armun
29.03.04, 10:25
Servus
Der Server läuf die Anmeldung von Benutzern auch.
Habe versucht auf der DOSE (NT4SP6) unter Netzwerk->Identifikationsänderung ein "Computerkonto in der Domäne ( zu ) erstellen". Leider schlägt dies fehl da ich scheinbar einen falschen Benutzernamen oder Kennwort angebe.
Wer kann mir weiterhelfen?
Hier die syslog von Debian 3r2:
Mar 29 10:07:41 SRV-ELEKTRONIK smbd[1909]: connect from 192.168.11.145
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1305]: conn=500 fd=35 ACCEPT from IP=127.0.0.1:34008 (IP=0.0.0.0:389)
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1415]: conn=500 op=0 BIND dn="cn=root,dc=ELEKTRONIK,dc=NETZ" method=128
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1415]: conn=500 op=0 BIND dn="cn=root,dc=ELEKTRONIK,dc=NETZ" mech=SIMPLE ssf=0
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1415]: conn=500 op=0 RESULT tag=97 err=0 text=
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1484]: conn=500 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=ELEKTRON IK))"
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1484]: conn=500 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1484]: conn=500 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 29 10:07:42 SRV-ELEKTRONIK slapd[1415]: conn=500 op=2 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(&(uid=AFICIO)(objectClass=sambaSamAccount))(objectC lass=sambaSamAccount))"
Mar 29 10:07:42 SRV-ELEKTRONIK slapd[1415]: conn=500 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Mar 29 10:07:42 SRV-ELEKTRONIK slapd[1415]: conn=500 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Mar 29 10:07:42 SRV-ELEKTRONIK slapd[1305]: conn=500 fd=35 closed
Mar 29 10:07:44 SRV-ELEKTRONIK smbd[1910]: connect from 192.168.11.145
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1305]: conn=501 fd=35 ACCEPT from IP=127.0.0.1:34009 (IP=0.0.0.0:389)
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1484]: conn=501 op=0 BIND dn="cn=root,dc=ELEKTRONIK,dc=NETZ" method=128
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1484]: conn=501 op=0 BIND dn="cn=root,dc=ELEKTRONIK,dc=NETZ" mech=SIMPLE ssf=0
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1484]: conn=501 op=0 RESULT tag=97 err=0 text=
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1415]: conn=501 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=ELEKTRON IK))"
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1415]: conn=501 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1415]: conn=501 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 29 10:07:46 SRV-ELEKTRONIK slapd[1484]: conn=501 op=2 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(&(uid=root)(objectClass=sambaSamAccount))(objectCla ss=sambaSamAccount))"
Mar 29 10:07:46 SRV-ELEKTRONIK slapd[1484]: conn=501 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Mar 29 10:07:46 SRV-ELEKTRONIK slapd[1484]: conn=501 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 29 10:07:46 SRV-ELEKTRONIK slapd[1305]: conn=501 fd=35 closed
Auf dem Testsystem mit Samba 3.0.2a sind alle Passwörter derzeit auf root gesetzt.
Hier noch ein Auszug aus der smb.conf:
# Samba config file created using SWAT
# from 192.168.11.166 (192.168.11.166)
# Date: 2004/03/29 09:49:10
# Global parameters
[global]
workgroup = ELEKTRONIK
netbios name = ELEKTRONIK-SRV
server string = %h server (Samba %v)
auth methods = guest, sam, winbind
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://localhost, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n
syslog = 256
log file = /var/log/samba/log.%m
max log size = 1000
domain logons = Yes
dns proxy = No
ldap suffix = dc=ELEKTRONIK,dc=NETZ
ldap machine suffix = ou=machines
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=root,dc=ELEKTRONIK,dc=NETZ
ldap ssl = no
ldap passwd sync = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
hosts allow = all
profile acls = Yes
Auszug aus der slapd.conf:
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 256
# Set up replication for entire database to LDAPserver. Please note that this
# does not use a secure connection!
# replica host=192.168.11.144:389 bindmethod=simple binddn= credentials=
################################################## #####################
# ldbm database definitions
################################################## #####################
modulepath /usr/lib/ldap
moduleload back_ldbm.so
backend ldbm
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
GNU nano 1.0.6 File: /etc/ldap/slapd.conf
suffix "dc=ELEKTRONIK,dc=NETZ"
# Where the database file are physically stored
directory "/var/lib/ldap"
rootdn "cn=root,dc=ELEKTRONIK,dc=NETZ"
rootpw root
# Indexing options
index objectClass eq,pres
index cn,sn,uid,mail,givenname eq,pres,approx,sub
index default sub
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by * read
by self write
by * compare
# The admin dn has full write access
access to *
by dn="cn=root,dc=ELEKTRONIK,dc=NETZ" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,o=HuberKaeltemaschinenbauGmbH,c=DE" write
# by dnattr=owner write
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uidNumber,gidNumber,memberUid eq
Das smbpasswd -w root -> ist gesetzt.
Siehe auch:
http://www.linuxforen.de/forums/showthread.php?t=129661
Der Server läuf die Anmeldung von Benutzern auch.
