From 51984ac3d3da3006809c6866fdecd4ad83610731 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 30 Jul 2001 07:36:04 +0000 Subject: templates!!! --- httemplate/docs/export.html | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100755 httemplate/docs/export.html (limited to 'httemplate/docs/export.html') diff --git a/httemplate/docs/export.html b/httemplate/docs/export.html new file mode 100755 index 000000000..d92eec346 --- /dev/null +++ b/httemplate/docs/export.html @@ -0,0 +1,41 @@ + + File exporting + + +

File exporting

bin/svc_acct.export will create UNIX passwd, shadow and master.passwd files, ERPCD acp_passwd and acp_dialup files and a RADIUS users file in the /usr/local/etc/freeside/export.datasrc directory. Some RADIUS servers (such as Radiator and ICRADIUS) will authenticate directly out of an SQL database. In these cases, +it is reccommended that you replicate the data to an external RADIUS machine rather than running the RADIUS server on your Freeside machine. Using the appropriate configuration files, you can export these files to your remote machines unattended: +
- shellmachines - passwd and shadow are copied to the remote machine as /etc/passwd.new and /etc/shadow.new and then moved to /etc/passwd and /etc/shadow if no errors occur. +
- bsdshellmachines - passwd and master.passwd are copied to the remote machine as /etc/passwd.new and /etc/master.passwd.new and moved to /etc/passwd and /etc/master.passwd if no errors occur. +
- nismachines - passwd and shadow are copied to the /etc/global directory on the remote machine. If no errors occur, the command ( cd /var/yp; make; ) is executed on the remote machine. +
- erpcdmachines - acp_passwd and acp_dialup are copied to the /usr/annex directory on the remote machine. If no errors occur, the command ( kill -USR1 `cat /usr/annex/erpcd.pid` ) is executed on the remote machine. +
- radiusmachines - users is copied to the /etc/raddb directory on the remote machine. If no errors occur, the command ( builddbm ) is executed on the remote machine. +
- icradiusmachines - Local radcheck and radreply tables will be created. If any machines are specified, the remote MySQL database will be locked and the radcheck table will be copied to the those machines. You may also need to set the icradius_mysqlsource and/or icradius_mysqldest configuration files. Currently you need to be running MySQL for your Freeside database to use this feature. +
+
site_perl/svc_acct.pm - If a shellmachine is defined, users can be created, modified and deleted remotely; see below. +
- Account creation - If the username, uid and dir fields are defined for a new user, the command(s) specified in the shellmachine-useradd configuration file are executed on shellmachine via ssh. If this file does not exist, useradd -d $dir -m -s $shell -u $uid $username is the default. If the file exists but is empty, cp -pr /etc/skel $dir; chown -R $uid.$gid $dir is the default instead. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $username, $uid, $gid, $dir, and $shell. +
- Account deletion - The command(s) specified in the shellmachine-userdel configuration file are executed on shellmachine via ssh. If this file does not exist, userdel $username is the default. If the file exists but is empty, rm -rf $dir is the default instead. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $username and $dir. +
- Account modification - If a user's home directory changes, the command(s) specified in the shellmachine-usermod configuration file are execute on shellmachine via ssh. If this file does not exist or is empty, [ -d $old_dir ] && mv $old_dir $new_dir || ( chmod u+t $old_dir; mkdir $new_dir; cd $old_dir; find . -depth -print | cpio -pdm $new_dir; chmod u-t $new_dir; chown -R $uid.$gid $new_dir; rm -rf $old_dir ) is the default. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $old_dir, $new_dir, $uid and $gid. +
+
bin/svc_acct_sm.export will create Qmail rcpthosts, recipientmap and virtualdomains files and Sendmail virtusertable and sendmail.cw files in the /usr/local/etc/freeside/export.datasrc directory. Using the appropriate configuration files, you can export these files to your remote machines unattemded: +
- qmailmachines - recipientmap, virtualdomains and rcpthosts are copied to the /var/qmail/control directory on the remote machine. Note: If you imported qmail configuration files, run the generated /usr/local/etc/freeside/export.datasrc/virtualdomains.FIX on a machine with your user home directories before exporting qmail configuration files. +
- shellmachine - The command [ -e homedir/.qmail-default ] || { touch homedir/.qmail-default; chown uid.gid homedir/.qmail-default; } will be run on this machine for users in the virtualdomains file. +
- sendmailmachines - sendmail.cw and virtusertable are copied to the remote machine as /etc/sendmail.cw.new and /etc/virtusertable.new. If no errors occur, they are moved to /etc/sendmail.cw and /etc/virtusertable and the command specified in the sendmailrestart configuration file is executed. (The path can be changed from the default /etc with the sendmailconfigpath configuration file.) +
+
site_perl/svc_acct_sm.pm - If the qmailmachines configuration file exists and a shellmachine is defined, user .qmail- files can be updated. +
- The command [ -e homedir/.qmail-domain-default ] || { touch homedir/.qmail-domain-default; chown uid.gid homedir/.qmail-domain-default; } is run. +
+

