomain="LPSUFRJ"

################################################################################ LDAP Configuration###############################################################################

# Notes: to use to dual ldap servers backend for Samba, you must patch# Samba with the dual-head patch from IDEALX. If not using this patch# just use the same server for slaveLDAP and masterLDAP.# Those two servers declarations can also be used when you have# . one master LDAP server where all writing operations must be done# . one slave LDAP server where all reading operations must be done# (typically a replication directory)

# Slave LDAP server# Ex: slaveLDAP=127.0.0.1# If not defined, parameter is set to "127.0.0.1"slaveLDAP="127.0.0.1"

# Slave LDAP port# If not defined, parameter is set to "389"slavePort="389"

# Master LDAP server: needed for write operations# Ex: masterLDAP=127.0.0.1# If not defined, parameter is set to "127.0.0.1"masterLDAP="127.0.0.1"

# Master LDAP port# If not defined, parameter is set to "389"#masterPort="389"masterPort="389"

# Use TLS for LDAP# If set to 1, this option will use start_tls for connection# (you should also used the port 389)# If not defined, parameter is set to "0"ldapTLS="0"

Página 8 de 22

# Use SSL for LDAP# If set to 1, this option will use SSL for connection# (standard port for ldaps is 636)# If not defined, parameter is set to "0"ldapSSL="0"

# How to verify the server's certificate (none, optional or require)# see "man Net::LDAP" in start_tls section for more detailsverify="require"

# CA certificate# see "man Net::LDAP" in start_tls section for more detailscafile="/etc/smbldap-tools/ca.pem"

# certificate to use to connect to the ldap server# see "man Net::LDAP" in start_tls section for more detailsclientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"

# key certificate to use to connect to the ldap server# see "man Net::LDAP" in start_tls section for more detailsclientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"

# LDAP Suffix# Ex: suffix=dc=IDEALX,dc=ORGsuffix="dc=lps,dc=ufrj,dc=br"

# Where are stored Users# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"# Warning: if 'suffix' is not set here, you must set the full dn for usersdnusersdn="ou=usuarios,${suffix}"

# Where are stored Computers# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"# Warning: if 'suffix' is not set here, you must set the full dn for computersdncomputersdn="ou=computadores,${suffix}"

# Where are stored Groups# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"# Warning: if 'suffix' is not set here, you must set the full dn for groupsdngroupsdn="ou=grupos,${suffix}"

# Where are stored Idmap entries (used if samba is a domain member server)# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"# Warning: if 'suffix' is not set here, you must set the full dn for idmapdnidmapdn="ou=Idmap,${suffix}"

# Where to store next uidNumber and gidNumber available for new users and groups# If not defined, entries are stored in sambaDomainName object.# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

# Default scope Usedscope="sub"

Página 9 de 22

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)hash_encrypt="SSHA"

# if hash_encrypt is set to CRYPT, you may set a salt format.# default is "%s", but many systems will generate MD5 hashed# passwords if you use "$1$%.8s". This parameter is optional!crypt_salt_format="%s"

################################################################################ Unix Accounts Configuration###############################################################################

# Login defs# Default Login Shell# Ex: userLoginShell="/bin/bash"userLoginShell="/bin/bash"

# Home directory# Ex: userHome="/home/%U"userHome="/home/%U"

# Default mode used for user homeDirectoryuserHomeDirectoryMode="700"

# GecosuserGecos="System User"

# Default User (POSIX and Samba) GIDdefaultUserGid="513"

# Default Computer (Samba) GIDdefaultComputerGid="515"

# Skel dirskeletonDir="/etc/skel"

# Default password validation time (time in days) Comment the next line if# you don't want password to be enable for defaultMaxPasswordAge days (be# careful to the sambaPwdMustChange attribute's value)defaultMaxPasswordAge="45"

################################################################################ SAMBA Configuration###############################################################################

# The UNC path to home drives location (%U username substitution)# Just set it to a null string if you want to use the smb.conf 'logon home'# directive and/or disable roaming profiles# Ex: userSmbHome="\\PDC-SMB3\%U"userSmbHome="\\LPSUFRJ\%U"

