Лог:
Код: Выделить всё
Nov 24 14:37:01 pdc slapd[1130]: slap_client_connect: URI=ldaps://bdc.polyana DN="uid=ldapsync_service,ou=systemusers,dc=polyans" ldap_sasl_bi
Nov 24 14:37:01 pdc slapd[1130]: do_syncrepl: rid=000 rc -1 retrying
Код: Выделить всё
Nov 24 14:37:01 pdc slapd[1130]: slap_client_connect: URI=ldaps://bdc.polyana DN="uid=ldapsync_service,ou=systemusers,dc=polyans" ldap_sasl_bi
Nov 24 14:37:01 pdc slapd[1130]: do_syncrepl: rid=000 rc -1 retrying
Код: Выделить всё
Could not connect to server pdc
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
Код: Выделить всё
Nov 28 00:35:51 pdc slapd[77887]: conn=45 op=2 SRCH base="sambaDomainName=MEAT,sambaDomainName=MEAT,dc=meat" scope=2 deref=0 filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=meat))"
Nov 28 00:35:51 pdc slapd[77887]: conn=45 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=
Nov 28 00:35:51 pdc slapd[77887]: conn=45 op=3 SRCH base="dc=meat" scope=2 deref=0 filter="(&(uid=root)(objectClass=sambaSamAccount))"
Nov 28 00:35:51 pdc slapd[77887]: conn=45 op=3 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber
Nov 28 00:35:51 pdc slapd[77887]: conn=45 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
Nov 28 00:35:51 pdc slapd[77887]: conn=45 fd=14 closed (connection lost)
Код: Выделить всё
Can't lookup UNIX group admins
Код: Выделить всё
Nov 28 00:33:37 pdc slapd[77887]: conn=41 op=1 SRCH base="ou=groups,dc=meat" scope=1 deref=0 filter="(&(objectClass=posixGroup)(cn=admins))"
Код: Выделить всё
acl lan { 10.0.22.0/24; };
acl transfers { 127.0.0.1; };
key "rndc-key" {
algorithm hmac-md5;
secret "VqTJ5r8xuqNpzV7s7Y4I7w==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options
{
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
version "meat dns";
listen-on { 127.0.0.1; 10.0.22.2; };
forwarders { 212.122.1.2; 212.107.200.68; };
allow-query { lan; };
allow-recursion { lan; };
query-source address * port 55555;
};
zone "."
{
type hint;
file "named.root"; };
zone "meat" IN {
type master;
database "ldap ldap://10.0.2.2/zoneName=meat,ou=DNS,dc=meat????!bindname=cn=ldapadmin%2cdc=meat,!x-bindpw=J,fkltnm 178600";
allow-query { lan; };
notify no;
};
zone "22.0.10.in-addr.arpa" IN
{
type master;
database "ldap ldap://10.0.22.2/zoneName=22.0.10.in-addr.arpa,ou=DNS,dc=meat????!bindname=cn=lapadmin%2cdc=meat,!x-bindpw=J,fkltnm 178600";
llow-query { lan; };
notify no;
};
zone "0.0.127.in-addr.arpa" IN
{
type master;
database "ldap ldap://10.0.22.2/zoneName=0.0.127.in-addr.arpa,ou=DNS,dc=meat????!bindname=cn=ldapadmin%2cdc=meat,!x-bindpw=J,fkltnm 178600";
allow-query { lan; };
notify no;
};
Код: Выделить всё
version: 9.7.0rc1 (meat dns)
CPUs found: 1
worker threads: 1
number of zones: 15
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
Код: Выделить всё
Jan 18 23:56:05 ns1 slapd[575]: conn=1004 op=159 SRCH base="cn=Config,ou=DHCP,dc=meat" scope=2 deref=0 filter="(&(objectClass=dhcpHost)(dhcpHW
