Smaba(PDC) + LDAP

[KoSHaK]

Здравствуйте.
В никсовых системах я новичок, поэтому вопросы будут глупые

Руководствуясь статьей Настройка Samba для хранения информации в LDAP дошел до пункта "Теперь добавим доменные группы". Группы admins и pepole смапились без ошибок, а вот группа computers не захотела...

Собственно ошибка и прилагающее:

Код: Выделить всё

[root@dns ~/openldap]# uname -a
FreeBSD dns.opz.odessa.ua 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Fri May 15 00:37:16 EEST 2009     root@dns.opz.odessa.ua:/usr/obj/usr/src/sys/BEAST  i386

Код: Выделить всё

[root@dns ~/openldap]# net -d 100 groupmap add unixgroup=computers rid=515 type=domain
[2009/07/20 15:44:36, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
    all: True/100
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
[2009/07/20 15:44:36, 3] param/loadparm.c:lp_load(5055)
  lp_load: refreshing parameters
[2009/07/20 15:44:36, 3] param/loadparm.c:init_globals(1440)
  Initialising global parameters
[2009/07/20 15:44:36, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/usr/local/etc/smb.conf"
[2009/07/20 15:44:36, 3] param/loadparm.c:do_section(3794)
  Processing section "[global]"
  doing parameter workgroup = BEAST
  doing parameter netbios name = BEAST
[2009/07/20 15:44:36, 4] param/loadparm.c:handle_netbios_name(3144)
  handle_netbios_name: set global_myname to: BEAST
  doing parameter server string = Documents
  doing parameter security = user
  doing parameter hosts allow = 127.0 10.0. 10.100. 192.168.1. 127.
  doing parameter load printers = no
  doing parameter log file = /var/log/samba/log.%m
  doing parameter max log size = 500
  doing parameter encrypt passwords = yes
  doing parameter admin users = admin
  doing parameter passdb backend = ldapsam:ldap://localhost/
  doing parameter ldap suffix = dc=opz,dc=local
  doing parameter ldap user suffix = ou=users
  doing parameter ldap group suffix = ou=groups
  doing parameter ldap machine suffix = ou=computers
  doing parameter ldap admin dn = "cn=root,dc=opz,dc=local"
  doing parameter ldap delete dn = no
  doing parameter ldap ssl = off
  doing parameter socket options = TCP_NODELAY
  doing parameter local master = yes
  doing parameter os level = 64
  doing parameter domain master = yes
  doing parameter preferred master = yes
  doing parameter domain logons = yes
  doing parameter logon script = proxy.vbs
  doing parameter logon path = \\%L\Profiles\%U\%m   logon home = \\%L\Profiles\%U\%m
  doing parameter logon drive = Z:
  doing parameter wins support = yes
  doing parameter dns proxy = no
  doing parameter display charset = koi8-r
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2LE
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2LE
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16LE
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-16LE
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2BE
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2BE
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16BE
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-16BE
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF8
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF8
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-8
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-8
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset ASCII
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset ASCII
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset 646
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset 646
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset ISO-8859-1
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset ISO-8859-1
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS2-HEX
[2009/07/20 15:44:36, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS2-HEX
  doing parameter unix charset = koi8-r
  doing parameter dos charset = cp866
  doing parameter time server = yes
  doing parameter add machine script = /usr/local/sbin/ldapaddmachine '%u' computers
  doing parameter add user script = /usr/local/sbin/ldapadduser '%u' people
  doing parameter add group script = /usr/local/sbin/ldapaddgroup '%g'
  doing parameter add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
  doing parameter delete user script = /usr/local/sbin/ldapdeleteuser '%u'
  doing parameter delete group script = /usr/local/sbin/ldapdeletegroup '%g'
  doing parameter delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
  doing parameter set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
  doing parameter rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'
[2009/07/20 15:44:36, 4] param/loadparm.c:lp_load(5086)
