hi linuxer !!! aku baru install samba dengan auth di LDAP. semua konfiurasi ada di di bawah. waktu start samba, ldap OK. juga create user pake smbldap-tools juga ok. masalahnya adalah waktu aku coba login dengan user yg tidak ada di database (ldap), user itu bisa login ke samba. kira2 salahnya dimana?
data: kompilasi samba-2.2.7a ./configure --prefix=/usr/local/samba2 --with-smbmount --with-ldapsam --with-winbind --with-msdfs smb.conf #======================= Global Settings ===================================== [global] workgroup = mylan netbios name = Jupiter server string = Samba Server %v passwd program=/usr/local/sbin/smbldap-passwd %u passwd chat=/*new*password*%n\n*new*password*%n\n*succesfully printcap name = lpstat load printers = yes printing = cups printer admin = @adm log file = /var/log/samba/log.%m max log size = 50 hosts allow = 192.168.1. 192.168.0. 127. map to guest = bad user security = user unix password sync = Yes obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 192.168.0.0/24 192.168.1.0/24 ; local master = no os level = 65 domain master = yes preferred master = yes domain logons = yes # LDAP configuration for Domain Controlling: ldap admin dn = cn=Manager,dc=mylan,dc=net # ldap ssl = start_tls #ldap ssl = off # start_tls should run on 389, but samba defaults incorrectly to 636 ldap port = 389 ldap suffix = dc=mylan,dc=net ldap server = localhost add user script = /usr/local/sbin/smbldap-useradd -m -d /home/gina -g 600 -s /sbin/nologin %u # 7. Name Resolution Options: name resolve order = wins lmhosts bcast wins support = yes ; wins server = w.x.y.z dns proxy = no # 8. File Naming Options: #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no [Profiles] path = /var/lib/samba/profiles browseable = no guest ok = yes writable = yes root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \ then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi [printers] comment = All Printers path = /var/spool/samba browseable = no # to allow user 'guest account' to print. guest ok = yes writable = no printable = yes create mode = 0700 [print$] path = /var/lib/samba/printers browseable = yes read only = yes write list = @adm root guest ok = yes openldap-2.1.23 ./configure --prefix=/usr/local/ldap --with-bdb=no --with-gdbm=yes slapd.conf include /usr/local/ldap/etc/openldap/schema/core.schema include /usr/share/openldap/schema/cosine.schema include /usr/share/openldap/schema/corba.schema include /usr/share/openldap/schema/inetorgperson.schema include /usr/share/openldap/schema/nis.schema include /usr/share/openldap/schema/openldap.schema include /usr/share/openldap/schema/samba.schema include /etc/openldap/schema/local.schema ####################################################################### # ldbm database definitions ####################################################################### database ldbm suffix dc=mylan,dc=net rootdn cn=Manager,dc=mylan,dc=net # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # rootpw {crypt}ijFYNcSNctBYg #rootpw {SSHA}sTwe4ljfNbEuZe6GmBi6/lPZWQACCfBi # The database directory MUST exist prior to running slapd AND # should only be accessable by the slapd/tools. Mode 700 recommended. directory /usr/local/ldap/var/samba # Indices to maintain #index objectClass eq index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenname eq,subinitial # Index the rid for samba: index rid eq -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip dan info di http://linux.or.id/milis.php FAQ milis http://linux.or.id/faq.php