control: AddInstallable = ( samba samba_reload netatalk netatalk_reload lprng lprng_reload cups cups_reload ) # # Variables for shares # You can change the paths here and it will be changed both in # the conf file and in the filesystem - But once it is implemented, # it is not wise to change it - the data in the shares doesn't get # moved! # You can change the rights on the shares in the "directories:" # section. # netlogshare = ( /etc/samba/netlogon ) commonsharedir = ( /home/fsadmin/COMMON ) datashare = ( /home/fsadmin/COMMON/documents ) softshare = ( /home/fsadmin/COMMON/software ) profshare = ( /home/fsadmin/COMMON/samba/userprofiles ) printdir = ( /var/spool/lpd/sharedprinter ) privpcshare = ( .pcshare ) privmacshare = ( .macshare ) privxchngshare = ( .xchangeshare ) # # Administrative user and group # adminuser = ( fsadmin ) admingrp = ( fsadmin ) # # Determine if this is a samba server, netatalk server or both, and define # classes based on that. # classes: samba = ( `/usr/bin/test -x /usr/sbin/smbd` ) netatalk = ( `/usr/bin/test -x /usr/sbin/afpd` ) # # Determine which print system is in use, and define classes based on that. # We only support lprng and cups # lprng = ( `/usr/bin/test -x /usr/sbin/lpd` ) cups = ( `/usr/bin/test -x /usr/sbin/cupsd` ) editfiles: samba:: # # Samba configuration stuff. # { /etc/samba/smb.conf # # Global stuff # # Remove share declarations from main smb.conf. It is split # up in the following files: # - smb.conf # - smb-shares-COMMON.conf # - smb-shares-$(site).conf # - smb-printers.conf # # DeleteLinesAfterThisMatching "^\[homes\]$(n)*.*" # ResetSearch "1" # CatchAbort # ResetSearch "1" # # Append the include lines for the files decribed above # AppendIfNoSuchLine "include = /etc/samba/smb-shares-COMMON.conf" AppendIfNoSuchLine "include = /etc/samba/smb-printers.conf" BeginGroupIfFileExists "/etc/local-COMMON/samba/smb-shares-$(site).conf" AppendIfNoSuchLine "include = /etc/samba/smb-shares-$(site).conf" EndGroup ResetSearch "1" # # workgroup = $(site) # LocateLineMatching "^[;[:blank:]]*workgroup[[:blank:]]*=.*" BeginGroupIfNoLineMatching '^[[:blank:]]*workgroup[[:blank:]]*=[[:blank:]]*$(site)[[:blank:]]*' ReplaceLineWith ' workgroup = $(site)' EndGroup CatchAbort BeginGroupIfNoMatch '^[[:blank:]]*workgroup[[:blank:]]*=[[:blank:]]*$(site)[[:blank:]]*' InsertLine ' workgroup = $(site)' EndGroup # # wins support = yes # LocateLineMatching "^[;[:blank:]]*wins support[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*wins support[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" ReplaceLineWith ' wins support = yes' EndGroup CatchAbort BeginGroupIfNoMatch "^[[:blank:]]*wins support[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" InsertLine ' wins support = yes' EndGroup # # os level = 65 # LocateLineMatching "^[;[:blank:]]*os level[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*os level[[:blank:]]*=[[:blank:]]*65[[:blank:]]*" ReplaceLineWith ' os level = 65' EndGroup CatchAbort BeginGroupIfNoMatch "^[[:blank:]]*os level[[:blank:]]*=[[:blank:]]*65[[:blank:]]*" InsertLine ' os level = 65' EndGroup # # domain master = yes # LocateLineMatching "^[;[:blank:]]*domain master[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*domain master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" ReplaceLineWith ' domain master = yes' EndGroup CatchAbort BeginGroupIfNoMatch "^[[:blank:]]*domain master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" InsertLine ' domain master = yes' EndGroup # # local master = yes # LocateLineMatching "^[;[:blank:]]*local master[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*local master[[:blank:]]*=[[:blank:]]*yes" ReplaceLineWith ' local master = yes' EndGroup CatchAbort BeginGroupIfNoMatch "^[[:blank:]]*local master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" InsertLine ' local master = yes' EndGroup # # logon drive = U: # LocateLineMatching "^[;[:blank:]]*logon drive[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*logon