ldap + samba
Добавлено: 2012-05-27 19:55:02
доброго времени суток!
Пытаюсь связать ldap + pdc + samba!
проблема в том что не добовляются юзеры!
В лдап юзер попадает потом создается папка но при последнем шаге smbpasswd не может найти этого токо что созданного юзера
вопрос ПОЧЕМУ?
или ткните носом куда надос смотреть!
привожу пример:
если делать smbpasswd -x umbrellavc
то выдает следющее:
о системе:
вот конфы:
Пытаюсь связать ldap + pdc + samba!
проблема в том что не добовляются юзеры!
В лдап юзер попадает потом создается папка но при последнем шаге smbpasswd не может найти этого токо что созданного юзера
вопрос ПОЧЕМУ?
или ткните носом куда надос смотреть!
привожу пример:
Код: Выделить всё
[root@onyx /distr/freebsd/samba_ad]# ldapdeleteuser umbrellavc
Warning : using command-line passwords, ldapscripts may not be safe
Successfully deleted user uid=umbrellavc,ou=users,dc=onyx,dc=com from LDAP
[root@onyx /distr/freebsd/samba_ad]# smbpasswd -D 10 -a umbrellavc
Netbios name list:-
my_netbios_names[0]="ONYX"
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to find a passdb backend to match ldapsam:ldap://127.0.0.1 (ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ONYX))]
smbldap_search_ext: base => [dc=onyx,dc=com], filter => [(&(objectClass=sambaDomain)(sambaDomainName=ONYX))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://127.0.0.1
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://127.0.0.1 as "cn=root,dc=onyx,dc=com"
ldap_connect_system: successful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
The LDAP server is successfully connected
pdb backend ldapsam:ldap://127.0.0.1 has a valid init
New SMB password:
Retype new SMB password:
smbldap_search_ext: base => [dc=onyx,dc=com], filter => [(&(uid=umbrellavc)(objectclass=sambaSamAccount))], scope => [2]
ldapsam_getsampwnam: Unable to locate user [umbrellavc] count=0
Finding user umbrellavc
Trying _Get_Pwnam(), username as lowercase is umbrellavc
Trying _Get_Pwnam(), username as uppercase is UMBRELLAVC
Checking combinations of 0 uppercase letters in umbrellavc
Get_Pwnam_internals didn't find user [umbrellavc]!
Warning : using command-line passwords, ldapscripts may not be safe
Successfully added user umbrellavc to LDAP
Successfully set password for user umbrellavc
Skipped home directory creation for user umbrellavc (already exists)
_samr_create_user: Running the command `/usr/local/sbin/ldapadduser 'umbrellavc' users' gave 0
Finding user umbrellavc
Trying _Get_Pwnam(), username as lowercase is umbrellavc
Trying _Get_Pwnam(), username as uppercase is UMBRELLAVC
Checking combinations of 0 uppercase letters in umbrellavc
Get_Pwnam_internals didn't find user [umbrellavc]!
pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER
Failed to add entry for user umbrellavc.
The connection to the LDAP server was closed
то выдает следющее:
Код: Выделить всё
Failed to find entry for user umbrellavc
но если искать в ldapsearch то там он есть!
[root@onyx /distr/freebsd/samba_ad]# ldapsearch -LLL -x -b 'dc=onyx,dc=com' 'uid=umbrellavc'
dn: uid=umbrellavc,ou=users,dc=onyx,dc=com
objectClass: account
objectClass: posixAccount
cn: umbrellavc
uid: umbrellavc
uidNumber: 10007
gidNumber: 1003
homeDirectory: /home/samba/homes/umbrellavc
loginShell: /bin/sbin/nologin
gecos: umbrellavc
description: User account
Но вот в smbpasswd его както не находит
[root@onyx /distr/freebsd/samba_ad]# smbpasswd -x umbrellavc
Failed to find entry for user umbrellavc.Код: Выделить всё
FreeBSD onyx.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Mon May 21 01:35:23 ALMT 2012 root@onyx.com:/usr/src/sys/amd64/compile/GENERIC amd64
Samba version 3.5.15
PID Username Group Machine
-------------------------------------------------------------------
Service pid machine Connected at
-------------------------------------------------------
No locked files
[root@onyx ~]# wbinfo -m
BUILTIN
ONYX
[root@onyx ~]# /usr/local/etc/rc.d/samba restart
Performing sanity check on Samba configuration: OK
Stopping winbindd.
Waiting for PIDS: 30408.
Stopping smbd.
Waiting for PIDS: 30405.
Stopping nmbd.
Waiting for PIDS: 30402.
Removing stale Samba tdb files: ........ done
Starting nmbd.
Starting smbd.
Starting winbindd.
Код: Выделить всё
smb.conf:
#======================= Global Settings =====================================
[global]
display charset = koi8-r
ldap ssl = off
admin users = umbrellavc
delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
time server = yes
hosts allow = 192.168.90. 10.10.0. 127. 192.168.88.
