armun
14.04.04, 09:19
Servus
GOsa - Kein Login
Ich habe Probleme mit dem Webfrontend Tool Gosa unter Debian
3r2 mit Samba 3. Der Server läuft und ich kann mich
von anderen Stationen (M$ DOS - XP) auch anmelden. Leider
brauche ich noch ein Tool um die ACLs in der
slapd.conf zu bearbeiten. Nach den Screenshots (gonicus.de)
zufolge solte es mit Gosa möglich sein oder?
Derzeit benutze ich das Webfrontend LAM (Ldap Account Manager). Damit kann ich Benutzer Gruppen erstellen doch leider keine ACLs bearbeiten.
Oder wies einer von euch ein Tool mit dem ich die ACLs bearbeiten kann?
Leider komme ich schon nicht über das Anmeldescript
hinaus.
Wer hat schon mal was gemacht mit Gosa?
Hier die Ausgabe der syslog:
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[750]:
conn=4 fd=10 ACCEPT from
IP=192.168.11.144:32833 (IP=0.0.0.0:389)
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=0 BIND
dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
method=128
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=0 BIND
dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
mech=SIMPLE ssf=0
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=0 RESULT tag=97 err=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=1 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goImapServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=1 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=2 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goKrbServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=2 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=3 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goCupsServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=3 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=4 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goFaxServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=4 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=5 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(&(objectClass=goNfsServer)(goExportEntry=
*))"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=5 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=6 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goTerminalServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=6 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=7 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goLdapServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=7 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=8 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goNtpServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=8 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=9 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goSyslogServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=9 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=10 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=sambaDomain)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=10 SEARCH RESULT tag=101 err=0
nentries=2 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[750]:
conn=5 fd=16 ACCEPT from
IP=192.168.11.144:32834 (IP=0.0.0.0:389)
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 op=0 BIND
dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
method=128
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 op=0 BIND
dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
mech=SIMPLE ssf=0
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 op=0 RESULT tag=97 err=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[750]:
conn=6 fd=18 ACCEPT from
IP=192.168.11.144:32835 (IP=0.0.0.0:389)
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=0 BIND dn="" method=128
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=0 RESULT tag=97 err=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=1 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(&(uid=root)(objectClass=gosaAccount))"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=1 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=2 UNBIND
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 fd=18 closed
Apr 14 08:23:10 SRV-ELEKTRONIK apache: GOsa:
Authentication failed for user "root"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=11 UNBIND
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 fd=10 closed
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 op=1 UNBIND
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 fd=16 closed
slapd.conf:
# This is the main ldapd configuration file. See
slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include etcldap/schema/core.schema
include etcldap/schema/cosine.schema
include etcldap/schema/inetorgperson.schema
include etcldap/schema/openldap.schema
include etcldap/schema/nis.schema
include etcldap/schema/misc.schema
#include etcldap/schema/samba.schema
# These should be present for GOsa
include etcldap/schema/goschema/
samba.schema
include etcldap/schema/goschema/
samba3.schema
include etcldap/schema/goschema/
gohard.schema
include etcldap/schema/goschema/
goto.schema
include etcldap/schema/goschema/
gosa.schema
include etcldap/schema/goschema/
gofirewall.schema
include etcldap/schema/goschema/
gofax.schema
include etcldap/schema/goschema/
goserver.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile varrun/slapd.pid
# List of arguments that were passed to the server
argsfile varrun/slapd.args
# Where to store the replica logs
replogfile varlib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 256
# Set up replication for entire database to
LDAPserver. Please note that this
# does not use a secure connection!
# replica host=192.168.11.144:389
bindmethod=simple binddn= credentials=
modulepath usrlib/ldap
moduleload back_ldbm.so
backend ldbm
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "dc=ELEKTRONIK,dc=NETZ"
# Where the database file are physically stored
directory "/var/lib/ldap"
rootdn "cn=root,dc=ELEKTRONIK,dc=NETZ"
rootpw root
# Indexing options
index objectClass eq,pres
index cn,sn,uid,mail,givenname
eq,pres,approx,sub
index default sub
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by * read
by self write
by * compare
# The admin dn has full write access
access to *
by dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
write
by * read
access to *
by dn="cn=admin,dc=ELEKTRONIK,dc=NETZ"
write
by * read
# For Netscape Roaming support, each user gets a
roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by
dn="cn=admin,o=HuberKaeltemaschinenbauGmbH,c
=DE" write
# by dnattr=owner write
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uidNumber,gidNumber,memberUid eq
Auszug aus der gosa.conf:
<main default="GONICUS"
compile="/var/spool/gosa"
lang=""
theme="default"
debuglevel="0"
forcessl="false"
warnssl="false"
forceglobals="false"
smbhash="/usr/bin/mkntpwd"
hash="crypt">
<location name="ELEKTRONIK-SRV"
uidbase="10000"
governmentmode="true"
sambaversion="3"
server="192.168.11.144"
admin="cn=root,dc=ELEKTRONIK,dc=NETZ"
password="root"
base="dc=ELEKTRONIK,dc=NETZ"
config="ou=people,ou=Group,ou=machines,dc=ELEK
TRONIK,dc=NETZ" />
<language name="Deutsch" tag="de_DE" /
>
<language name="English" tag="en_EN" /
>
<faxformat type="pdf" />
<faxformat type="ps" />
<faxformat type="png" />
<faxformat type="mtiff" />
<faxformat type="tiff" />
</main>
</conf>
Ich hoffe das das Euch und mir weiterhelfen kann.
