Hallo Holger,
Bitte änder mal die
---
im Feld hinter dem Nutzernamen auf
erstpw
und mach dann ein
sophomorix-check
habe ich gemacht, lief ohne Fehler durch.
Dann: neues Passwort (und Erstpasswort) über Schulkonsole gesetzt, an Ubuntu-Client
angemeldet, abgemeldet, beim erneuten Anmelden ist das Passwort nicht mehr gültig
(Kontrolle über Schulkonsole: Erstpasswort hat jetzt wieder 24 Zeichen).
ihr habt von der 5.1 auf die 6.1 migriert: das Problem besteht aber erst
seit ca. 2 Monaten nach einem update des Servers?
Genau, ich kann mir dieses Phänomen nur mit einem Update des Servers erklären
Bitte schick mal die /etc/samba/smb.conf und die
/etc/sophomorix/user/sophomorix.conf
Folgen im Anschluss.
Viele Grüße
Jürgen
/etc/samba/smb.conf
##### Do not change this file! It will be overwritten!
##### This configuration file was automatically created by linuxmuster-base!
##### Last Modification: Di 24. Feb 21:27:29 CET 2015
#
############################################################
# Include your own stuff in the following files:
# global stuff: /etc/samba/smb.conf.global
# custom shares: /etc/samba/smb.conf.shares
#
# tschm...@linuxmuster.net
# 14.12.2013
############################################################
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = SCHULE
# server string is the equivalent of the NT Description field
# server string = Linux %h mit Samba %v
server string = Samba %v on (%L)
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host names
# to IP addresses
; name resolve order = lmhosts host wins bcast
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
log level = 0
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
; syslog only = no
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc
# package for details.
; security = user
# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true
ldap ssl = Off
ldap replication sleep = 5000
ldap admin dn = cn=admin,dc=paedml-linux,dc=lokal
ldap suffix = dc=paedml-linux,dc=lokal
ldap group suffix = ou=groups
ldap user suffix = ou=accounts
ldap machine suffix = ou=machines
passdb backend = ldapsam:ldap://localhost
obey pam restrictions = no
guest account = nobody
# username map = /etc/samba/username.map
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
; unix password sync = yes
# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Augustin Luton <alu...@hybrigenics.fr> for
# sending the correct chat script for the passwd program in Debian Potato).
passwd program = /usr/sbin/sophomorix-passwd --interactive --user %u
passwd chat = *New*password*:* %n\n *Retype*new*password*:* %n\n
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
; pam password change = no
########## Printing ##########
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = no
# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap
# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
printing = cups
printcap name = cups
# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
# printer admin = root
######## File sharing ########
# Name mangling options
; preserve case = yes
; short preserve case = yes
#### linuxmuster settings ####
# interfaces = 10.16.1.1/255.240.0.0 127.0.0.1/255.0.0.0
domain logons = Yes
admin users = domadmin
unix charset = UTF8
dos charset =
logon script = login.bat
time server = Yes
logon path =
logon home = \\%L\%u
use sendfile = No
os level = 99
wide links = No
# server side cifs configuration
unix extensions = yes
map archive = No
delete readonly = Yes
case sensitive = auto
mangled names = no
# fix for #56 & #64
winbind enum users = yes
winbind enum groups = yes
unix password sync = no
ldap passwd sync = No
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
domain master = Yes
# enable hostname lookups, for example when using smbstatus
hostname lookups = Yes
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
# including your own global configuration
include = /etc/samba/smb.conf.global
#======================= Share Definitions =======================
[homes]
comment = Heimatverzeichnis
browseable = no
# administrator is able to do housekeeping
admin users = administrator
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
writable = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
# create mode = 2644
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