Página 10 de 22

# The UNC path to profiles locations (%U username substitution)# Just set it to a null string if you want to use the smb.conf 'logon path'# directive and/or disable roaming profiles# Ex: userProfile="\\PDC-SMB3\profiles\%U"userProfile="\\LPSUFRJ\profiles\%U"

# The default Home Drive Letter mapping# (will be automatically mapped at logon time if home directory exist)# Ex: userHomeDrive="H:"userHomeDrive="H:"

# The default user netlogon script name (%U username substitution)# if not used, will be automatically username.cmd# make sure script file is edited under dos# Ex: userScript="startup.cmd" # make sure script file is edited under dosuserScript="logon.bat"

# Domain appended to the users "mail"-attribute# when smbldap-useradd -M is used# Ex: mailDomain="idealx.com"mailDomain="lps.ufrj.br"

################################################################################ SMBLDAP-TOOLS Configuration (default are ok for a RedHat)###############################################################################

# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but# prefer Crypt::SmbHash librarywith_smbpasswd="0"smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)# but prefer Crypt:: librarieswith_slappasswd="0"slappasswd="/usr/sbin/slappasswd"

# comment out the following line to get rid of the default banner# no_banner="1"

Página 11 de 22

2.1.6. Arquivo /etc/smbldap-tools/smbldap_bind.conf

[root@miami /]# cat /etc/smbldap-tools/smbldap_bind.conf

############################# Credential Configuration ############################## Notes: you can specify two differents configuration if you use a# master ldap for writing access and a slave ldap server for reading access# By default, we will use the same DN (so it will work for standard Samba# release)slaveDN="cn=root,dc=lps,dc=ufrj,dc=br"slavePw="@password@#"masterDN="cn=root,dc=lps,dc=ufrj,dc=br"masterPw="@password@#"

2.1.7. Arquivo /etc/samba

[global] load printers = yes cups options = raw server string = PDC Server Version %v socket options = TCP_NODELAY workgroup = LPSUFRJ encrypt passwords = yes security = user passdb backend = tdbsam netbios name = LPS

; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24; hosts allow = 127. 192.168.

log file = /var/log/samba/%m.log max log size = 50 domain master = yes domain logons = yes

# the login script name depends on the machine name; logon script = %m.bat # the login script name depends on the unix user used; logon script = %u.bat; logon path = \\%L\Profiles\%u # disables profiles support by specifing an empty path; logon path =

local master = yes os level = 65 preferred master = yes

Página 12 de 22

# Configuracoes para o LDAP passdb backend = ldapsam:ldap://127.0.0.1 ldap passwd sync = yes ldap delete dn = Yes ldap admin dn = cn=root,dc=lps,dc=ufrj,dc=br ldap suffix = dc=lps,dc=ufrj,dc=br ldap machine suffix = ou=computadores ldap user suffix = ou=usuarios ldap group suffix = ou=grupos ldap idmap suffix = sambaDomainName=LPSUFRJ idmap backend = ldap:ldap://127.0.0.1 idmap uid = 10000-20000 idmap gid = 10000-20000 admin users = Administrator @"Domain Admins"

# Permitir que usuarios do grupo "Administradores do Dominio" possam ingressar maquinas# WinXP/Win2000 ao dominio samba# to the domain enable privileges = yes

# Scrips utilizados para Gerenciar Usuarios da M$ # adiconar/remover Usuarios add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" # adiconar/remover Grupos add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" # Scripts para adiconar/remover Usuarios nos Grupos add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" # Script para definir o grupo primario do usuario set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" # Script par adicionar maquina Win NT/XP ingressar no Dominio add machine script = /usr/sbin/smbldap-useradd -W "%u"

# Otimizacoes recomendadas em smb ports = 445 139 name resolve order = lmhosts host wins bcast utmp = Yes time server = Yes template shell = /bin/false winbind use default domain = no map acl inherit = Yes strict locking = Yes

# Como o cliente ira' se comunicar com o servidor socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# --------------------------- Filesystem Options ---------------------------## The following options can be uncommented if the filesystem supports