+
Unattended remote login - Freeside can login to remote machines unattended using SSH. This can pose a security risk if not configured correctly, and will allow an intruder who breaks into your freeside machine full access to your remote machines. Do not use this feature unless you understand what you are doing! +

As the freeside user (on your freeside machine), generate an authentication key using ssh-keygen. Since this is for unattended operation, you need to use a blank passphrase. +
Append the newly-created identity.pub file to root's authorized_keys on the remote machine(s). +

+ + + -- cgit v1.2.1 From 0fd508f695b4f19a447eba7663f59dc7fb4033d3 Mon Sep 17 00:00:00 2001 From: ivan Date: Mon, 20 Aug 2001 09:38:28 +0000 Subject: documentation updates --- httemplate/docs/export.html | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'httemplate/docs/export.html') diff --git a/httemplate/docs/export.html b/httemplate/docs/export.html index d92eec346..7f3a07118 100755 --- a/httemplate/docs/export.html +++ b/httemplate/docs/export.html @@ -14,7 +14,7 @@ it is reccommended that you replicate the data to an external RADIUS machine rat

radiusmachines - users is copied to the /etc/raddb directory on the remote machine. If no errors occur, the command ( builddbm ) is executed on the remote machine.

icradiusmachines - Local radcheck and radreply tables will be created. If any machines are specified, the remote MySQL database will be locked and the radcheck table will be copied to the those machines. You may also need to set the icradius_mysqlsource and/or icradius_mysqldest configuration files. Currently you need to be running MySQL for your Freeside database to use this feature. -

site_perl/svc_acct.pm - If a shellmachine is defined, users can be created, modified and deleted remotely; see below. +

svc_acct.pm - If a shellmachine is defined, users can be created, modified and deleted remotely; see below.

Account creation - If the username, uid and dir fields are defined for a new user, the command(s) specified in the shellmachine-useradd configuration file are executed on shellmachine via ssh. If this file does not exist, useradd -d $dir -m -s $shell -u $uid $username is the default. If the file exists but is empty, cp -pr /etc/skel $dir; chown -R $uid.$gid $dir is the default instead. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $username, $uid, $gid, $dir, and $shell.
Account deletion - The command(s) specified in the shellmachine-userdel configuration file are executed on shellmachine via ssh. If this file does not exist, userdel $username is the default. If the file exists but is empty, rm -rf $dir is the default instead. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $username and $dir. @@ -26,15 +26,22 @@ it is reccommended that you replicate the data to an external RADIUS machine rat
shellmachine - The command [ -e homedir/.qmail-default ] || { touch homedir/.qmail-default; chown uid.gid homedir/.qmail-default; } will be run on this machine for users in the virtualdomains file.
sendmailmachines - sendmail.cw and virtusertable are copied to the remote machine as /etc/sendmail.cw.new and /etc/virtusertable.new. If no errors occur, they are moved to /etc/sendmail.cw and /etc/virtusertable and the command specified in the sendmailrestart configuration file is executed. (The path can be changed from the default /etc with the sendmailconfigpath configuration file.)

site_perl/svc_acct_sm.pm - If the qmailmachines configuration file exists and a shellmachine is defined, user .qmail- files can be updated. +

svc_domain.pm - If the qmailmachines configuration file exists and a shellmachine is defined, user .qmail- files can be updated for catchall mailboxes.

