Salutare,
Incerc sa pun un Active Directory pe un Samba3 cu LDAP.
Am urmat directiile date de
http://www.debianfordummies.org/wiki/index.php/Samba_Ldap_Howto pentru
ca nu mai facusem asta niciodata.
Momentan ma lovesc de urmatoarea problema (nu pot adauga useri in ldap,
folosesc smbldap-tools):
CLS:/# smbldap-useradd testuser
Error looking for next uid at /usr/share/perl5/smbldap_tools.pm line
1044.
Nu pot adauga o statie in domeniu, log-urile spun:
[2007/05/23 06:16:00, 0] auth/auth_util.c:create_builtin_users(751)
create_builtin_users: Failed to create Users
[2007/05/23 06:16:02, 0] auth/auth_util.c:create_builtin_users(751)
create_builtin_users: Failed to create Users
[2007/05/23 06:16:03, 1]
auth/auth_util.c:create_token_from_username(1083)
lookup_name_smbconf for smbpublic failed
[2007/05/23 06:34:51, 0] auth/auth_util.c:create_builtin_users(751)
create_builtin_users: Failed to create Users
[2007/05/23 06:34:54, 0] auth/auth_util.c:create_builtin_users(751)
create_builtin_users: Failed to create Users
Error looking for next uid at /usr/share/perl5/smbldap_tools.pm line
1044.
[2007/05/23 06:34:57, 0]
passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"stoshiba$"' gave 1
Acelasi lucru se intampla si daca incerc sa accesez un share de pe
serverul samba:
[2007/05/23 06:36:38, 0] passdb/passdb.c:lookup_global_sam_name(598)
User root with invalid SID
S-1-5-21-405599704-3249903774-2135862609-500 in passdb
Imi este foarte clar ca ceva este complet gresit, dar nu imi dau seama
ce.
As fi recunoscator daca m-ar putea ajuta cineva (incluzand aici
consultanta pe bani/bere/etc, poate un tutorial mai bun).
Am atasat in continuare snip-uri din config-urile cele mai folosite (am
exclus conf-urile lui pam).
Toate bune,
Cristian Sandescu
Snip from smb.conf
[global]
workgroup = MYDOMAIN
netbios name = MYDOMAIN
time server = yes
wins support = yes
name resolve order = wins lmhosts bcast host
log file = /var/log/samba/log.%m
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://ldap.MYDOMAIN.net/
ldap passwd sync = yes
ldap suffix = dc=MYDOMAIN,dc=net
ldap admin dn = cn=admin,dc=MYDOMAIN,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
obey pam restrictions = yes
; guest account = nobody
; invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
domain logons = yes
logon path = \\%N\profiles\%U
logon drive = M:
logon home = \\%N\%U
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = yes
preferred master = yes
local master = yes
domain logons = yes
guest ok = yes
case sensitive = no
hide dot files = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
password server = CLS
preserve case = no
short preserve case = no
default case = lower
load printers = yes
Snip from slapd.conf:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
schemacheck on
loglevel 256
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
checkpoint 512 30
database bdb
suffix "dc=MYDOMAIN,dc=net"
rootdn "cn=admin,dc=MYDOMAIN,dc=net"
rootpw {SSHA}parola_criptata
directory "/var/lib/ldap"
lastmod on
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=MYDOMAIN,dc=net" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=MYDOMAIN,dc=net" write
by * read
index sambaSID eq
index sambaPrimaryGroupSID eq
index objectClass,uid,uidNumber,gidNumber,memberUid eq index
cn,mail,surname,givenname eq,subinitial
#TLSCertificateFile /etc/ldap/cert/server.csr
#TLSCertificateKeyFile /etc/ldap/cert/server.key
#TLSVerifyClient 0
#startls=yes
Snip from ldap.conf:
BASE dc=MYDOMAIN, dc=net
URI ldap://ldap.MYDOMAIN.net ldap://ldap.MYDOMAIN.com:636
rootdn "cn=admin,dc=MYDOMAIN,dc=net"
rootpw {SSHA}parola_criptata
#TLS_CERT /etc/ldap/cert/client.csr
#TLS_KEY /etc/ldap/cert/client.key
#TLS_REQCERT allow
Snip from smbldap_bind.conf
CLS:/var/log/samba# cat /etc/smbldap-tools/smbldap_bind.conf
masterDN="cn=admin,dc=MYDOMAIN,dc=net"
masterPw="parola_in_clar"
Snip din smbldap.conf
CLS:/var/log/samba# cat /etc/smbldap-tools/smbldap.conf
SID="S-1-5-21-2166458250-4071163207-2971366508" (obtinut cu net
getlocalsid) slaveLDAP="ldap.MYDOMAIN.net"
slavePort="389"
masterLDAP="ldap.MYDOMAIN.net"
masterPort="389"
ldapTLS="0"
verify="none"
suffix="dc=MYDOMAIN,dc=net"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=CLS,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
userSmbHome="\\CLS\homes\%U"
userProfile="\\CLS\profiles\%U"
userHomeDrive="H:"
mailDomain="MYDOMAIN.net"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
