armun
28.04.04, 11:02
Servus
Hab probleme mit Samba3 PDC und LDAP auf Debian 3r2. Die DOSE NT4 kann sich nicht an der Domäne anmelden und bringt immer wieder:
Verbindung zum PDC nicht möglich. Sie haben einen falschen Benutzernamen oder falschen Kennwort eingegeben.
Die Sache ist die: Das ganze hat schon einmal funktioniert mit Profile speichern und Computer Konten erstellen usw. Hab die config Dateien kopiert gesichert und den Server neu aufgesetzt. Danach die die Dateien wieder rüberkopiert und jetzt hab ich den Salat.
Das Ldap Passwort für Samba ist gesetzt mit smbpasswd -w pwadmin
Ausgabe: Setting stored password for "cn=admin,dc=ELEKTRONIK,dc=NETZ" in secrets.tdb
Liegt da vieleicht der Hund begraben das in der smb.conf auf die /etc/samba/smbpasswd verwiesen wird?
Ich hoffe es kann mir jemand weiterhelfen. Für alle die es tun schon mal ein dickes Danke.
Die dazugehörige Ausgabe in der syslog sieht so aus:
Apr 28 10:37:34 elektronik-srv smbd[690]: connect from 192.168.11.145
Apr 28 10:37:34 elektronik-srv slapd[611]: conn=48 fd=16 ACCEPT from IP=127.0.0.1:32931 (IP=0.0.0.0:389)
Apr 28 10:37:34 elektronik-srv slapd[613]: conn=48 op=0 BIND dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" method=128
Apr 28 10:37:34 elektronik-srv slapd[613]: conn=48 op=0 BIND dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" mech=SIMPLE ssf=0
Apr 28 10:37:34 elektronik-srv slapd[613]: conn=48 op=0 RESULT tag=97 err=0 text=
Apr 28 10:37:34 elektronik-srv slapd[614]: conn=48 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=ELEKTRON IK))"
Apr 28 10:37:34 elektronik-srv slapd[614]: conn=48 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Apr 28 10:37:34 elektronik-srv slapd[614]: conn=48 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 28 10:37:35 elektronik-srv slapd[613]: conn=48 op=2 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(&(uid=admin)(objectClass=sambaSamAccount))(objectCl ass=sambaSamAccount))"
Apr 28 10:37:35 elektronik-srv slapd[613]: conn=48 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Apr 28 10:37:35 elektronik-srv slapd[613]: conn=48 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 28 10:37:35 elektronik-srv slapd[611]: conn=48 fd=16 closed
Apr 28 10:38:01 elektronik-srv /USR/SBIN/CRON[692]: (mail) CMD ( if [ -x /usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi)
Apr 28 10:38:01 elektronik-srv slapd[611]: conn=49 fd=16 ACCEPT from IP=192.168.11.144:32932 (IP=0.0.0.0:389)
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=0 BIND dn="" method=128
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=0 RESULT tag=97 err=0 text=
Apr 28 10:38:01 elektronik-srv slapd[613]: conn=49 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(uid=mail)"
Apr 28 10:38:01 elektronik-srv slapd[613]: conn=49 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=2 SRCH base="ou=Group,dc=ELEKTRONIK,dc=NETZ" scope=1 filter="(&(objectClass=posixGroup)(memberUid=mail))"
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=2 RESULT tag=101 err=32 text=
Apr 28 10:38:01 elektronik-srv slapd[611]: conn=49 fd=16 closed
Apr 28 10:39:51 elektronik-srv smbd[706]: connect from 192.168.11.145
Apr 28 10:39:51 elektronik-srv slapd[611]: conn=50 fd=16 ACCEPT from IP=127.0.0.1:32933 (IP=0.0.0.0:389)
Apr 28 10:39:51 elektronik-srv slapd[613]: conn=50 op=0 BIND dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" method=128
Apr 28 10:39:51 elektronik-srv slapd[613]: conn=50 op=0 BIND dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" mech=SIMPLE ssf=0
Apr 28 10:39:51 elektronik-srv slapd[613]: conn=50 op=0 RESULT tag=97 err=0 text=
Apr 28 10:39:51 elektronik-srv slapd[614]: conn=50 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=ELEKTRON IK))"
Apr 28 10:39:51 elektronik-srv slapd[614]: conn=50 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Apr 28 10:39:51 elektronik-srv slapd[614]: conn=50 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=2 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(sambaSID=S-1-5-21-32530410-4040378486-3622242199-501)(objectClass=sambaSamAccount))"
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 28 10:39:52 elektronik-srv slapd[611]: conn=51 fd=18 ACCEPT from IP=192.168.11.144:32934 (IP=0.0.0.0:389)
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=0 BIND dn="" method=128
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=0 RESULT tag=97 err=0 text=