Jan 18 23:56:05 ns1 slapd[575]: conn=1004 op=159 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 18 23:56:05 ns1 slapd[575]: conn=1004 op=160 SRCH base="cn=Config,ou=dhcp,dc=meat" scope=2 deref=0 filter="(&(cn=10.0.22.0)(objectClass=dh
Jan 18 23:56:05 ns1 slapd[575]: conn=1004 op=160 SEARCH RESULT tag=101 err=0 nentries=0 text=
Код: Выделить всё
Jan 18 23:36:05 ns1 slapd[575]: conn=1004 op=123 SRCH base="cn=Config,ou=DHCP,dc=meat" scope=2 deref=0 filter="(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet 00:25:d3:41:26:fd))"
Jan 18 23:36:05 ns1 slapd[575]: conn=1004 op=123 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 18 23:36:05 ns1 slapd[575]: conn=1004 op=124 SRCH base="cn=Config,ou=dhcp,dc=meat" scope=2 deref=0 filter="(&(cn=10.0.22.0)(objectClass=dhcpGroup))"
Jan 18 23:36:05 ns1 slapd[575]: conn=1004 op=124 SEARCH RESULT tag=101 err=0 nentries=0 text=
Код: Выделить всё
Jan 19 00:35:48 ns1 slapd[575]: conn=1067 op=17 SRCH base="relativeDomainName=@,zoneName=22.0.10.in-addr.arpa,ou=DNS,dc=meat" scope=1 deref=0
Jan 19 00:35:48 ns1 slapd[575]: conn=1067 op=17 SRCH attr=objectclass
Jan 19 00:35:48 ns1 slapd[575]: conn=1067 op=17 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 19 00:35:48 ns1 slapd[575]: conn=1067 op=18 SRCH base="relativeDomainName=@,zoneName=22.0.10.in-addr.arpa,ou=DNS,dc=meat" scope=0 deref=0
Jan 19 00:35:48 ns1 slapd[575]: conn=1067 op=18 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 19 00:35:49 ns1 slapd[575]: conn=1067 op=19 SRCH base="relativeDomainName=@,zoneName=22.0.10.in-addr.arpa,ou=DNS,dc=meat" scope=1 deref=0
Jan 19 00:35:49 ns1 slapd[575]: conn=1067 op=19 SRCH attr=objectclass
Jan 19 00:35:49 ns1 slapd[575]: conn=1067 op=19 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 19 00:36:04 ns1 slapd[575]: conn=1067 op=20 SRCH base="relativeDomainName=100,zoneName=22.0.10.in-addr.arpa,ou=DNS,dc=meat" scope=0 deref=
Jan 19 00:36:04 ns1 slapd[575]: conn=1067 op=20 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 19 00:36:05 ns1 slapd[575]: conn=1004 op=233 SRCH base="cn=Config,ou=DHCP,dc=meat" scope=2 deref=0 filter="(&(objectClass=dhcpHost)(dhcpHW
Jan 19 00:36:05 ns1 slapd[575]: conn=1004 op=233 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 19 00:36:05 ns1 slapd[575]: conn=1004 op=234 SRCH base="cn=Config,ou=dhcp,dc=meat" scope=2 deref=0 filter="(&(cn=10.0.22.0)(objectClass=dh
Jan 19 00:36:05 ns1 slapd[575]: conn=1004 op=234 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 19 00:36:05 ns1 slapd[575]: conn=1067 op=21 SRCH base="relativeDomainName=2,zoneName=22.0.10.in-addr.arpa,ou=DNS,dc=meat" scope=0 deref=0
Jan 19 00:36:05 ns1 slapd[575]: conn=1067 op=21 SEARCH RESULT tag=101 err=0 nentries=1 text=
Код: Выделить всё
ns1# nslookup ns1
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find ns1: REFUSED
Код: Выделить всё
Sep 6 12:14:34 server2 slapd[6613]: slapd startup: initiated.