Página 13 de 22

# Extended Attributes and they are enabled (usually by the mount option# user_xattr). Thess options will let the admin store the DOS attributes# in an EA and make samba not mess with the permission bits.## Note: these options can also be set just per share, setting them in global# makes them the default for all shares

; map archive = no; map hidden = no; map read only = no; map system = no; store dos attributes = yes

#============================ Share Definitions =============================

[homes] comment = Home Directories browseable = no writable = yes valid users = %S; valid users = MYDOMAIN\%S

[printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon/scripts guest ok = yes writable = no share modes = no

# Un-comment the following to provide a specific roving profile share# the default is to use the user's home directory [Profiles] path = /var/lib/samba/profiles browseable = no guest ok = yes

# A publicly accessible directory, but read only, except for people in# the "staff" group; [public]; comment = Public Stuff; path = /home/samba; public = yes; writable = yes

Página 14 de 22

; printable = no; write list = +staff

2.1.8. Configurando cliente openLDAP

authconfig-tui

Página 15 de 22

#cat /etc/nsswitch.conf

## /etc/nsswitch.conf## An example Name Service Switch config file. This file should be# sorted with the most-used services at the beginning.## The entry '[NOTFOUND=return]' means that the search for an# entry should stop if the search in the previous entry turned# up nothing. Note that if the search failed due to some other reason# (like no NIS server responding) then the search continues with the# next entry.## Legal entries are:## nisplus or nis+ Use NIS+ (NIS version 3)# nis or yp Use NIS (NIS version 2), also called YP# dns Use DNS (Domain Name Service)# files Use the local files# db Use the local database (.db) files# compat Use NIS on compat mode# hesiod Use Hesiod for user lookups# [NOTFOUND=return] Stop searching if not found so far#

# To use db, put the "db" in front of "files" for entries you want to be# looked up first in the databases## Example:#passwd: db files nisplus nis#shadow: db files nisplus nis

Página 16 de 22

#group: db files nisplus nis

passwd: files ldapshadow: files ldapgroup: files ldap

#hosts: db files nisplus nis dnshosts: files dns

# Example - obey only what nisplus tells us...#services: nisplus [NOTFOUND=return] files#networks: nisplus [NOTFOUND=return] files#protocols: nisplus [NOTFOUND=return] files#rpc: nisplus [NOTFOUND=return] files#ethers: nisplus [NOTFOUND=return] files#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: filesnetmasks: filesnetworks: filesprotocols: filesrpc: filesservices: files

netgroup: files ldap

publickey: nisplus

automount: files ldapaliases: files nisplus

2.1.9. Configurando integração SAMBA + LDAP

a) Ativando senha do administrador SAMBA

smbpasswd -w @password@#

b) Populando a base de dados do PDC no LDAP

smbldap-populate -a root

c) Criando usuário e definindo a senha no ambiente LDAP + SAMBA

smbldap-useradd -a -m -F "" malvessmbldap-passwd malves

[root@miami etc]# id malves

uid=1123(malves) gid=513(Domain Users) groups=513(Domain Users)

Página 17 de 22

d) Atualizando os dados de um usuário

[root@miami etc]# smbldap-userinfo malvesChanging the user information for malvesEnter the new value, or press ENTER for the default User Shell [/bin/bash]: Full Name [Marcos Alves]: Room Number []: Work Phone []: Home Phone []: Other []:LDAP updated

e) Mostrando os dados do usuário

# smbldap-usershow malves

dn: uid=malves,ou=Usuarios,dc=lps,dc=ufrj,dc=brobjectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount,inetLocalMailRecipientuid: malvesuidNumber: 1123gidNumber: 513homeDirectory: /home/malvessambaLogonTime: 0sambaLogoffTime: 2147483647sambaKickoffTime: 2147483647sambaPwdCanChange: 0displayName: malvessambaSID: S-1-5-21-3041103067-508309359-3073237874-3246sambaLogonScript: logon.batsambaProfilePath: \\LPSUFRJ\profiles\malvessambaHomePath: \\LPSUFRJ\malvessambaPrimaryGroupSID: S-1-5-21-3041103067-508309359-3073237874-513sambaHomeDrive: H:mailLocalAddress: malvesmail: malves@lps.ufrj.brsambaLMPassword: 853CA1CD2A92A81D25AD3B83FA6627C7sambaAcctFlags: [U]sambaNTPassword: F6E7FA906A0E97AF28D99556ABCFDF3CsambaPwdLastSet: 1220370854sambaPwdMustChange: 1224258854userPassword: {SSHA}//+QUqI5FZP/zWVukct0FSM5r59MYlhwshadowLastChange: 14124shadowMax: 45gecos: Marcos Alves,,,,cn: Marcos Alvessn: AlvesgivenName: MarcosloginShell: /bin/bash