# directory mode = 2755
# linuxmuster settings
path = %H
valid users = %S
root preexec = samba-userlog --log=in --username=%U --hostname=%I
--homedir=%H
root postexec = samba-userlog --log=out --username=%U --hostname=%I
--homedir=%H
veto files = /.locked/.htaccess/
delete veto files = no
hide files = /$RECYCLE.BIN/desktop.ini/
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
hide unreadable = Yes
force create mode = 664
write list = @domadmins
force group = domadmins
#[printers]
# comment = All Printers
# browseable = no
# path = /tmp
# printable = yes
# public = no
# writable = no
# create mode = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
#[print$]
# comment = Printer Drivers
# path = /var/lib/samba/printers
# browseable = yes
# read only = yes
# guest ok = no
# force group = printoperators
# create mask = 664
# directory mode = 775
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
# write list = @ntadmin
[pgm]
comment = Programme
path = /home/samba/progs
writable = no
write list = @domadmins
force group = domadmins
force create mode = 664
force directory mode = 775
guest ok = Yes
[cdrom]
comment = CDs
path = /home/samba/cds
force group = domadmins
force create mode = 664
force directory mode = 775
write list = @domadmins
writable = no
guest ok = Yes
[linbo-repo]
comment = LINBO Images
path = /var/linbo
wide links = yes
write list = administrator,linbo
valid users = administrator,linbo
admin users = administrator,linbo
writable = no
guest ok = no
# following shares are only used by linux clients
[students]
comment = Schülerverzeichnisse
path = /home/students
writeable = no
write list = administrator,@teachers
valid users = administrator,@teachers
admin users = administrator
browseable = No
guest ok = No
[shares]
comment = Tauschen
admin users = administrator
path = /home/share
inherit acls = Yes
hide unreadable = Yes
writeable = Yes
guest ok = No
hide files = /classes/desktop.ini/exams/projects/school/subclasses/teachers/
force create mode = 2644
force directory mode = 2755
[tasks]
comment = Vorlagen
path = /var/cache/sophomorix/tasks
writeable = no
write list = administrator,@teachers
admin users = administrator
inherit acls = Yes
hide unreadable = Yes
hide files = /classes/desktop.ini/projects/rooms/subclasses/teachers/
browseable = No
guest ok = No
[backup]
comment = Backups
path = /media/backup
valid users = administrator
browseable = No
guest ok = No
# including your own share definitions
include = /etc/samba/smb.conf.shares
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
/etc/sophomorix/user/sophomorix.conf
# Hey, EMACS: -*- perl -*-
# $Id: sophomorix.conf,v 1.27 2007-02-05 23:27:27 jeffbeck Exp $
# Dies ist die globale Konfigurationsdatei für die
# Benutzerverwaltung sophomorix
# Diese Konfigurationsdatei muss in Perl-Syntax angelegt sein
# Wenn sie kein perl können nutzen Sie die auskommentierten
# Beispiele (Kommentarzeichen: #)
# Es sind für alle Werte sinnvolle Standardeinstellungen vergeben
#############################################################################
# Beginn
#############################################################################
# Hier bitte anstelle von Schule den Schulnamen eingeben
# Beispiel:
#$schul_name="Berufliches Schulzentrum Leonberg";
$schul_name="Schulzentrum Neckartenzlingen";
# Vor-Filterung
#############################################################################
# by default ($filter_script="") schueler.txt is copied from
# /etc/sophomorix/user/schueler.txt
# to
# /var/lib/sophomorix/tmp/schueler.txt.tmp
#
# if you specify a script in the following variable, then INSTEAD of
# copying this script will be run. Use this to modify schueler.txt
# to fit sophomorix
$filter_script="";
# Zulässige Datensätze angeben
#############################################################################
# Geben Sie einen Bereich für zulässige Schüler-Geburtsjahre an
# Standard:
$geburts_jahreszahl_start=1950;
$geburts_jahreszahl_stop = 2020;
# Werden folgende Schülerzahlen pro Klasse erreicht, bzw. überschritten/
# unterschritten, so erfolgt eine Warnung in report.admin.
# Die Schüler werden jedoch trotzdem angelegt (Nur eine Warnung)
$mindest_schueler_anzahl_pro_klasse=2;
$maximale_schueler_anzahl_pro_klasse=33;
