[samba] Samba + LDAP

[Mikhail V. Drogovozov]

> Как уже только не пробывал.
> smb.conf:
> [global]
>         security = user
>         encrypt passwords = yes
>         netbios name = ldap
>         workgroup = fct
>         server string = LDAP FCT Server
>         ldap suffix = dc=ldap,dc=fct
>         ldap admin dn = "cn=root,dc=ldap,dc=fct"

> #./smbpasswd -w passwd
> Setting stored password for "cn=root,dc=ldap,dc=fct" in secrets.tdb

> #./smbpasswd -D 10 -a root
> Netbios name list:-
> my_netbios_names[0]="LDAP"
> Trying to load: ldapsam_compat
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend ldapsam_compat
> Successfully added passdb backend 'ldapsam_compat'
> Attempting to register passdb backend smbpasswd
> Successfully added passdb backend 'smbpasswd'
> Attempting to register passdb backend tdbsam
> Successfully added passdb backend 'tdbsam'
> Attempting to register passdb backend guest
> Successfully added passdb backend 'guest'
> Attempting to find an passdb backend to match ldapsam_compat (ldapsam_compat)
> Found pdb backend ldapsam_compat
> pdb backend ldapsam_compat has a valid init
> Attempting to find an passdb backend to match guest (guest)
> Found pdb backend guest
> pdb backend guest has a valid init
> New SMB password:
> Retype new SMB password:
> smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(uid=root)(objectclass=sa
> mbaAccount))], scope => [2]
> smbldap_open_connection: ldaps://localhost:636
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldaps://localhost:636 as "cn=root,dc
> =ldap,dc=fct"
> failed to bind to server with dn= cn=root,dc=ldap,dc=fct Error: Can't contact LD
> AP server
>         (unknown)
> Connection to LDAP server failed for the 1 try!
> smbldap_open_connection: ldaps://localhost:636
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldaps://localhost:636 as "cn=root,dc
> =ldap,dc=fct"
> failed to bind to server with dn= cn=root,dc=ldap,dc=fct Error: Can't contact LD
> AP server
>         (unknown)
> Connection to LDAP server failed for the 2 try!
> smbldap_open_connection: ldaps://localhost:636
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldaps://localhost:636 as "cn=root,dc=
> ldap,dc=fct"
> failed to bind to server with dn= cn=root,dc=ldap,dc=fct Error: Can't contact LD
> AP server
>         (unknown)
> Connection to LDAP server failed for the 4 try!
> ^C

> Не понятно почему SAMBA хочет соединится с ldaps://localhost:636,
> указываю в smb.conf порт, но все равно ldaps, я хочу сначала просто
> ldap:// видимо поэтому и не хочет пускать дальше. Как быть? Кто делал?
> Подскажите.

Netbios name list:-
my_netbios_names[0]="LDAP"
Trying to load: ldapsam_compat
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam_compat (ldapsam_compat)
Found pdb backend ldapsam_compat
pdb backend ldapsam_compat has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(uid=root)(objectclass=sambaAccount))], scope => [2]
smbldap_open_connection: ldap://localhost:389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost:389 as "cn=root,dc=ldap,dc=fct"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
ldapsam_getsampwnam: Unable to locate user [root] count=0
Finding user root
Trying _Get_Pwnam(), username as lowercase is root
Get_Pwnam_internals did find user [root]!
pdb_set_username: setting username root, was 
element 12 -> now SET
pdb_set_full_name: setting full name Charlie &, was 
element 13 -> now SET
pdb_set_unix_homedir: setting home dir /root, was NULL
element 22 -> now SET
pdb_set_domain: setting domain LDAP, was 
pdb_set_user_sid: setting user sid S-1-5-21-1210478347-957782820-1983002875-1000
element 18 -> now SET
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-1210478347-957782820-1983002875-1000 from rid 1000
smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2]
ldapsam_getgroup: Did not find group
pdb_set_group_sid: setting group sid S-1-5-21-1210478347-957782820-1983002875-1001
element 19 -> now SET
pdb_set_group_sid_from_rid:
        setting group sid S-1-5-21-1210478347-957782820-1983002875-1001 from rid 1001
Home server: ldap
pdb_set_profile_path: setting profile path \\ldap\root\profile, was 
Home server: ldap
pdb_set_homedir: setting home dir \\ldap\root, was 
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was 
pdb_init_sam_new: no RID specified.  Generating one via old algorithm
pdb_set_user_sid: setting user sid S-1-5-21-1210478347-957782820-1983002875-1000
element 18 -> now SET
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-1210478347-957782820-1983002875-1000 from rid 1000
account_policy_get: maximum password age:-1
account_policy_get: minimum password age:0
account_policy_get: password history:0
smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(uid=root)(objectclass=sambaAccount))], scope => [2]
smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(rid=1000)(objectclass=sambaAccount))], scope => [2]
smbldap_search: base => [dc=ldap,dc=fct], filter => [(uid=root)], scope => [2]
ldapsam_add_sam_account: User exists without samba attributes: adding them
init_ldap_from_sam: Setting entry for user: root
smbldap_get_single_attribute: [rid] = [<does not exist>]
smbldap_get_single_attribute: [primaryGroupID] = [<does not exist>]
smbldap_get_single_attribute: [displayName] = [<does not exist>]
smbldap_get_single_attribute: [pwdCanChange] = [<does not exist>]
smbldap_get_single_attribute: [pwdMustChange] = [<does not exist>]
smbldap_get_single_attribute: [lmPassword] = [<does not exist>]
smbldap_get_single_attribute: [ntPassword] = [<does not exist>]
account_policy_get: password history:0
smbldap_get_single_attribute: [pwdLastSet] = [<does not exist>]
smbldap_get_single_attribute: [acctFlags] = [<does not exist>]
smbldap_modify: dn => [uid=root,ou=People,dc=ldap,dc=fct]
ldapsam_modify_entry: Failed to modify user dn= uid=root,ou=People,dc=ldap,dc=fct with: Undefined attribute type
        rid: attribute type undefined
ldapsam_add_sam_account: failed to modify/add user with uid = root (dn = uid=root,ou=People,dc=ldap,dc=fct)


#cat /usr/local/samba/lib/smb.conf
[global]
        security = user
        encrypt passwords = yes
        netbios name = ldap
        workgroup = fct
        server string = LDAP FCT Server

ldap port = 389
ldap ssl = off
ldap suffix = dc=ldap,dc=fct
ldap admin dn = "cn=root,dc=ldap,dc=fct"

Если я правильно понял, то эти ошибки появляются потому что нет
"скелета" в базе LDAP для SAMBA, может кто поделится?

---
С уважением, Mikhail V. Drogovozov
     E-mail: mikhail на mail.knastu.ru
    Моб.тел: +7-924-225-1264
        ICQ: 149731111