winbind uid = 10000-20000
dns proxy = no
netbios name = onyx
dos charset = cp866
rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew
local master = yes
workgroup = onyx
os level = 255
ldap admin dn = "cn=root,dc=onyx,dc=com"
security = user
add machine script = /usr/local/sbin/ldapaddmachine '%u' computers
delete user script = /usr/local/sbin/ldapdeleteuser '%u'
winbind separator = @
max log size = 50000
log file = /var/log/samba/samba.log
load printers = no
ldap user suffix = ou=users
add group script = /usr/local/sbin/ldapaddgroup '%g'
delete group script = /usr/local/sbin/ldapdeletegroup '%g'
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
logon drive = R:
interfaces = re3
domain master = yes
encrypt passwords = yes
winbind use default domain = yes
wins proxy = yes
passdb backend = ldapsam:ldap://127.0.0.1
logon home = \\%L\homes
wins support = true
ldap delete dn = no
ldap group suffix = ou=groups
server string = Onyx Server
ldap machine suffix = ou=computers
ldap suffix = dc=onyx,dc=com
winbind gid = 10000-20000
logon path =
add user script = /usr/local/sbin/ldapadduser '%u' users
set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
unix charset = koi8-r
preferred master = yes
domain logons = yes
# wins server = 192.168.90.250
# Пустое значение - неперемещаемые профили.
# username map = /usr/local/etc/samba/smbusers
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
path = /home/samba/homes/%U
browseable = no
writable = yes
public = no
read only = no
create mask = 0600
directory mask = 0700
valid users = %S
[netlogon]
comment = Network Logon Service
path = /usr/local/etc/samba/netlogon
browseable = no
guest ok = yes
writable = no
share modes = no
volume = NETLOGON
[profiles]
create mode = 0600
directory mode = 700
path = /home/samba/profiles/%u
browseable = no
guest ok = yes
writeable = yes
[pub]
comment = Папка общего пользования
path = /home/samba/pub
valid users = @users
create mode = 666
directory mode = 777
public = yes
writable = yes
printable = no
browseable = yes
[IPC$]
path = /tmp
hosts allow = 192.168.90.0/24 10.10.100.0/24 127.0.0.1
hosts deny = 0.0.0.0/0
slapd.conf:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
#include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
# схемы самбы берутся из самбы (потом скопируем), схемы dns и dhcp
# тоже позже скопируем. пока строчки закоментарим
include /usr/local/etc/openldap/schema/samba.schema
#include /usr/local/etc/openldap/schema/dnszone.schema
#include /usr/local/etc/openldap/schema/dhcp.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_ldap
moduleload back_ldbm
access to attr=userPassword
by self write
by anonymous auth
by dn="uid=root,dc=onyx,dc=com" write
by * none
access to attrs=sambaLMPassword,sambaNTPassword
by dn="cn=umbrellavc,ou=users,dc=onyx,dc=com" write
by * none
access to *
by dn="uid=root,dc=onyx,dc=com" write
by * read
access to attrs=userPassword
by dn="cn=root,dc=onyx,dc=com" write
by self write
by anonymous auth
by * none
access to *
by self write
by anonymous read
by * none
#######################################################################
# BDB database definitions
#######################################################################
backend ldbm
database ldbm
suffix "dc=onyx,dc=com"
rootdn "cn=root,dc=onyx,dc=com"
#
# пароль на рута можно сгенерировать с помощью slappasswd
#
rootpw {SSHA}LBN6v8jc092z+qTdckOm2NhtEMZrnvhS
directory /var/db/openldap-data
index objectClass eq
index cn eq
loglevel 256
nss_ldap.conf:
# Корневой каталог LDAP сервера
uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/
base dc=onyx,dc=com
# Если не удалось подключиться к LDAP,
# То не пытаться переподключиться
bind_policy soft
# Timeout подключения к LDAP серверу
bind_timelimit 10
# ip-адрес или hostname LDAP сервера
host localhost
# nss_ldap закроет подключение, если сервер
# не ответит в указонное в idle_timelimit время
idle_timelimit 3600
# Версия протокола
ldap_version 3
# Описание каталогов, где хранятся группы, пользователи, пароли соответственно
nss_base_group ou=groups,dc=onyx,dc=com?one
nss_base_passwd ou=users,dc=onyx,dc=com?one
# Следущая строку нужна для samb'ы, так как аккаунты
# компьютеров должны быть видны системе
nss_base_passwd ou=computers,dc=onyx,dc=com?one
nss_base_shadow ou=users,dc=onyx,dc=com?one
# persist -- не отключаться от LDAP сервера
# oneshot -- отключаться после каждого запроса
nss_connect_policy persist
# Использовать страничный вывод
nss_paged_results yes
# Размер страницы
pagesize 1000
# Порт, на котором работает LDAP
port 389
# Область поиска
scope one
# Время ожидпния при поиске
timelimit 30
nsswitch:.conf:
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: release/9.0.0/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z d
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
ldapscripts.conf:
SERVER="localhost"
BINDDN="cn=root,dc=onyx,dc=com"
BINDPWD="real2012"
SUFFIX="dc=onyx,dc=com"
GSUFFIX="ou=groups"
USUFFIX="ou=users"
MSUFFIX="ou=computers"
GIDSTART="10000"
UIDSTART="10000"
MIDSTART="20000"
USHELL="/usr/sbin/nologin"
UHOMES="/home/samba/homes/%u"
ASKGECOS="no"
CREATEHOMES="yes"
HOMESKEL="/etc/skel"
HOMEPERMS="700"
# Одна строка
PASSWORDGEN="head -c8 /dev/random | uuencode -m - | sed -n -e '2s|=*$||;2p' | sed -e 's|+||g' -e 's|/||g'"
RECORDPASSWORDS="yes"
PASSWORDFILE="/var/log/ldapscripts_passwd.log"
LOGFILE="/var/log/ldapscripts.log"
LDAPSEARCHBIN="/usr/local/bin/ldapsearch"
LDAPADDBIN="/usr/local/bin/ldapadd"
LDAPDELETEBIN="/usr/local/bin/ldapdelete"
LDAPMODIFYBIN="/usr/local/bin/ldapmodify"
LDAPMODRDNBIN="/usr/local/bin/ldapmodrdn"
LDAPPASSWDBIN="/usr/local/bin/ldappasswd"
GETENTPWCMD=""
GETENTGRCMD=""
GCLASS="posixGroup"