_("Your account"))); dual_begin(array()); print("

" . _("Home") . " / " . _("Your account") . "

\n"); print("

" . _("You have not authenticated yourself to the system yet with your") . " " . _("username") . " " . _("and") . " " . _("password") . ". " . _("You will not be able to use this section of the website without authenticating yourself first. So, please continue and login using the form on the right hand side.") . "

\n"); dual_middle(array()); show_account_details(array()); dual_end(array()); generic_footer(array()); exit; } $serverstring = ""; $netbiosname = ""; $winsserver = ""; $ldapidmapserver = ""; $ldapidmapsuffix = ""; $homesvolume_vg = ""; $homesvolume_lv = ""; $homesvolume_mountpoint = ""; $encryptedpasswords = 1; function smb_startelement($parser, $name, $attrs) { global $serverstring; global $netbiosname; global $winsserver; global $ldapidmapserver; global $ldapidmapsuffix; global $homesvolume_vg; global $homesvolume_lv; global $homesvolume_mountpoint; global $encryptedpasswords; if ($name == "SERVERSTRING") $serverstring = $attrs["VALUE"]; else if ($name == "NETBIOSNAME") $netbiosname = $attrs["VALUE"]; else if ($name == "WINSSERVER") $winsserver = $attrs["VALUE"]; else if ($name == "LDAPIDMAPSERVER") $ldapidmapserver = $attrs["VALUE"]; else if ($name == "LDAPIDMAPSUFFIX") $ldapidmapsuffix = $attrs["VALUE"]; else if ($name == "HOMESVOLUME") { $homesvolume_vg = $attrs["VG"]; $homesvolume_lv = $attrs["LV"]; $homesvolume_mountpoint = $attrs["MOUNTPOINT"]; } else if ($name == "ENCRYPTEDPASSWORDS") $encryptedpasswords = ($attrs["VALUE"] == "on"); } function smb_endelement($parser, $name) { } $smb_parser = xml_parser_create(); xml_set_element_handler($smb_parser, "smb_startelement", "smb_endelement"); $smb_fp = fopen("/opt/openfiler/etc/smb_settings.xml", "r"); while ($smb_data = fread($smb_fp, 4096)) xml_parse($smb_parser, $smb_data, feof($smb_fp)); fclose($smb_fp); xml_parser_free($smb_parser); if (count($HTTP_POST_VARS) > 0) { $fp = popen("/usr/bin/sudo /usr/bin/tee /opt/openfiler/etc/smb_settings.xml", "w"); fputs($fp, "\n"); fputs($fp, "\n"); fputs($fp, "\t\n"); fputs($fp, "\t\n"); fputs($fp, "\t\n"); fputs($fp, "\t\n"); fputs($fp, "\t\n"); fputs($fp, "\t\n"); fputs($fp, "\t\n"); fputs($fp, "\n"); pclose($fp); $authconfigcommand = "/usr/bin/sudo /usr/sbin/authconfig --kickstart --disablecache"; if (strlen($HTTP_POST_VARS["usenis"]) > 0) { if (strcasecmp($HTTP_POST_VARS["usenis"], "on") == 0) $authconfigcommand .= " --enablenis --nisdomain=\"" . $HTTP_POST_VARS["nisdomain"] . "\" --nisserver=\"" . $HTTP_POST_VARS["nisserver"] . "\""; } else $authconfigcommand .= " --disablenis"; if (strlen($HTTP_POST_VARS["useldap"]) > 0) { if (strcasecmp($HTTP_POST_VARS["useldap"], "on") == 0) $authconfigcommand .= " --enableldap --ldapserver=\"" . $HTTP_POST_VARS["ldapserver"] . "\" --ldapbasedn=\"" . $HTTP_POST_VARS["ldapbasedn"] . "\" --ldapbinddn=\"" . $HTTP_POST_VARS["ldapbinddn"] . "\" --ldapbindpw=\"" . $HTTP_POST_VARS["ldapbindpw"] . "\" --ldaprootbinddn=\"" . $HTTP_POST_VARS["ldaprootbinddn"] . "\" --ldaprootbindpw=\"" . $HTTP_POST_VARS["ldaprootbindpw"] . "\""; } else $authconfigcommand .= " --disableldap"; if (strlen($HTTP_POST_VARS["ldaptls"]) > 0) { if (strcasecmp($HTTP_POST_VARS["ldaptls"], "on") == 0) $authconfigcommand .= " --enableldaptls"; } else $authconfigcommand .= " --disableldaptls"; if (strlen($HTTP_POST_VARS["useldapauth"]) > 0) { if (strcasecmp($HTTP_POST_VARS["useldapauth"], "on") == 0) $authconfigcommand .= " --enableldapauth"; } else $authconfigcommand .= " --disableldapauth"; if (strlen($HTTP_POST_VARS["usehesiod"]) > 0) { if (strcasecmp($HTTP_POST_VARS["usehesiod"], "on") == 0) $authconfigcommand .= " --enablehesiod --hesiodlhs=\"" . $HTTP_POST_VARS["hesiodlhs"] . "\" --hesiodrhs=\"" . $HTTP_POST_VARS["hesiodrhs"] . "\""; } else $authconfigcommand .= " --disablehesiod"; if (strlen($HTTP_POST_VARS["usewinbind"]) > 0) { if (strcasecmp($HTTP_POST_VARS["usewinbind"], "on") == 0) $authconfigcommand .= " --enablewinbind --winbindseparator=+ --winbindtemplateshell=/sbin/nologin --smbsecurity=" . $HTTP_POST_VARS["winbindtype"] . " --smbservers=\"" . $HTTP_POST_VARS["winbindcontrollers"] . "\" --smbrealm=\"" . $HTTP_POST_VARS["winbindrealm"] . "\" --smbworkgroup=\"" . $HTTP_POST_VARS["winbinddomain"] . "\" --smbidmapuid=\"" . $HTTP_POST_VARS["winbinduidrange"] . "\" --smbidmapgid=\"" . $HTTP_POST_VARS["winbindgidrange"] . "\""; } else $authconfigcommand .= " --disablewinbind"; if (strlen($HTTP_POST_VARS["useshadow"]) > 0) { if (strcasecmp($HTTP_POST_VARS["useshadow"], "on") == 0) $authconfigcommand .= " --enableshadow"; } else $authconfigcommand .= " --disableshadow"; if (strlen($HTTP_POST_VARS["usemd5"]) > 0) { if (strcasecmp($HTTP_POST_VARS["usemd5"], "on") == 0) $authconfigcommand .= " --enablemd5"; } else $authconfigcommand .= " --disablemd5"; if (strlen($HTTP_POST_VARS["usekerberos"]) > 0) { if (strcasecmp($HTTP_POST_VARS["usekerberos"], "on") == 0) $authconfigcommand .= " --enablekrb5 --krb5realm=\"" . $HTTP_POST_VARS["krbrealm"] . "\" --krb5kdc=\"" . $HTTP_POST_VARS["krbkdc"] . "\" --krb5adminserver=\"" . $HTTP_POST_VARS["krbadminserver"] . "\""; } else $authconfigcommand .= " --disablekrb5"; if (strlen($HTTP_POST_VARS["usesmb"]) > 0) { if (strcasecmp($HTTP_POST_VARS["usesmb"], "on") == 0) $authconfigcommand .= " --enablesmbauth --smbworkgroup=\"" . $HTTP_POST_VARS["smbworkgroup"] . "\" --smbservers=\"" . $HTTP_POST_VARS["smbservers"] . "\""; } else $authconfigcommand .= " --disablesmbauth"; exec($authconfigcommand); // print($authconfigcommand); // exit; if (strlen($HTTP_POST_VARS["usewinbind"]) > 0) { if ((strcasecmp($HTTP_POST_VARS["usewinbind"], "on") == 0) && (strcasecmp($HTTP_POST_VARS["winbindjoin"], "on") == 0)) { if (strncasecmp($HTTP_POST_VARS["winbindtype"], "ads", 3) == 0) exec("/usr/bin/sudo /usr/bin/net ads join -w " . escapeshellarg($HTTP_POST_VARS["winbinddomain"]) . " -U " . escapeshellarg($HTTP_POST_VARS["winbindadminusername"]) . "%" . escapeshellarg($HTTP_POST_VARS["winbindadminpassword"])); else exec("/usr/bin/sudo /usr/bin/net rpc join " . escapeshellarg($HTTP_POST_VARS["winbinddomain"]) . " -U " . escapeshellarg($HTTP_POST_VARS["winbindadminusername"]) . "%" . escapeshellarg($HTTP_POST_VARS["winbindadminpassword"])); } } apply_configuration(array("services" => "restart", "winbindrestart" => true, "chmod" => "yes", "chmod_path" => "")); if (strlen($HTTP_POST_VARS["ldap_smb_login"]) > 0) { if (strcasecmp($HTTP_POST_VARS["ldap_smb_login"], "on") == 0) { exec("/usr/bin/sudo /usr/bin/smbpasswd -w " . escapeshellarg($HTTP_POST_VARS["ldaprootbindpw"])); } } $fp = popen("/usr/bin/sudo /usr/bin/at now + 1 minutes", "w"); fputs($fp, "/sbin/service openfiler restart\n"); pclose($fp); header("Location: ./"); exit; } generic_header(array("title" => _("Administration Section"))); single_begin(array()); print("

