FlorianSp
04.02.04, 09:30
guten morgen allerseits
mein ziel ist es, dass samba seine useraccounts aus einem LDAP-verzeichniss bezieht.
der sambaserver und der ldapserver sind auf derselben maschine installiert.
System:
OS: SuSE 9.0
Samba: v2.2.8
LDAP: OpenLDAP 2.1.22-65 LDAPv3
samba und openldap sind rpm's von den cd's.
Konfiguration:
----------------------------------
/etc/ldap.conf:
host 127.0.0.1
base dc=hobbes,dc=net
ldap version 3
---------------------------------
-------------------------------------------------------------------------------
/etc/openldap/slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
access to attr=userPassword,ntPassword,lmPassword
by self read
by anonymous auth
by dn="cn=ldapadmin,dc=hobbes,dc=net" write
by * none
access to *
by dn="cn=ldapadmin,dc=hobbes,dc=net" write
by * read
database ldbm
suffix "dc=hobbes,dc=net"
rootdn "cn=ldapadmin,dc=hobbes,dc=net"
rootpw *****
directory /var/lib/ldap
index objectClass eq
index uid pres,eq
index rid eq
index uidNumber eq
index gidNumber eq
index cn eq
index memberUid eq
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
/etc/samba/smb.conf
[global]
workgroup = HOBBES-NET
netbios name = HOBBES
server string = Spaltis LAP Server
encrypt passwords = No
map to guest = Bad User
passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password* %n\n *succesfully*
unix password sync = Yes
syslog = 0
time server = Yes
unix extensions = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
character set = ISO8859-1
domain admin group = @"Domain Admins"
add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
domain logons = Yes
os level = 80
preferred master = Yes
domain master = Yes
wins support = Yes
ldap server = 127.0.0.1
ldap port = 389
ldap suffix = dc=hobbes,dc=net
ldap admin dn = cn=ldapadmin,dc=hobbes,dc=net
ldap ssl = no
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
[share]
comment = Test Share
path = /home/share
read only = yes
browseable = yes
guest ok = no
----------------------------------------------------------------------------------
ich versuche mit dem user smb001 (ist im LDAP-Server vorhanden) auf den share [share] zuzugreifen.
dies geht aber nicht und kriege folgende log-meldungen.
/var/log/messages
hobbes slapd[7141]: conn=16 fd=10 ACCEPT from IP=127.0.0.1:34214 (IP=0.0.0.0:389)
hobbes slapd[7215]: conn=16 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" method=128
hobbes slapd[7215]: conn=16 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" mech=simple ssf=0
hobbes slapd[7215]: conn=16 op=0 RESULT tag=97 err=0 text=
hobbes slapd[7215]: conn=16 op=1 SRCH base="dc=hobbes,dc=net" scope=2 filter="(&(uid=anonymous)(objectClass=sambaAccount))"
hobbes slapd[7215]: conn=16 op=1 SRCH attr=uid rid cn lmPassword ntPassword pwdLastSet logonTime logoffTime kickoffTime pwdCanChange pwdMustChange acctFlags displayName smbHome homeDrive scriptPath profilePath description userWorkstations primaryGroupID domain
hobbes slapd[7215]: conn=16 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
hobbes slapd[7215]: conn=16 op=2 UNBIND
hobbes slapd[7215]: conn=16 fd=10 closed
hobbes slapd[7141]: conn=17 fd=10 ACCEPT from IP=127.0.0.1:34215 (IP=0.0.0.0:389)
hobbes slapd[7215]: conn=17 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" method=128
hobbes slapd[7215]: conn=17 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" mech=simple ssf=0
hobbes slapd[7215]: conn=17 op=0 RESULT tag=97 err=0 text=
hobbes slapd[7215]: conn=17 op=1 SRCH base="dc=hobbes,dc=net" scope=2 filter="(&(uid=anonymous)(objectClass=sambaAccount))"
hobbes slapd[7215]: conn=17 op=1 SRCH attr=uid rid cn lmPassword ntPassword pwdLastSet logonTime logoffTime kickoffTime pwdCanChange pwdMustChange acctFlags displayName smbHome homeDrive scriptPath profilePath description userWorkstations primaryGroupID domain
hobbes slapd[7215]: conn=17 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
hobbes slapd[7215]: conn=17 op=2 UNBIND
hobbes slapd[7215]: conn=17 fd=10 closed