Sep 6 12:14:34 server2 slapd[6613]: backend_startup_one: starting "cn=config"
Sep 6 12:14:34 server2 slapd[6613]: config_back_db_open
Sep 6 12:14:34 server2 slapd[6613]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "cn=config"
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "cn=module{0}"
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "cn=schema"
Sep 6 12:14:34 server2 slapd[6613]: >>> dnNormalize: <cn={0}core>
Sep 6 12:14:34 server2 slapd[6613]: <<< dnNormalize: <cn={0}core>
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "cn={0}core"
Sep 6 12:14:34 server2 slapd[6613]: >>> dnNormalize: <cn={1}cosine>
Sep 6 12:14:34 server2 slapd[6613]: <<< dnNormalize: <cn={1}cosine>
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "cn={1}cosine"
Sep 6 12:14:34 server2 slapd[6613]: >>> dnNormalize: <cn={2}inetorgperson>
Sep 6 12:14:34 server2 slapd[6613]: <<< dnNormalize: <cn={2}inetorgperson>
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "cn={2}inetorgperson"
Sep 6 12:14:34 server2 slapd[6613]: >>> dnNormalize: <cn={3}misc>
Sep 6 12:14:34 server2 slapd[6613]: <<< dnNormalize: <cn={3}misc>
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "cn={3}misc"
Sep 6 12:14:34 server2 slapd[6613]: >>> dnNormalize: <cn={4}nis>
Sep 6 12:14:34 server2 slapd[6613]: <<< dnNormalize: <cn={4}nis>
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "cn={4}nis"
Sep 6 12:14:34 server2 slapd[6613]: >>> dnNormalize: <cn={5}openldap>
Sep 6 12:14:34 server2 slapd[6613]: <<< dnNormalize: <cn={5}openldap>
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "cn={5}openldap"
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "olcDatabase={-1}frontend"
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "olcDatabase={0}config"
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "olcDatabase={1}bdb"
Sep 6 12:14:34 server2 slapd[6613]: config_build_entry: "olcOverlay={0}syncprov"
Sep 6 12:14:34 server2 slapd[6613]: backend_startup_one: starting "dc=domain,dc=net,dc=example,dc=ru"
Sep 6 12:14:34 server2 slapd[6613]: bdb_db_open: "dc=domain,dc=net,dc=example,dc=ru"
Sep 6 12:14:34 server2 slapd[6613]: bdb_db_open: database "dc=domain,dc=net,dc=example,dc=ru": dbenv_open(/var/db/openldap-data).
Sep 6 12:14:34 server2 slapd[6613]: => bdb_entry_get: ndn: "dc=domain,dc=net,dc=example,dc=ru"
Sep 6 12:14:34 server2 slapd[6613]: => bdb_entry_get: oc: "(null)", at: "contextCSN"
Sep 6 12:14:34 server2 slapd[6613]: bdb_dn2entry("dc=domain,dc=net,dc=example,dc=ru")
Sep 6 12:14:34 server2 slapd[6613]: => bdb_dn2id("dc=domain,dc=net,dc=example,dc=ru")
Sep 6 12:14:34 server2 slapd[6613]: <= bdb_dn2id: got id=0x1
Sep 6 12:14:34 server2 slapd[6613]: entry_decode: "dc=domain,dc=net,dc=example,dc=ru"
Sep 6 12:14:34 server2 slapd[6613]: <= entry_decode(dc=domain,dc=net,dc=example,dc=ru)
Sep 6 12:14:34 server2 slapd[6613]: => bdb_entry_get: found entry: "dc=domain,dc=net,dc=example,dc=ru"
Sep 6 12:14:34 server2 slapd[6613]: bdb_entry_get: rc=0
Sep 6 12:14:34 server2 slapd[6613]: slapd starting
Sep 6 12:14:34 server2 slapd[6613]: daemon: added 4r listener=0x0
Sep 6 12:14:34 server2 slapd[6613]: daemon: added 6r listener=0x8018480c0
Sep 6 12:14:34 server2 slapd[6613]: daemon: added 7r listener=0x801848180
Sep 6 12:14:34 server2 slapd[6613]: daemon: added 8r listener=0x801848240
Sep 6 12:14:34 server2 slapd[6613]: =>do_syncrepl rid=001
Sep 6 12:14:34 server2 slapd[6613]: [u]slap_client_connect: URI=ldap://server1.domain.net.example.ru/ DN="cn=ldapsync,dc=domain,dc=net,dc=example,dc=ru" ldap_sasl_bind_s failed (49)[/u]
Sep 6 12:14:35 server2 slapd[6613]: daemon: select: listen=6 active_threads=0 tvp=zero
Sep 6 12:14:35 server2 slapd[6613]: daemon: select: listen=7 active_threads=0 tvp=zero