# In Splan gibt es Klassen, die mit einem * beginnen (zukünftige Klassen)
# Sollen diese Sternchenklassen in die Datei report.splan ausgefiltert werden?
$splan_sternchenklassen_filtern="yes";
# Login-Name-Erzeugung
#############################################################################
# Schüler
# Zeichenanzahl Nachnamen, die zur Login-Namen-Erzeugung verwendet werden
$schueler_login_nachname_zeichen=6;
# Zeichenanzahl Vornamen, die angehängt werden
$schueler_login_vorname_zeichen=2;
# Passwort-Erzeugung
#############################################################################
# Schüler
# Für Schüler zufällige Passwörter erzeugen (yes), oder "linux"(no):
$schueler_zufall_passwort="yes";
# Anzahl der Zeichen für zufällige Passwörter (Schüler)
$zufall_passwort_anzahl_schueler=6;
# Einloggen der Schüler per ssh ermöglichen
# (yes -> /bin/bash) oder unterbinden (no -> /bin/false)
$schueler_per_ssh="yes";
# must a student change the password after first login
$student_samba_pw_must_change = 'no';
# Lehrer
# Für Lehrer zufällige Passwörter erzeugen (yes), oder "linux"(no):
$lehrer_zufall_passwort="yes";
# Anzahl der Zeichen für zufällige Passwörter (Lehrer)
$zufall_passwort_anzahl_lehrer=6;
# Einloggen der Lehrer per ssh ermöglichen
# (yes -> /bin/bash) oder unterbinden (no -> /bin/false)
$lehrer_per_ssh="yes";
# must a teacher change the password after first login
$teacher_samba_pw_must_change = 'no';
# Loeschvorgang der User
#############################################################################
# wieviele Tage sollen die User geduldet werden, bevor sie deaktiviert werden
$lehrer_duldung_tage=60;
$schueler_duldung_tage=15;
# wieviele Tage sollen die User deaktiviert werden, bevor sie löschbar werden
$lehrer_deaktivierung_tage=90;
$schueler_deaktivierung_tage=30;
# Mail
#############################################################################
# WENN Mail aliases erzeugt werden, wie sehen die aus
# Moegliche Angaben:
# 1) vorname.nachname
# 2) vorname_nachname
$mail_aliases="vorname.nachname";
# switch all mailquota warnings on(=yes)/off(=no)?
$mailquota_warnings="yes";
# when mailquota that is left is less than x percent, sent warning
$mailquota_warn_percentage=5;
# when mailquota that is left is less than y kb, sent warning
$mailquota_warn_kb=500;
# send 'mailquota full 100%' if mailquota
$mailquota_warnings_root="yes";
# Logging
#############################################################################
# Standard Log-Level (wird später per Option (-v, -vv) eingestellt)
# 1: Minimale Ausgabe
# 2: Mittlere
# 3. Maximale Ausgabe
$log_level=1;
# Quota
#############################################################################
# Wollen Sie Quota auf ihrem Server nutzen?
# Wenn hier nicht 'yes' steht sind alle folenden Einstellungen egal
$use_quota="yes";
# Standardmässig werden automatisch die Quotierten Dateisysteme aus
# /etc/mtab in der dortigen Reihenfolge ermittelt und verwendet.
@quota_filesystems =("auto");
# Wünschen Sie eine andere Reihenfolge, können sie die Quotierten Filesysteme
# hier angeben (besser wäre es, die Reihenfolge in /etc/fstab zu beeinflussen)
# Sie müssen wissen, was Sie tun!!
#@quota_filesystems = ("/dev/hda1", "/dev/hda8", "/dev/sda4");
#
# The following is for international users. German users should not modify this
#
# Language (this is highly experimental,
# please tell me if you want to use this)
# Supported: de, en
###############################################################################
$lang="de";
# The name of the teacher group in teacher.txt
$teacher_group_name="lehrer";
###############################################################################
_______________________________________________
linuxmuster-user mailing list
linuxmuster-user@lists.linuxmuster.net
https://mail.lehrerpost.de/mailman/listinfo/linuxmuster-user