drive[[:blank:]]*=[[:blank:]]*U:[[:blank:]]*" ReplaceLineWith ' logon drive = U:' EndGroup CatchAbort BeginGroupIfNoMatch "^[[:blank:]]*logon drive[[:blank:]]*=[[:blank:]]*U:[[:blank:]]*" InsertLine ' logon drive = U:' EndGroup # # logon script = common.bat # LocateLineMatching "^[;[:blank:]]*logon script[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*logon script[[:blank:]]*=[[:blank:]]*common.bat[[:blank:]]*" ReplaceLineWith ' logon script = common.bat' EndGroup CatchAbort BeginGroupIfNoMatch "^[[:blank:]]*logon script[[:blank:]]*=[[:blank:]]*common.bat[[:blank:]]*" InsertLine ' logon script = common.bat' EndGroup # # domain logons = yes # LocateLineMatching "^[;[:blank:]]*domain logons[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*domain logons[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" ReplaceLineWith ' domain logons = yes' EndGroup CatchAbort BeginGroupIfNoMatch "^[[:blank:]]*domain logons[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" InsertLine ' domain logons = yes' EndGroup # # logon path = \\%N\USERPROFILES\%U # LocateLineMatching "^[;[:blank:]]*logon path[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*logon path[[:blank:]]*=[[:blank:]]*[\\][\\]%N[\\]USERPROFILES[\\]%U[[:blank:]]*" ReplaceLineWith ' logon path = \\%N\USERPROFILES\%U' EndGroup CatchAbort BeginGroupIfNoMatch "^[[:blank:]]*logon path[[:blank:]]*=[[:blank:]]*[\\][\\]%N[\\]USERPROFILES[\\]%U[[:blank:]]*" InsertLine ' logon path = \\%N\USERPROFILES\%U' EndGroup # # preferred master = yes # LocateLineMatching "^[;[:blank:]]*preferred master[[:blank:]]*=.*" BeginGroupIfNoLineMatching "^[[:blank:]]*preferred master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" ReplaceLineWith ' preferred master = yes' EndGroup CatchAbort BeginGroupIfNoMatch "^[[:blank:]]*preferred master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" InsertLine ' preferred master = yes' EndGroup DefineClasses "samba_reload" } { /etc/samba/smb-shares-COMMON.conf # # This file contains all the shares common to all installations. # We check if the proper sections are there and add them if they # isn't. We don't check the file line for line. # AutoCreate # # [netlogon] # BeginGroupIfNoLineMatching "^\[netlogon\]" Append '[netlogon]' Append ' comment = Network logon' Append ' path = $(netlogshare)' Append ' browsable = no' Append ' writeable = no' Append ' share modes = no' EndGroup # # [userprofiles] # BeginGroupIfNoLineMatching "^\[userprofiles\]" Append '[userprofiles]' Append ' path = $(profshare)' Append ' force user = %u' Append ' writable = yes' Append ' browsable = no' Append ' root preexec = /bin/mkdir $(profshare)/%U \' Append ' /bin/chown %U $(profshare)/%U \' Append ' /bin/chmod 700 $(profshare)/%U' EndGroup # # [homes] # BeginGroupIfNoLineMatching "^\[homes\]" Append '[homes]' Append ' path = /home/%u/$(privpcshare)' Append ' browsable = no' Append ' root preexec = /bin/mkdir /home/%u/$(privpcshare) \' Append ' /bin/chown %U /home/%u/$(privpcshare) \' Append ' /bin/chmod 644 /home/%u/$(privpcshare)' EndGroup # # [programmer] # BeginGroupIfNoLineMatching "^\[software\]" Append '[software]' Append ' path = $(softshare)' Append ' comment = Fælles software' Append ' browsable = yes' Append ' guest ok = no' Append ' writeable = yes' Append ' valid users = @$(admingrp)' Append ' force group = +$(admingrp)' EndGroup # # [dokumenter] # BeginGroupIfNoLineMatching "^\[dokumenter\]" Append '[dokumenter]' Append ' path = $(datashare)' Append ' comment = Fælles dokumenter' Append ' browsable = yes' Append ' guest ok = no' Append ' writeable = yes' Append ' valid users = @$(admingrp)' Append ' force group = +$(admingrp)' EndGroup DefineClasses "samba_reload" } # # Local shares special for the site. # In this file you can define special shares that you need # { /etc/samba/smb-shares-$(site).conf # # We don't make this file dynamically, but instead we copy the contents # of a master file, but