Sep 6 12:14:35 server2 slapd[6613]: daemon: select: listen=8 active_threads=0 tvp=zero
Sep 6 12:14:35 server2 slapd[6613]: do_syncrepl: rid=001 rc 49 retrying
Sep 6 12:14:35 server2 slapd[6613]: daemon: activity on 1 descriptor
Sep 6 12:14:35 server2 slapd[6613]: daemon: waked
Sep 6 12:14:35 server2 slapd[6613]: daemon: select: listen=6 active_threads=0 tvp=zero
Sep 6 12:14:35 server2 slapd[6613]: daemon: select: listen=7 active_threads=0 tvp=zero
Sep 6 12:14:35 server2 slapd[6613]: daemon: select: listen=8 active_threads=0 tvp=zero
Код: Выделить всё
ldap_initialize( ldap://server1.domain.net.example.ru:389/??base )
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)
Код: Выделить всё
ldap_url_parse_ext(ldap://server1.domain.net.example.ru/)
ldap_initialize( ldap://server1.domain.net.example.ru:389/??base )
ldap_create
ldap_url_parse_ext(ldap://server1.domain.net.example.ru:389/??base)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP server1.domain.net.example.ru:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.2.20:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 3
ldap_result ld 0x801005040 msgid 1
wait4msg ld 0x801005040 msgid 1 (infinite timeout)
wait4msg continue ld 0x801005040 msgid 1 all 1
** ld 0x801005040 Connections:
* host: server1.domain.net.example.ru port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Sep 6 12:17:42 2011
** ld 0x801005040 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x801005040 request count 1 (abandoned 0)
** ld 0x801005040 Response Queue:
Empty
ld 0x801005040 response count 0
ldap_chkResponseList ld 0x801005040 msgid 1 all 1
ldap_chkResponseList returns ld 0x801005040 NULL
ldap_int_select
read1msg: ld 0x801005040 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x801005040 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x801005040 0 new referrals
read1msg: mark request completed, ld 0x801005040 msgid 1
request done: ld 0x801005040 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 19, subject: /C=RU/ST=City/L=City/O=Company LLC/OU=IT Dep/CN=Name/emailAddress=name@example.ru, issuer: /C=RU/ST=City/L=City/O=Company LLC/OU=IT Dep/CN=Name/emailAddress=name@example.ru
TLS certificate verification: Error, self signed certificate in certificate chain
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain).
ldap_err2string
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)
Код: Выделить всё
# Глобальный раздел
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
#include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel any
modulepath /usr/local/libexec/openldap
moduleload back_bdb
moduleload syncprov
disallow tls_authc
TLSCertificateFile /var/db/certs/server2_ldap.crt
TLSCertificateKeyFile /var/db/certs/keys/server2_ldap.key
TLSCACertificateFile /var/db/certs/ca.crt
TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA:+TLSv1
TLSVerifyClient never
serverID 2
# Раздел базы данных
database bdb
suffix dc=domain,dc=net,dc=example,dc=ru
rootdn cn=root,dc=domain,dc=net,dc=example,dc=ru
rootpw {SSHA}GWJsqmpoSf2NuHfz+FYTnukOQQ9HbWlz
directory /var/db/openldap-data
index objectclass,entryCSN,entryUUID eq
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by anonymous read
by * none
access to dn.subtree="dc=domain,dc=net,dc=example,dc=ru"
by dn="uid=ldapsync,ou=systemusers,dc=domain,dc=net,dc=example,dc=ru" read
# Директива syncrepl
syncrepl rid=001
provider=ldap://server1.domain.net.example.ru/
type=refreshAndPersist
interval=00:00:00:10
retry="60 +"
searchbase="dc=domain,dc=net,dc=example,dc=ru"
filter="(objectclass=*)"
scope=sub
attrs="*,+"
sizelimit="unlimited"
timelimit="unlimited"
schemachecking=on
bindmethod=simple
binddn="cn=ldapsync,dc=domain,dc=net,dc=example,dc=ru"
credentials=PASSWORD
mirrormode on
overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 100