[samba] Re: [freebsd] Samba + LDAP
Mikhail V. Drogovozov
mikhail на mail.knastu.ru
Пт Мар 4 11:17:10 MSK 2005
> Как уже только не пробывал.
> smb.conf:
> [global]
> security = user
> encrypt passwords = yes
> netbios name = ldap
> workgroup = fct
> server string = LDAP FCT Server
> ldap suffix = dc=ldap,dc=fct
> ldap admin dn = "cn=root,dc=ldap,dc=fct"
> #./smbpasswd -w passwd
> Setting stored password for "cn=root,dc=ldap,dc=fct" in secrets.tdb
> #./smbpasswd -D 10 -a root
> Netbios name list:-
> my_netbios_names[0]="LDAP"
> Trying to load: ldapsam_compat
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend ldapsam_compat
> Successfully added passdb backend 'ldapsam_compat'
> Attempting to register passdb backend smbpasswd
> Successfully added passdb backend 'smbpasswd'
> Attempting to register passdb backend tdbsam
> Successfully added passdb backend 'tdbsam'
> Attempting to register passdb backend guest
> Successfully added passdb backend 'guest'
> Attempting to find an passdb backend to match ldapsam_compat (ldapsam_compat)
> Found pdb backend ldapsam_compat
> pdb backend ldapsam_compat has a valid init
> Attempting to find an passdb backend to match guest (guest)
> Found pdb backend guest
> pdb backend guest has a valid init
> New SMB password:
> Retype new SMB password:
> smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(uid=root)(objectclass=sa
> mbaAccount))], scope => [2]
> smbldap_open_connection: ldaps://localhost:636
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldaps://localhost:636 as "cn=root,dc
> =ldap,dc=fct"
> failed to bind to server with dn= cn=root,dc=ldap,dc=fct Error: Can't contact LD
> AP server
> (unknown)
> Connection to LDAP server failed for the 1 try!
> smbldap_open_connection: ldaps://localhost:636
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldaps://localhost:636 as "cn=root,dc
> =ldap,dc=fct"
> failed to bind to server with dn= cn=root,dc=ldap,dc=fct Error: Can't contact LD
> AP server
> (unknown)
> Connection to LDAP server failed for the 2 try!
> smbldap_open_connection: ldaps://localhost:636
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldaps://localhost:636 as "cn=root,dc=
> ldap,dc=fct"
> failed to bind to server with dn= cn=root,dc=ldap,dc=fct Error: Can't contact LD
> AP server
> (unknown)
> Connection to LDAP server failed for the 4 try!
> ^C
> Не понятно почему SAMBA хочет соединится с ldaps://localhost:636,
> указываю в smb.conf порт, но все равно ldaps, я хочу сначала просто
> ldap:// видимо поэтому и не хочет пускать дальше. Как быть? Кто делал?
> Подскажите.
И так вот чего добился:
#./smbpasswd -D 10 -a root
Netbios name list:-
my_netbios_names[0]="LDAP"
Trying to load: ldapsam_compat
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam_compat (ldapsam_compat)
Found pdb backend ldapsam_compat
pdb backend ldapsam_compat has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
New SMB password:
Retype new SMB password:
smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(uid=root)(objectclass=sa
mbaAccount))], scope => [2]
smbldap_open_connection: ldap://localhost:389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost:389 as "cn=root,dc=
ldap,dc=fct"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
ldapsam_getsampwnam: Unable to locate user [root] count=0
Finding user root
Trying _Get_Pwnam(), username as lowercase is root
Get_Pwnam_internals did find user [root]!