  pm_process() returned Yes
[2009/07/20 15:44:36, 7] param/loadparm.c:lp_servicenumber(5224)
  lp_servicenumber: couldn't find homes
[2009/07/20 15:44:36, 10] param/loadparm.c:set_server_role(4330)
  set_server_role: role = ROLE_DOMAIN_PDC
[2009/07/20 15:44:36, 5] lib/util.c:init_names(287)
  Netbios name list:-
  my_netbios_names[0]="BEAST"
[2009/07/20 15:44:36, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.124.11 bcast=10.0.124.255 nmask=255.255.255.0
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(68)
  Attempting to register passdb backend ldapsam
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(81)
  Successfully added passdb backend 'ldapsam'
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(68)
  Attempting to register passdb backend ldapsam_compat
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(81)
  Successfully added passdb backend 'ldapsam_compat'
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(68)
  Attempting to register passdb backend NDS_ldapsam
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(81)
  Successfully added passdb backend 'NDS_ldapsam'
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(68)
  Attempting to register passdb backend NDS_ldapsam_compat
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(81)
  Successfully added passdb backend 'NDS_ldapsam_compat'
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(68)
  Attempting to register passdb backend smbpasswd
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(81)
  Successfully added passdb backend 'smbpasswd'
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(68)
  Attempting to register passdb backend tdbsam
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:smb_register_passdb(81)
  Successfully added passdb backend 'tdbsam'
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:make_pdb_method_name(121)
  Attempting to find an passdb backend to match ldapsam:ldap://localhost/ (ldapsam)
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:make_pdb_method_name(142)
  Found pdb backend ldapsam
[2009/07/20 15:44:36, 2] lib/smbldap_util.c:smbldap_search_domain_info(256)
  smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BEAST))]
[2009/07/20 15:44:36, 5] lib/smbldap.c:smbldap_search_ext(1182)
  smbldap_search_ext: base => [dc=opz,dc=local], filter => [(&(objectClass=sambaDomain)(sambaDomainName=BEAST))], scope => [2]
[2009/07/20 15:44:36, 5] lib/smbldap.c:smbldap_close(1085)
  The connection to the LDAP server was closed
[2009/07/20 15:44:36, 10] lib/smbldap.c:smb_ldap_setup_conn(630)
  smb_ldap_setup_connection: ldap://localhost/
[2009/07/20 15:44:36, 2] lib/smbldap.c:smbldap_open_connection(786)
  smbldap_open_connection: connection opened
[2009/07/20 15:44:36, 10] lib/smbldap.c:smbldap_connect_system(951)
  ldap_connect_system: Binding to ldap server ldap://localhost/ as "cn=root,dc=opz,dc=local"
[2009/07/20 15:44:36, 3] lib/smbldap.c:smbldap_check_root_dse(1694)
  smbldap_check_root_dse: Expected one rootDSE, got 0
[2009/07/20 15:44:36, 3] lib/smbldap.c:smbldap_connect_system(997)
  ldap_connect_system: successful connection to the LDAP server
  ldap_connect_system: LDAP server does not support paged results
[2009/07/20 15:44:36, 4] lib/smbldap.c:smbldap_open(1065)
  The LDAP server is successfully connected
[2009/07/20 15:44:36, 5] passdb/pdb_interface.c:make_pdb_method_name(153)
  pdb backend ldapsam:ldap://localhost/ has a valid init
[2009/07/20 15:44:36, 5] lib/smbldap.c:smbldap_search_ext(1182)
  smbldap_search_ext: base => [ou=groups,dc=opz,dc=local], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1004))], scope => [2]
[2009/07/20 15:44:36, 11] lib/smbldap.c:smbldap_open(1048)
  smbldap_open: already connected to the LDAP server
[2009/07/20 15:44:36, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2244)
  ldapsam_getgroup: Did not find group
[2009/07/20 15:44:36, 5] lib/smbldap.c:smbldap_search_ext(1182)
  smbldap_search_ext: base => [dc=opz,dc=local], filter => [(sambaSid=S-1-5-21-590619788-4257897885-808496250-515)], scope => [2]
[2009/07/20 15:44:36, 11] lib/smbldap.c:smbldap_open(1048)
  smbldap_open: already connected to the LDAP server
[2009/07/20 15:44:36, 5] lib/smbldap.c:smbldap_search_ext(1182)
  smbldap_search_ext: base => [dc=opz,dc=local], filter => [(&(objectClass=posixGroup)(gidNumber=1004))], scope => [2]
[2009/07/20 15:44:36, 11] lib/smbldap.c:smbldap_open(1048)
  smbldap_open: already connected to the LDAP server
[2009/07/20 15:44:36, 10] intl/lang_tdb.c:lang_tdb_init(138)
  lang_tdb_init: /usr/local/lib/samba/ru_RU.KOI8-R.msg: No such file or directory
adding entry for group computers failed!
[2009/07/20 15:44:36, 2] utils/net.c:main(1075)
  return code = -1