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=51 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(uid=nobody)"
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=51 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=2 SRCH base="ou=Group,dc=ELEKTRONIK,dc=NETZ" scope=1 filter="(&(objectClass=posixGroup)(memberUid=nobody))"
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=2 RESULT tag=101 err=32 text=
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=3 SRCH base="ou=groups,dc=ELEKTRONIK,dc=NETZ,dc=ELEKTRONIK,dc=N ETZ" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=3 SRCH attr=gidNumber sambaSID sambaGroupType description displayName cn objectClass
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=3 RESULT tag=101 err=32 text=
Apr 28 10:39:52 elektronik-srv smbd[706]: [2004/04/28 10:39:52, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 28 10:39:52 elektronik-srv smbd[706]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)
Hier hab ich euch noch die slapd.conf:
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/misc.schema
#include /etc/ldap/schema/samba.schema
# These should be present for GOsa
include /etc/ldap/schema/goschema/samba.schema
include /etc/ldap/schema/goschema/samba3.schema
include /etc/ldap/schema/goschema/gohard.schema
include /etc/ldap/schema/goschema/goto.schema
include /etc/ldap/schema/goschema/gosa.schema
include /etc/ldap/schema/goschema/gofirewall.schema
include /etc/ldap/schema/goschema/gofax.schema
include /etc/ldap/schema/goschema/goserver.schema
include /etc/ldap/schema/goschema/pureftpd.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 256
# Save the time that the entry gets modified
lastmod off
#allow bind_v2
# Set up replication for entire database to LDAPserver. Please note that this
# does not use a secure connection!
# replica host=192.168.11.144:389 bindmethod=sasl mech=sasl mech binddn=ELEKTRONIK.NETZ authcid=root credentials=root
################################################## #####################
# ldbm database definitions
################################################## #####################
modulepath /usr/lib/ldap
moduleload back_ldbm.so
backend ldbm
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "dc=ELEKTRONIK,dc=NETZ"
# Where the database file are physically stored
directory "/var/lib/ldap"
rootdn "cn=admin,dc=ELEKTRONIK,dc=NETZ"
rootpw pwadmin
#pseudorootdn "cn=admin,dc=ELEKTRONIK,dc=NETZ"
#pseudorootpw admin
#saslRegexp#
GNU nano 1.0.6 File: /etc/ldap/slapd.conf
#uid=(.*),cn=GSSPAPI,cn=auth
#ldap:///,ou=users,o=ELEKTRONIK,c=NETZ??su?uid$1
# Indexing options
index objectClass eq,pres
index cn,sn,uid,mail,givenname eq,pres,approx,sub
index default sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uidNumber,gidNumber,memberUid eq
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by * read
by self write
by * compare
# The admin dn has full write access
access to *
by dn="cn=root,dc=ELEKTRONIK,dc=NETZ" write
by * read
access to *
by dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,o=HuberKaeltemaschinenbauGmbH,c=DE" write
# by dnattr=owner write
Hier die smb.conf:
# Samba config file created using SWAT
# from 192.168.11.166 (192.168.11.166)
# Date: 2004/04/28 10:20:13
# Global parameters
[global]
workgroup = ELEKTRONIK
server string = %h server (Samba %v)
obey pam restrictions = Yes
password server = root
passdb backend = ldapsam:ldap://localhost
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
syslog = 256
log file = /var/log/samba/log.%m
max log size = 1000
add user script = useradd -d /dev/null -s /bin/false %u
domain logons = Yes
dns proxy = No
wins support = Yes
ldap suffix = dc=ELEKTRONIK,dc=NETZ
ldap machine suffix = ou=machines,dc=ELEKTRONIK,dc=NETZ
ldap user suffix = ou=people,dc=ELEKTRONIK,dc=NETZ
ldap group suffix = ou=groups,dc=ELEKTRONIK,dc=NETZ
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=admin,dc=ELEKTRONIK,dc=NETZ
ldap ssl = no
ldap passwd sync = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
comment = Profiles
path = /profiles
profile acls = Yes
[homes]
comment = Home Directories
path = /home/%U
username = %U
invalid users = all
valid users = %U
create mask = 0700
directory mask = 0700
browseable = No
Hab probleme mit Samba3 PDC und LDAP auf Debian 3r2. Die DOSE NT4 kann sich nicht an der Domäne anmelden und bringt immer wieder:
Verbindung zum PDC nicht möglich. Sie haben einen falschen Benutzernamen oder falschen Kennwort eingegeben.