Habe versucht auf der DOSE (NT4SP6) unter Netzwerk->Identifikationsänderung ein "Computerkonto in der Domäne ( zu ) erstellen". Leider schlägt dies fehl da ich scheinbar einen falschen Benutzernamen oder Kennwort angebe.
Wer kann mir weiterhelfen?
Hier die syslog von Debian 3r2:
Mar 29 10:07:41 SRV-ELEKTRONIK smbd[1909]: connect from 192.168.11.145
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1305]: conn=500 fd=35 ACCEPT from IP=127.0.0.1:34008 (IP=0.0.0.0:389)
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1415]: conn=500 op=0 BIND dn="cn=root,dc=ELEKTRONIK,dc=NETZ" method=128
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1415]: conn=500 op=0 BIND dn="cn=root,dc=ELEKTRONIK,dc=NETZ" mech=SIMPLE ssf=0
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1415]: conn=500 op=0 RESULT tag=97 err=0 text=
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1484]: conn=500 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=ELEKTRON IK))"
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1484]: conn=500 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Mar 29 10:07:41 SRV-ELEKTRONIK slapd[1484]: conn=500 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 29 10:07:42 SRV-ELEKTRONIK slapd[1415]: conn=500 op=2 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(&(uid=AFICIO)(objectClass=sambaSamAccount))(objectC lass=sambaSamAccount))"
Mar 29 10:07:42 SRV-ELEKTRONIK slapd[1415]: conn=500 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Mar 29 10:07:42 SRV-ELEKTRONIK slapd[1415]: conn=500 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Mar 29 10:07:42 SRV-ELEKTRONIK slapd[1305]: conn=500 fd=35 closed
Mar 29 10:07:44 SRV-ELEKTRONIK smbd[1910]: connect from 192.168.11.145
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1305]: conn=501 fd=35 ACCEPT from IP=127.0.0.1:34009 (IP=0.0.0.0:389)
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1484]: conn=501 op=0 BIND dn="cn=root,dc=ELEKTRONIK,dc=NETZ" method=128
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1484]: conn=501 op=0 BIND dn="cn=root,dc=ELEKTRONIK,dc=NETZ" mech=SIMPLE ssf=0
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1484]: conn=501 op=0 RESULT tag=97 err=0 text=
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1415]: conn=501 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=ELEKTRON IK))"
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1415]: conn=501 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Mar 29 10:07:44 SRV-ELEKTRONIK slapd[1415]: conn=501 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 29 10:07:46 SRV-ELEKTRONIK slapd[1484]: conn=501 op=2 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(&(uid=root)(objectClass=sambaSamAccount))(objectCla ss=sambaSamAccount))"
Mar 29 10:07:46 SRV-ELEKTRONIK slapd[1484]: conn=501 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Mar 29 10:07:46 SRV-ELEKTRONIK slapd[1484]: conn=501 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 29 10:07:46 SRV-ELEKTRONIK slapd[1305]: conn=501 fd=35 closed
Auf dem Testsystem mit Samba 3.0.2a sind alle Passwörter derzeit auf root gesetzt.
Hier noch ein Auszug aus der smb.conf:
# Samba config file created using SWAT
# from 192.168.11.166 (192.168.11.166)
# Date: 2004/03/29 09:49:10
# Global parameters
[global]
workgroup = ELEKTRONIK
netbios name = ELEKTRONIK-SRV
server string = %h server (Samba %v)
auth methods = guest, sam, winbind
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://localhost, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n
syslog = 256
log file = /var/log/samba/log.%m
max log size = 1000
domain logons = Yes
dns proxy = No
ldap suffix = dc=ELEKTRONIK,dc=NETZ
ldap machine suffix = ou=machines
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=root,dc=ELEKTRONIK,dc=NETZ
ldap ssl = no
ldap passwd sync = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
hosts allow = all
profile acls = Yes
Auszug aus der slapd.conf:
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 256
# Set up replication for entire database to LDAPserver. Please note that this
# does not use a secure connection!
# replica host=192.168.11.144:389 bindmethod=simple binddn= credentials=
################################################## #####################
# ldbm database definitions
################################################## #####################
modulepath /usr/lib/ldap
moduleload back_ldbm.so
backend ldbm
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
GNU nano 1.0.6 File: /etc/ldap/slapd.conf
suffix "dc=ELEKTRONIK,dc=NETZ"
# Where the database file are physically stored
directory "/var/lib/ldap"
rootdn "cn=root,dc=ELEKTRONIK,dc=NETZ"
rootpw root
# Indexing options
index objectClass eq,pres
index cn,sn,uid,mail,givenname eq,pres,approx,sub
index default sub
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by * read
by self write
by * compare
# The admin dn has full write access
access to *
by dn="cn=root,dc=ELEKTRONIK,dc=NETZ" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,o=HuberKaeltemaschinenbauGmbH,c=DE" write
# by dnattr=owner write
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uidNumber,gidNumber,memberUid eq
Das smbpasswd -w root -> ist gesetzt.
Siehe auch:
http://www.linuxforen.de/forums/showthread.php?t=129661