Код: Выделить всё

[root@dns ~/openldap]# ldapsearch -LLL -x -b 'dc=opz,dc=local' '*'
dn: dc=opz,dc=local
objectClass: dcObject
objectClass: organization
objectClass: top
dc: opz
o: opz

dn: ou=users,dc=opz,dc=local
objectClass: top
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=opz,dc=local
objectClass: top
objectClass: organizationalUnit
ou: groups

dn: ou=computers,dc=opz,dc=local
objectClass: top
objectClass: organizationalUnit
ou: computers

dn: cn=admins,ou=groups,dc=opz,dc=local
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: admins
gidNumber: 10001
sambaSID: S-1-5-21-590619788-4257897885-808496250-512
sambaGroupType: 2
displayName: admins
description: Domain Unix group

dn: cn=people,ou=groups,dc=opz,dc=local
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: people
gidNumber: 10002
sambaSID: S-1-5-21-590619788-4257897885-808496250-513
sambaGroupType: 2
displayName: people
description: Domain Unix group

dn: cn=computers,ou=groups,dc=opz,dc=local
objectClass: posixGroup
cn: computers
gidNumber: 10003
description: Group account

dn: uid=testuser,ou=users,dc=opz,dc=local
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: testuser
uid: testuser
uidNumber: 10001
gidNumber: 10002
homeDirectory: /home/testuser
loginShell: /usr/sbin/nologin
gecos: testuser
description: User account
sambaSID: S-1-5-21-590619788-4257897885-808496250-21002
displayName: testuser
sambaLMPassword: EA6D6728018639D46A982E888672826F
sambaNTPassword: DD65CA51F4AD8C81EAF86194779795EE
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1248093800
sambaAcctFlags: [U          ]

dn: uid=admin,ou=users,dc=opz,dc=local
objectClass: account
objectClass: posixAccount
cn: admin
uid: admin
uidNumber: 10002
gidNumber: 10001
homeDirectory: /home/admin
loginShell: /usr/sbin/nologin
gecos: admin
description: User account

dn: sambaDomainName=BEAST,dc=opz,dc=local
sambaDomainName: BEAST
sambaSID: S-1-5-21-590619788-4257897885-808496250
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0

Код: Выделить всё

[root@dns ~/openldap]# cat /etc/group
# $FreeBSD: src/etc/group,v 1.32.2.1 2006/03/06 22:23:10 rwatson Exp $
#
wheel:*:0:root,koshak
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root
mail:*:6:clamav
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
_dhcp:*:65:
uucp:*:66:
dialer:*:68:
network:*:69:
audit:*:77:
www:*:80:
nogroup:*:65533:
nobody:*:65534:
koshak:*:1001:
messagebus:*:556:
avahi:*:558:
ntadmins:*:1002:koshak
ntusers:*:1003:
computers:*:1004:
ldap:*:389:
clamav:*:106:
mysql:*:88:
dhcpd:*:1005:
webbind:*:1006:
admins:*:10001:
people:*:10002:
computers:*:10003:

Вообще ПДЦ пытаюсь поднять уже месяц... Как-то наваял так, что аутентицфикация фри была через самбу (тоесть машина была в домене) и зайти было 2 варианта: либо в сингл-юзер, либо через ssh... Это моя 3 попытка поднять ПДЦ

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[Burner]

я, конечно, извиняюсь, но по-моему, автор статьи удаляет гланды через задний проход. smbldap-tools для чего существуют?