hobbes slapd[7141]: conn=18 fd=10 ACCEPT from IP=127.0.0.1:34216 (IP=0.0.0.0:389)
Feb 4 11:28:54 hobbes slapd[7215]: conn=18 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" method=128
hobbes slapd[7215]: conn=18 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" mech=simple ssf=0
hobbes slapd[7215]: conn=18 op=0 RESULT tag=97 err=0 text=
hobbes slapd[7215]: conn=18 op=1 SRCH base="dc=hobbes,dc=net" scope=2 filter="(&(uid=smb001)(objectClass=sambaAccount))"
hobbes slapd[7215]: conn=18 op=1 SRCH attr=uid rid cn lmPassword ntPassword pwdLastSet logonTime logoffTime kickoffTime pwdCanChange pwdMustChange acctFlags displayName smbHome homeDrive scriptPath profilePath description userWorkstations primaryGroupID domain
hobbes slapd[7215]: conn=18 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
hobbes slapd[7215]: conn=18 op=2 UNBIND
hobbes slapd[7215]: conn=18 fd=10 closed
/var/log/samba/log.smbd
[2004/02/04 11:28:44, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
ldap_connect_system: Binding to ldap server as "cn=ldapadmin,dc=hobbes,dc=net"
[2004/02/04 11:28:44, 0] passdb/pdb_ldap.c:pdb_getsampwnam(940)
LDAP search "(&(uid=anonymous)(objectclass=sambaAccount))" returned 0 entries.
[2004/02/04 11:28:45, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
ldap_connect_system: Binding to ldap server as "cn=ldapadmin,dc=hobbes,dc=net"
[2004/02/04 11:28:45, 0] passdb/pdb_ldap.c:pdb_getsampwnam(940)
LDAP search "(&(uid=anonymous)(objectclass=sambaAccount))" returned 0 entries.
[2004/02/04 11:28:54, 0] passdb/pampass.c:smb_pam_passcheck(827)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User smb001 !
[2004/02/04 11:28:54, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
ldap_connect_system: Binding to ldap server as "cn=ldapadmin,dc=hobbes,dc=net"
hat jemand eine ahnung, was falsch sein könnte?
mein ziel ist es, dass samba seine useraccounts aus einem LDAP-verzeichniss bezieht.
der sambaserver und der ldapserver sind auf derselben maschine installiert.
System:
OS: SuSE 9.0
Samba: v2.2.8
LDAP: OpenLDAP 2.1.22-65 LDAPv3
samba und openldap sind rpm's von den cd's.
Konfiguration:
----------------------------------
/etc/ldap.conf:
host 127.0.0.1
base dc=hobbes,dc=net
ldap version 3
---------------------------------
-------------------------------------------------------------------------------
/etc/openldap/slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
access to attr=userPassword,ntPassword,lmPassword
by self read
by anonymous auth
by dn="cn=ldapadmin,dc=hobbes,dc=net" write
by * none
access to *
by dn="cn=ldapadmin,dc=hobbes,dc=net" write
by * read
database ldbm
suffix "dc=hobbes,dc=net"
rootdn "cn=ldapadmin,dc=hobbes,dc=net"
rootpw *****
directory /var/lib/ldap
index objectClass eq
index uid pres,eq
index rid eq
index uidNumber eq
index gidNumber eq
index cn eq
index memberUid eq
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
/etc/samba/smb.conf
[global]
workgroup = HOBBES-NET
netbios name = HOBBES
server string = Spaltis LAP Server
encrypt passwords = No
map to guest = Bad User
passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password* %n\n *succesfully*
unix password sync = Yes
syslog = 0
time server = Yes
unix extensions = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
character set = ISO8859-1
domain admin group = @"Domain Admins"
add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
domain logons = Yes
os level = 80
preferred master = Yes
domain master = Yes
wins support = Yes
ldap server = 127.0.0.1
ldap port = 389
ldap suffix = dc=hobbes,dc=net
ldap admin dn = cn=ldapadmin,dc=hobbes,dc=net
ldap ssl = no
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
[share]
comment = Test Share
path = /home/share
read only = yes
browseable = yes
guest ok = no
----------------------------------------------------------------------------------
ich versuche mit dem user smb001 (ist im LDAP-Server vorhanden) auf den share [share] zuzugreifen.
dies geht aber nicht und kriege folgende log-meldungen.