Vielen Dank
GOsa - Kein Login
Ich habe Probleme mit dem Webfrontend Tool Gosa unter Debian
3r2 mit Samba 3. Der Server läuft und ich kann mich
von anderen Stationen (M$ DOS - XP) auch anmelden. Leider
brauche ich noch ein Tool um die ACLs in der
slapd.conf zu bearbeiten. Nach den Screenshots (gonicus.de)
zufolge solte es mit Gosa möglich sein oder?
Derzeit benutze ich das Webfrontend LAM (Ldap Account Manager). Damit kann ich Benutzer Gruppen erstellen doch leider keine ACLs bearbeiten.
Oder wies einer von euch ein Tool mit dem ich die ACLs bearbeiten kann?
Leider komme ich schon nicht über das Anmeldescript
hinaus.
Wer hat schon mal was gemacht mit Gosa?
Hier die Ausgabe der syslog:
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[750]:
conn=4 fd=10 ACCEPT from
IP=192.168.11.144:32833 (IP=0.0.0.0:389)
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=0 BIND
dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
method=128
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=0 BIND
dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
mech=SIMPLE ssf=0
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=0 RESULT tag=97 err=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=1 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goImapServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=1 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=2 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goKrbServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=2 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=3 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goCupsServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=3 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=4 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goFaxServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=4 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=5 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(&(objectClass=goNfsServer)(goExportEntry=
*))"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=5 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=6 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goTerminalServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=6 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=7 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goLdapServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=7 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=8 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goNtpServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=8 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=9 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=goSyslogServer)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=9 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=10 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(objectClass=sambaDomain)"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=10 SEARCH RESULT tag=101 err=0
nentries=2 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[750]:
conn=5 fd=16 ACCEPT from
IP=192.168.11.144:32834 (IP=0.0.0.0:389)
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 op=0 BIND
dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
method=128
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 op=0 BIND
dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
mech=SIMPLE ssf=0
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 op=0 RESULT tag=97 err=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[750]:
conn=6 fd=18 ACCEPT from
IP=192.168.11.144:32835 (IP=0.0.0.0:389)
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=0 BIND dn="" method=128
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=0 RESULT tag=97 err=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=1 SRCH
base="dc=ELEKTRONIK,dc=NETZ" scope=2
filter="(&(uid=root)(objectClass=gosaAccount))"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=1 SEARCH RESULT tag=101 err=0
nentries=0 text=
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 op=2 UNBIND
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=6 fd=18 closed
Apr 14 08:23:10 SRV-ELEKTRONIK apache: GOsa:
Authentication failed for user "root"
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 op=11 UNBIND
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=4 fd=10 closed
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 op=1 UNBIND
Apr 14 08:23:10 SRV-ELEKTRONIK slapd[751]:
conn=5 fd=16 closed
slapd.conf:
# This is the main ldapd configuration file. See
slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include etcldap/schema/core.schema
include etcldap/schema/cosine.schema
include etcldap/schema/inetorgperson.schema
include etcldap/schema/openldap.schema
include etcldap/schema/nis.schema
include etcldap/schema/misc.schema
#include etcldap/schema/samba.schema
# These should be present for GOsa
include etcldap/schema/goschema/
samba.schema
include etcldap/schema/goschema/
samba3.schema
include etcldap/schema/goschema/
gohard.schema
include etcldap/schema/goschema/
goto.schema
include etcldap/schema/goschema/
gosa.schema
include etcldap/schema/goschema/
gofirewall.schema
include etcldap/schema/goschema/
gofax.schema
include etcldap/schema/goschema/
goserver.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile varrun/slapd.pid
# List of arguments that were passed to the server
argsfile varrun/slapd.args
# Where to store the replica logs
replogfile varlib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 256
# Set up replication for entire database to
LDAPserver. Please note that this
# does not use a secure connection!
# replica host=192.168.11.144:389
bindmethod=simple binddn= credentials=
modulepath usrlib/ldap
moduleload back_ldbm.so
backend ldbm
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "dc=ELEKTRONIK,dc=NETZ"
# Where the database file are physically stored
directory "/var/lib/ldap"
rootdn "cn=root,dc=ELEKTRONIK,dc=NETZ"
rootpw root
# Indexing options
index objectClass eq,pres
index cn,sn,uid,mail,givenname
eq,pres,approx,sub
index default sub
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by * read
by self write
by * compare
# The admin dn has full write access
access to *
by dn="cn=root,dc=ELEKTRONIK,dc=NETZ"
write
by * read
access to *
by dn="cn=admin,dc=ELEKTRONIK,dc=NETZ"
write
by * read
# For Netscape Roaming support, each user gets a
roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by
dn="cn=admin,o=HuberKaeltemaschinenbauGmbH,c
=DE" write
# by dnattr=owner write
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uidNumber,gidNumber,memberUid eq
Auszug aus der gosa.conf:
<main default="GONICUS"
compile="/var/spool/gosa"
lang=""
theme="default"
debuglevel="0"
forcessl="false"
warnssl="false"
forceglobals="false"
smbhash="/usr/bin/mkntpwd"
hash="crypt">
<location name="ELEKTRONIK-SRV"
uidbase="10000"
governmentmode="true"
sambaversion="3"
server="192.168.11.144"
admin="cn=root,dc=ELEKTRONIK,dc=NETZ"
password="root"
base="dc=ELEKTRONIK,dc=NETZ"
config="ou=people,ou=Group,ou=machines,dc=ELEK
TRONIK,dc=NETZ" />
<language name="Deutsch" tag="de_DE" /
>
<language name="English" tag="en_EN" /
>
<faxformat type="pdf" />
<faxformat type="ps" />
<faxformat type="png" />
<faxformat type="mtiff" />
<faxformat type="tiff" />
</main>
</conf>
Ich hoffe das das Euch und mir weiterhelfen kann.
Vielen Dank