" . _("Home") . " / " . _("Administration Section") . "

\n"); ?>

Welcome Administrator. The following are various system information and preferences, arranged into tabs. Please click on a tab to open up that category.

Please note that Openfiler needs a central directory service
on the network to function, which it and the client machines can see and use.
You cannot use local users and groups with Openfiler.
Otherwise there is no means to implement authorisation
as one machine's information about users and groups can differ from another's.
You can configure the directory service below.


User Information Configuration

/> Use NIS
Domain:
Server:
/> Use LDAP
/> Use TLS
Server:
Base DN:
Bind DN:
Bind password:
Root bind DN:
Root bind password:
Login SMB server to root DN
/> Use Windows domain controller
and authentication
Security model: /> Active Directory
/> NT4-style Domain (RPC)
Domain:
Domain controllers:
ADS realm:
UID range:
GID range:
LDAP ID map server:
LDAP ID map suffix:
Join domain
Administrator
username:
Administrator
password:
/> Use Hesiod
LHS:
RHS:

 

Authentication Configuration

/> Use MD5 Passwords
/> Use Shadow Passwords
/> Use LDAP Authentication
/> Use TLS
Server:
Base DN:
/> Use Kerberos 5
Realm:
KDC:
Admin Server:
/> Use SMB Authentication
Workgroup:
Servers:

When you make changes and submit, the changes will be applied,
but please give the Openfiler service 1 minute time to restart for the changes to take effect.
You may then verify these changes in the list of groups section.