/var/log/messages
hobbes slapd[7141]: conn=16 fd=10 ACCEPT from IP=127.0.0.1:34214 (IP=0.0.0.0:389)
hobbes slapd[7215]: conn=16 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" method=128
hobbes slapd[7215]: conn=16 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" mech=simple ssf=0
hobbes slapd[7215]: conn=16 op=0 RESULT tag=97 err=0 text=
hobbes slapd[7215]: conn=16 op=1 SRCH base="dc=hobbes,dc=net" scope=2 filter="(&(uid=anonymous)(objectClass=sambaAccount))"
hobbes slapd[7215]: conn=16 op=1 SRCH attr=uid rid cn lmPassword ntPassword pwdLastSet logonTime logoffTime kickoffTime pwdCanChange pwdMustChange acctFlags displayName smbHome homeDrive scriptPath profilePath description userWorkstations primaryGroupID domain
hobbes slapd[7215]: conn=16 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
hobbes slapd[7215]: conn=16 op=2 UNBIND
hobbes slapd[7215]: conn=16 fd=10 closed
hobbes slapd[7141]: conn=17 fd=10 ACCEPT from IP=127.0.0.1:34215 (IP=0.0.0.0:389)
hobbes slapd[7215]: conn=17 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" method=128
hobbes slapd[7215]: conn=17 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" mech=simple ssf=0
hobbes slapd[7215]: conn=17 op=0 RESULT tag=97 err=0 text=
hobbes slapd[7215]: conn=17 op=1 SRCH base="dc=hobbes,dc=net" scope=2 filter="(&(uid=anonymous)(objectClass=sambaAccount))"
hobbes slapd[7215]: conn=17 op=1 SRCH attr=uid rid cn lmPassword ntPassword pwdLastSet logonTime logoffTime kickoffTime pwdCanChange pwdMustChange acctFlags displayName smbHome homeDrive scriptPath profilePath description userWorkstations primaryGroupID domain
hobbes slapd[7215]: conn=17 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
hobbes slapd[7215]: conn=17 op=2 UNBIND
hobbes slapd[7215]: conn=17 fd=10 closed
hobbes slapd[7141]: conn=18 fd=10 ACCEPT from IP=127.0.0.1:34216 (IP=0.0.0.0:389)
Feb 4 11:28:54 hobbes slapd[7215]: conn=18 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" method=128
hobbes slapd[7215]: conn=18 op=0 BIND dn="cn=ldapadmin,dc=hobbes,dc=net" mech=simple ssf=0
hobbes slapd[7215]: conn=18 op=0 RESULT tag=97 err=0 text=
hobbes slapd[7215]: conn=18 op=1 SRCH base="dc=hobbes,dc=net" scope=2 filter="(&(uid=smb001)(objectClass=sambaAccount))"
hobbes slapd[7215]: conn=18 op=1 SRCH attr=uid rid cn lmPassword ntPassword pwdLastSet logonTime logoffTime kickoffTime pwdCanChange pwdMustChange acctFlags displayName smbHome homeDrive scriptPath profilePath description userWorkstations primaryGroupID domain
hobbes slapd[7215]: conn=18 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
hobbes slapd[7215]: conn=18 op=2 UNBIND
hobbes slapd[7215]: conn=18 fd=10 closed
/var/log/samba/log.smbd
[2004/02/04 11:28:44, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
ldap_connect_system: Binding to ldap server as "cn=ldapadmin,dc=hobbes,dc=net"
[2004/02/04 11:28:44, 0] passdb/pdb_ldap.c:pdb_getsampwnam(940)
LDAP search "(&(uid=anonymous)(objectclass=sambaAccount))" returned 0 entries.
[2004/02/04 11:28:45, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
ldap_connect_system: Binding to ldap server as "cn=ldapadmin,dc=hobbes,dc=net"
[2004/02/04 11:28:45, 0] passdb/pdb_ldap.c:pdb_getsampwnam(940)
LDAP search "(&(uid=anonymous)(objectclass=sambaAccount))" returned 0 entries.
[2004/02/04 11:28:54, 0] passdb/pampass.c:smb_pam_passcheck(827)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User smb001 !
[2004/02/04 11:28:54, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
ldap_connect_system: Binding to ldap server as "cn=ldapadmin,dc=hobbes,dc=net"
hat jemand eine ahnung, was falsch sein könnte?