Página 18 de 22

f) Testando o cliente no Samba/LDAP

[root@miami etc]# smbclient -L //LPS/home/malves --user=malvesPassword:

Domain=[LPSUFRJ] OS=[Unix] Server=[Samba 3.0.28-1.el5_2.1]

Sharename Type Comment --------- ---- ------- netlogon Disk Network Logon Service IPC$ IPC IPC Service (PDC Server Version 3.0.28-1.el5_2.1) malves Disk Home DirectoriesDomain=[LPSUFRJ] OS=[Unix] Server=[Samba 3.0.28-1.el5_2.1]

Server Comment --------- ------- LPS PDC Server Version 3.0.28-1.el5_2.1

Workgroup Master --------- ------- GRUPO ITACA LPS2 GRENOBLE LPSUFRJ LPS WORKGROUP MONACO

smbclient -L LPS -U%

Domain=[LPSUFRJ] OS=[Unix] Server=[Samba 3.0.28-1.el5_2.1]

Sharename Type Comment --------- ---- ------- netlogon Disk Network Logon Service IPC$ IPC IPC Service (PDC Server Version 3.0.28-1.el5_2.1)Domain=[LPSUFRJ] OS=[Unix] Server=[Samba 3.0.28-1.el5_2.1]

Server Comment --------- ------- LPS PDC Server Version 3.0.28-1.el5_2.1

Workgroup Master --------- ------- GRUPO ITACA LPS2 GRENOBLE LPSUFRJ LPS WORKGROUP MONACO

Página 19 de 22

g) Criando uma máquina Windows no Samba+LDAP

smbldap-useradd -W barbacena

2.1.10. Script para administração de usuários

[root@miami etc]# cat /root/cria-user.sh#!/bin/bashclear

while true do

clearecho -e "****************************************"echo -e "** Cadastro LDAP+SAMBA **"echo -e "** by Marcos Pitanga **"echo -e "** **"echo -e "** 1 - Cria usuario **"echo -e "** 2 - Cria maquina **"echo -e "** 3 - Apaga usuario **"echo -e "** 4 - Alterar senha **"echo -e "** 5 - Cria grupo **"echo -e "** 6 - Remove Grupo **"echo -e "** 7 - Sair **"echo -e "*****************************************"

read opcao

case "$opcao" in

1) echo -e "Digite o usuario: " read usuario echo -e "Digite o nome completo do usuario: " read nome smbldap-useradd -a -m -M $usuario -c "$nome" $usuario echo "Cadastro efetuado com sucesso!!!" sleep 2 ;;

2) echo -e "Digite o nome da estacao Windows " read maquina smbldap-useradd -W $maquina echo "Maquina inserida com sucesso!!!" sleep 2

;;

3) echo -e "Digite o nome do usuario/maquina para apagar" read user smbldap-userdel -r $user sleep 2 ;;

Página 20 de 22

4) echo -e "Digite o usuario: " read usuario smbldap-passwd $usuario sleep 2 ;;

5) echo -e "Digite o nome do grupo: " read grupo smbldap-groupadd -a $grupo sleep 2 ;; 6) echo -e "Digite o nome do grupo a ser removido: " read grupo smbldap-groupdel $grupo sleep 2 ;;

7) echo "Ate logo ......." exit ;;

*) echo "Somente sao validas opcoes 1, 2, 3, 4 e 5 " sleep 2 ;;

esacdoneexit

Página 21 de 22

2.1.11. Ferramenta de Administração Gráfica sobre Windows LDAP Admin

Página 22 de 22