only if it's newer than the one installed. # AutoCreate BeginGroupIfFileIsNewer "/etc/local-COMMON/samba/smb-shares-$(site).conf" EmptyEntireFilePlease InsertFile "/etc/local-COMMON/samba/smb-shares-$(site).conf" Append "; Edited by cfengine $(date)" EndGroup DefineClasses "samba_reload" } { /etc/samba/smb-printers.conf # # This file contains all the printers defined in the Linux printing # system. There shouldn't be any need for setting up additional # printer entries. Manage the printers through the Linux print # system you have installed - cups or lprng. # We check if the proper sections are there and add them if they # isn't. We don't check the file line for line. # AutoCreate # # [printers] # BeginGroupIfNoLineMatching "^\[printers\]" Append '[printers]' Append ' comment = %S printer' Append ' path = $(printdir)' Append ' print command = /usr/bin/lpr -h %s' Append ' lprm command = /usr/bin/lprm -P%S %j' Append ' public = yes' Append ' printable = yes' EndGroup } # # Batch file for mounting shares automatically # { /etc/samba/netlogon/common.bat # # We don't make this file dynamically, but instead we copy the contents # of a master file, but only if it's newer than the one installed. # BeginGroupIfFileIsNewer "/etc/local-COMMON/samba/netlogon/common.bat" AutoCreate EmptyEntireFilePlease InsertFile "/etc/local-COMMON/samba/netlogon/common.bat" Append "rem Edited by cfengine $(date)" EndGroup DefineClasses "samba_reload" } lprng:: { /etc/samba/smb.conf # # printing = lprng # ResetSearch "1" LocateLineMatching "^[;[:blank:]]*printing[[:blank:]]*=.*" BeginGroupIfNoLineMatching '^[[:blank:]]*printing[[:blank:]]*=[[:blank:]]*lprng[[:blank:]]*' ReplaceLineWith ' printing = lprng' EndGroup CatchAbort BeginGroupIfNoMatch '^[[:blank:]]*printing[[:blank:]]*=[[:blank:]]*lprng[[:blank:]]*' InsertLine ' printing = lprng' EndGroup DefineClasses "samba_reload" } # # Printer configuration stuff # { /etc/printcap # # We don't make the printcap dynamically, but instead we copy the contents # of a master file, but only if it's newer than the one installed. # BeginGroupIfFileIsNewer "/etc/local-COMMON/printcap.$(site)" EmptyEntireFilePlease InsertFile "/etc/local-COMMON/printcap.$(site)" Append "# Edited by cfengine $(date)" EndGroup DefineClasses "lprng_reload" } samba_reload:: { /etc/samba/smb.conf LocateLineMatching "^; EDITED BY CFENGINE .*" ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)' CatchAbort BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*" Append '; EDITED BY CFENGINE $(date)' EndGroup } { /etc/samba/smb-shares-COMMON.conf LocateLineMatching "^; EDITED BY CFENGINE .*" ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)' CatchAbort BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*" Append '; EDITED BY CFENGINE $(date)' EndGroup } { /etc/samba/smb-shares-$(site).conf LocateLineMatching "^; EDITED BY CFENGINE .*" ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)' CatchAbort BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*" Append '; EDITED BY CFENGINE $(date)' EndGroup } { /etc/samba/smb-printers.conf LocateLineMatching "^; EDITED BY CFENGINE .*" ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)' CatchAbort BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*" Append '; EDITED BY CFENGINE $(date)' EndGroup } directories: any:: $(commonsharedir) mode=755 owner=$(adminuser) group=$(admingrp) $(softshare) mode=775 owner=$(adminuser) group=$(admingrp) $(datashare) mode=775 owner=$(adminuser) group=$(admingrp) samba:: $(netlogshare) mode=755 owner=root group=root $(profshare) mode=775 owner=$(adminuser) group=$(admingrp) $(printdir) mode=775 owner=root group=root processes: "smbd" restart "/etc/init.d/samba restart" "afpd" restart "/etc/init.d/netatalk restart" shellcommands: samba_reload:: "/etc/init.d/samba force-reload" netatalk_reload:: "/etc/init.d/netatalk force-reload" lprng_reload:: "/etc/init.d/lprng force-reload" cups_reload:: "/etc/init.d/cups force-reload"