The command [ -e homedir/.qmail-domain-default ] || { touch homedir/.qmail-domain-default; chown uid.gid homedir/.qmail-domain-default; } is run. +

The command

[ -e homedir/.qmail-domain-default ] || {
+    touch homedir/.qmail-domain-default;
+    chown uid.gid homedir/.qmail-domain-default;
+}

is run.

svc_forward.pm - Not yet documented; see manpage. +

svc_www.pm - Not yet documented; see manpage.
Unattended remote login - Freeside can login to remote machines unattended using SSH. This can pose a security risk if not configured correctly, and will allow an intruder who breaks into your freeside machine full access to your remote machines. Do not use this feature unless you understand what you are doing!

As the freeside user (on your freeside machine), generate an authentication key using ssh-keygen. Since this is for unattended operation, you need to use a blank passphrase. -
Append the newly-created identity.pub file to root's authorized_keys on the remote machine(s). +
As the freeside user (on your freeside machine), generate an authentication key using ssh-keygen. Since this is for unattended operation, use a blank passphrase. +
Append the newly-created identity.pub file to ~root/.ssh/authorized_keys on the remote machine(s). +
Some new SSH v2 implementation accept v2 style keys only. Use the -t option to ssh-keygen, and append the created id_dsa.pub or id_rsa.pub to ~root/.ssh/authorized_keys2 on the remote machine(s). +
You may need to set PermitRootLogin without-password (meaning with keys only) in your sshd_config file on the remote machine(s).

-- cgit v1.2.1 From 842df85f746a2e1b961d6c9e3a8c5cc3678ae6dd Mon Sep 17 00:00:00 2001 From: ivan Date: Tue, 11 Sep 2001 03:15:58 +0000 Subject: cyrus support --- httemplate/docs/export.html | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'httemplate/docs/export.html') diff --git a/httemplate/docs/export.html b/httemplate/docs/export.html index 7f3a07118..c7410a923 100755 --- a/httemplate/docs/export.html +++ b/httemplate/docs/export.html @@ -20,6 +20,12 @@ it is reccommended that you replicate the data to an external RADIUS machine rat

Account deletion - The command(s) specified in the shellmachine-userdel configuration file are executed on shellmachine via ssh. If this file does not exist, userdel $username is the default. If the file exists but is empty, rm -rf $dir is the default instead. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $username and $dir.

Account modification - If a user's home directory changes, the command(s) specified in the shellmachine-usermod configuration file are execute on shellmachine via ssh. If this file does not exist or is empty,

[ -d $old_dir ] && mv $old_dir $new_dir || ( chmod u+t $old_dir; mkdir $new_dir; cd $old_dir; find . -depth -print | cpio -pdm $new_dir; chmod u-t $new_dir; chown -R $uid.$gid $new_dir; rm -rf $old_dir )

is the default. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $old_dir, $new_dir, $uid and $gid. +

svc_acct.pm - Cyrus IMAP Server integration, enabled by the cyrus configuration file +

Account creation - (Cyrus::IMAP::Admin should be installed locally) +
Account deletion - (Cyrus::IMAP::Admin should be installed locally) +
Account modification - (not yet implemented) +

bin/svc_acct_sm.export will create Qmail rcpthosts, recipientmap and virtualdomains files and Sendmail virtusertable and sendmail.cw files in the /usr/local/etc/freeside/export.datasrc directory. Using the appropriate configuration files, you can export these files to your remote machines unattemded:

qmailmachines - recipientmap, virtualdomains and rcpthosts are copied to the /var/qmail/control directory on the remote machine. Note: If you imported qmail configuration files, run the generated /usr/local/etc/freeside/export.datasrc/virtualdomains.FIX on a machine with your user home directories before exporting qmail configuration files. -- cgit v1.2.1 From be58a1538ce963c4d3b6319c163960513703108d Mon Sep 17 00:00:00 2001 From: ivan
Date: Mon, 14 Jan 2002 20:28:17 +0000 Subject: pay some attention to 1.4 RADIUS SQL export --- httemplate/docs/export.html | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'httemplate/docs/export.html') diff --git a/httemplate/docs/export.html b/httemplate/docs/export.html index c7410a923..c7f1b4c9e 100755 --- a/httemplate/docs/export.html +++ b/httemplate/docs/export.html @@ -4,33 +4,33 @@
File exporting
- bin/svc_acct.export will create UNIX passwd, shadow and master.passwd files, ERPCD acp_passwd and acp_dialup files and a RADIUS users file in the /usr/local/etc/freeside/export.datasrc directory. Some RADIUS servers (such as Radiator and ICRADIUS) will authenticate directly out of an SQL database. In these cases, -it is reccommended that you replicate the data to an external RADIUS machine rather than running the RADIUS server on your Freeside machine. Using the appropriate configuration files, you can export these files to your remote machines unattended: +
- bin/svc_acct.export will create UNIX passwd, shadow and master.passwd files, ERPCD acp_passwd and acp_dialup files and a RADIUS users file in the /usr/local/etc/freeside/export.datasrc directory. Some RADIUS servers (such as Radiator, ICRADIUS and FreeRADIUS) will authenticate directly out of an SQL database. In these cases, +it is reccommended that you replicate (Replication in MySQL) the data to an external RADIUS machine or point icradius_secrets to the external machine rather than running the RADIUS server on your Freeside machine. Using the appropriate configuration settings, you can export these files to your remote machines unattended:
  - shellmachines - passwd and shadow are copied to the remote machine as /etc/passwd.new and /etc/shadow.new and then moved to /etc/passwd and /etc/shadow if no errors occur.
  - bsdshellmachines - passwd and master.passwd are copied to the remote machine as /etc/passwd.new and /etc/master.passwd.new and moved to /etc/passwd and /etc/master.passwd if no errors occur.
  - nismachines - passwd and shadow are copied to the /etc/global directory on the remote machine. If no errors occur, the command ( cd /var/yp; make; ) is executed on the remote machine.
  - erpcdmachines - acp_passwd and acp_dialup are copied to the /usr/annex directory on the remote machine. If no errors occur, the command ( kill -USR1 `cat /usr/annex/erpcd.pid` ) is executed on the remote machine.
  - radiusmachines - users is copied to the /etc/raddb directory on the remote machine. If no errors occur, the command ( builddbm ) is executed on the remote machine. -
  - icradiusmachines - Local radcheck and radreply tables will be created. If any machines are specified, the remote MySQL database will be locked and the radcheck table will be copied to the those machines. You may also need to set the icradius_mysqlsource and/or icradius_mysqldest configuration files. Currently you need to be running MySQL for your Freeside database to use this feature. +
  - icradiusmachines - Turn this option on to enable radcheck table population - by default in the Freeside database, or in the database specified by the icradius_secrets config option (the radcheck table needs to be created manually). You do not need to use MySQL for your Freeside database to export to an ICRADIUS/FreeRADIUS MySQL database with this option.
    ADDITIONAL DEPRECATED FUNCTIONALITY (instead use MySQL replication or point icradius_secrets to the external database) - your ICRADIUS machines or FreeRADIUS (with MySQL authentication) machines, one per line. Machines listed in this file will have the radcheck table exported to them. Each line should contain four items, separted by whitespace: machine name, MySQL database name, MySQL username, and MySQL password. For example: "radius.isp.tld radius_db radius_user passw0rd"
- svc_acct.pm - If a shellmachine is defined, users can be created, modified and deleted remotely; see below.
  - Account creation - If the username, uid and dir fields are defined for a new user, the command(s) specified in the shellmachine-useradd configuration file are executed on shellmachine via ssh. If this file does not exist, useradd -d $dir -m -s $shell -u $uid $username is the default. If the file exists but is empty, cp -pr /etc/skel $dir; chown -R $uid.$gid $dir is the default instead. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $username, $uid, $gid, $dir, and $shell. -