pdb_set_username: setting username root, was
element 12 -> now SET
pdb_set_full_name: setting full name Charlie &, was
element 13 -> now SET
pdb_set_unix_homedir: setting home dir /root, was NULL
element 22 -> now SET
pdb_set_domain: setting domain LDAP, was
pdb_set_user_sid: setting user sid S-1-5-21-1210478347-957782820-1983002875-1000
element 18 -> now SET
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-1210478347-957782820-1983002875-1000 from rid
1000
smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(objectClass=sambaGroupMa
pping)(gidNumber=0))], scope => [2]
ldapsam_getgroup: Did not find group
pdb_set_group_sid: setting group sid S-1-5-21-1210478347-957782820-1983002875-10
01
element 19 -> now SET
pdb_set_group_sid_from_rid:
setting group sid S-1-5-21-1210478347-957782820-1983002875-1001 from rid
1001
Home server: ldap
pdb_set_profile_path: setting profile path \\ldap\root\profile, was
Home server: ldap
pdb_set_homedir: setting home dir \\ldap\root, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
pdb_init_sam_new: no RID specified. Generating one via old algorithm
pdb_set_user_sid: setting user sid S-1-5-21-1210478347-957782820-1983002875-1000
element 18 -> now SET
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-1210478347-957782820-1983002875-1000 from rid
1000
account_policy_get: maximum password age:-1
account_policy_get: minimum password age:0
account_policy_get: password history:0
smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(uid=root)(objectclass=sa
mbaAccount))], scope => [2]
smbldap_search: base => [dc=ldap,dc=fct], filter => [(&(rid=1000)(objectclass=sa
mbaAccount))], scope => [2]
smbldap_search: base => [dc=ldap,dc=fct], filter => [(uid=root)], scope => [2]
ldapsam_add_sam_account: More than one user with that uid exists: bailing out!
Failed to add entry for user root.
Failed to modify password entry for user root
#cat /usr/local/samba/lib/smb.conf
[global]
security = user
encrypt passwords = yes
netbios name = ldap
workgroup = fct
server string = LDAP FCT Server
ldap port = 389
ldap ssl = off
ldap suffix = dc=ldap,dc=fct
ldap admin dn = "cn=root,dc=ldap,dc=fct"
#ldapsearch -LL -H ldap://localhost -b"ou=users,dc=ldap,dc=fct" -x "(uid=root)"
version: 1
dn: uid=root,ou=Users,dc=ldap,dc=fct
uid: root
sambaSID: S-1-5-21-1210478347-957782820-1983002875-1000
sambaPrimaryGroupSID: S-1-5-21-1210478347-957782820-1983002875-1001
displayName: root
sambaPwdCanChange: 1056998752
sambaPwdMustChange: 1058813152
sambaLMPassword: 180887AAAABBBBCCCDDDA26A841A86FA
sambaNTPassword: 069CCCDDDA26A8453887AAAABDDD3C48
sambaPwdLastSet: 1056998752
sambaAcctFlags: [U ]
objectClass: account
objectClass: sambaSamAccount
#ldapsearch -LL -H ldap://localhost -b"dc=ldap,dc=fct" -x "(uid=root)"
version: 1
dn: uid=root,ou=People,dc=ldap,dc=fct
uid: root
cn: Charlie &
givenName: Charlie
sn: &
mail: root на ldap.fct
mailRoutingAddress: root на ldap.fct
mailHost: ldap.fct
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: e2NyeXB0fSo=
loginShell: /bin/csh
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Charlie &
dn: uid=root,ou=Users,dc=ldap,dc=fct
uid: root
sambaSID: S-1-5-21-1210478347-957782820-1983002875-1000
sambaPrimaryGroupSID: S-1-5-21-1210478347-957782820-1983002875-1001
displayName: root
sambaPwdCanChange: 1056998752
sambaPwdMustChange: 1058813152
sambaLMPassword: 180887AAAABBBBCCCDDDA26A841A86FA
sambaNTPassword: 069CCCDDDA26A8453887AAAABDDD3C48
sambaPwdLastSet: 1056998752
sambaAcctFlags: [U ]
objectClass: account
objectClass: sambaSamAccount
Подскажите в каком направлении смотреть дальше?
---
С уважением, Mikhail V. Drogovozov
E-mail: mikhail на mail.knastu.ru
Моб.тел: +7-924-225-1264
ICQ: 149731111
Подробная информация о списке рассылки Samba