  - Account deletion - The command(s) specified in the shellmachine-userdel configuration file are executed on shellmachine via ssh. If this file does not exist, userdel $username is the default. If the file exists but is empty, rm -rf $dir is the default instead. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $username and $dir. -
  - Account modification - If a user's home directory changes, the command(s) specified in the shellmachine-usermod configuration file are execute on shellmachine via ssh. If this file does not exist or is empty, [ -d $old_dir ] && mv $old_dir $new_dir || ( chmod u+t $old_dir; mkdir $new_dir; cd $old_dir; find . -depth -print | cpio -pdm $new_dir; chmod u-t $new_dir; chown -R $uid.$gid $new_dir; rm -rf $old_dir ) is the default. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $old_dir, $new_dir, $uid and $gid. +
  - Account creation - If the username, uid and dir fields are defined for a new user, the command(s) specified in the shellmachine-useradd configuration file are executed on shellmachine via ssh. If this file does not exist, useradd -d $dir -m -s $shell -u $uid $username is the default. If the file exists but is empty, cp -pr /etc/skel $dir; chown -R $uid.$gid $dir is the default instead. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $username, $uid, $gid, $dir, and $shell. +
  - Account deletion - The command(s) specified in the shellmachine-userdel configuration file are executed on shellmachine via ssh. If this file does not exist, userdel $username is the default. If the file exists but is empty, rm -rf $dir is the default instead. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $username and $dir. +
  - Account modification - If a user's home directory changes, the command(s) specified in the shellmachine-usermod configuration file are execute on shellmachine via ssh. If this file does not exist or is empty, [ -d $old_dir ] && mv $old_dir $new_dir || ( chmod u+t $old_dir; mkdir $new_dir; cd $old_dir; find . -depth -print | cpio -pdm $new_dir; chmod u-t $new_dir; chown -R $uid.$gid $new_dir; rm -rf $old_dir ) is the default. Otherwise the contents of the file are treated as a double-quoted perl string, with the following variables available: $old_dir, $new_dir, $uid and $gid.
  -
- svc_acct.pm - Cyrus IMAP Server integration, enabled by the cyrus configuration file +
- svc_acct.pm - Cyrus IMAP Server integration, enabled by the cyrus configuration file
  - Account creation - (Cyrus::IMAP::Admin should be installed locally)
  - Account deletion - (Cyrus::IMAP::Admin should be installed locally)
  - Account modification - (not yet implemented)
  -
- bin/svc_acct_sm.export will create Qmail rcpthosts, recipientmap and virtualdomains files and Sendmail virtusertable and sendmail.cw files in the /usr/local/etc/freeside/export.datasrc directory. Using the appropriate configuration files, you can export these files to your remote machines unattemded: +
- bin/svc_acct_sm.export will create Qmail rcpthosts, recipientmap and virtualdomains files and Sendmail virtusertable and sendmail.cw files in the /usr/local/etc/freeside/export.datasrc directory. Using the appropriate configuration files, you can export these files to your remote machines unattemded:
  - qmailmachines - recipientmap, virtualdomains and rcpthosts are copied to the /var/qmail/control directory on the remote machine. Note: If you imported qmail configuration files, run the generated /usr/local/etc/freeside/export.datasrc/virtualdomains.FIX on a machine with your user home directories before exporting qmail configuration files.
  - shellmachine - The command [ -e homedir/.qmail-default ] || { touch homedir/.qmail-default; chown uid.gid homedir/.qmail-default; } will be run on this machine for users in the virtualdomains file. -
  - sendmailmachines - sendmail.cw and virtusertable are copied to the remote machine as /etc/sendmail.cw.new and /etc/virtusertable.new. If no errors occur, they are moved to /etc/sendmail.cw and /etc/virtusertable and the command specified in the sendmailrestart configuration file is executed. (The path can be changed from the default /etc with the sendmailconfigpath configuration file.) +
  - sendmailmachines - sendmail.cw and virtusertable are copied to the remote machine as /etc/sendmail.cw.new and /etc/virtusertable.new. If no errors occur, they are moved to /etc/sendmail.cw and /etc/virtusertable and the command specified in the sendmailrestart configuration file is executed. (The path can be changed from the default /etc with the sendmailconfigpath configuration file.)
- svc_domain.pm - If the qmailmachines configuration file exists and a shellmachine is defined, user .qmail- files can be updated for catchall mailboxes.