Die Sache ist die: Das ganze hat schon einmal funktioniert mit Profile speichern und Computer Konten erstellen usw. Hab die config Dateien kopiert gesichert und den Server neu aufgesetzt. Danach die die Dateien wieder rüberkopiert und jetzt hab ich den Salat.
Das Ldap Passwort für Samba ist gesetzt mit smbpasswd -w pwadmin
Ausgabe: Setting stored password for "cn=admin,dc=ELEKTRONIK,dc=NETZ" in secrets.tdb
Liegt da vieleicht der Hund begraben das in der smb.conf auf die /etc/samba/smbpasswd verwiesen wird?
Ich hoffe es kann mir jemand weiterhelfen. Für alle die es tun schon mal ein dickes Danke.
Die dazugehörige Ausgabe in der syslog sieht so aus:
Apr 28 10:37:34 elektronik-srv smbd[690]: connect from 192.168.11.145
Apr 28 10:37:34 elektronik-srv slapd[611]: conn=48 fd=16 ACCEPT from IP=127.0.0.1:32931 (IP=0.0.0.0:389)
Apr 28 10:37:34 elektronik-srv slapd[613]: conn=48 op=0 BIND dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" method=128
Apr 28 10:37:34 elektronik-srv slapd[613]: conn=48 op=0 BIND dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" mech=SIMPLE ssf=0
Apr 28 10:37:34 elektronik-srv slapd[613]: conn=48 op=0 RESULT tag=97 err=0 text=
Apr 28 10:37:34 elektronik-srv slapd[614]: conn=48 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=ELEKTRON IK))"
Apr 28 10:37:34 elektronik-srv slapd[614]: conn=48 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Apr 28 10:37:34 elektronik-srv slapd[614]: conn=48 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 28 10:37:35 elektronik-srv slapd[613]: conn=48 op=2 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(&(uid=admin)(objectClass=sambaSamAccount))(objectCl ass=sambaSamAccount))"
Apr 28 10:37:35 elektronik-srv slapd[613]: conn=48 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Apr 28 10:37:35 elektronik-srv slapd[613]: conn=48 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 28 10:37:35 elektronik-srv slapd[611]: conn=48 fd=16 closed
Apr 28 10:38:01 elektronik-srv /USR/SBIN/CRON[692]: (mail) CMD ( if [ -x /usr/sbin/exim -a -f /etc/exim/exim.conf ]; then /usr/sbin/exim -q ; fi)
Apr 28 10:38:01 elektronik-srv slapd[611]: conn=49 fd=16 ACCEPT from IP=192.168.11.144:32932 (IP=0.0.0.0:389)
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=0 BIND dn="" method=128
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=0 RESULT tag=97 err=0 text=
Apr 28 10:38:01 elektronik-srv slapd[613]: conn=49 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(uid=mail)"
Apr 28 10:38:01 elektronik-srv slapd[613]: conn=49 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=2 SRCH base="ou=Group,dc=ELEKTRONIK,dc=NETZ" scope=1 filter="(&(objectClass=posixGroup)(memberUid=mail))"
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Apr 28 10:38:01 elektronik-srv slapd[614]: conn=49 op=2 RESULT tag=101 err=32 text=
Apr 28 10:38:01 elektronik-srv slapd[611]: conn=49 fd=16 closed
Apr 28 10:39:51 elektronik-srv smbd[706]: connect from 192.168.11.145
Apr 28 10:39:51 elektronik-srv slapd[611]: conn=50 fd=16 ACCEPT from IP=127.0.0.1:32933 (IP=0.0.0.0:389)
Apr 28 10:39:51 elektronik-srv slapd[613]: conn=50 op=0 BIND dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" method=128
Apr 28 10:39:51 elektronik-srv slapd[613]: conn=50 op=0 BIND dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" mech=SIMPLE ssf=0
Apr 28 10:39:51 elektronik-srv slapd[613]: conn=50 op=0 RESULT tag=97 err=0 text=
Apr 28 10:39:51 elektronik-srv slapd[614]: conn=50 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=ELEKTRON IK))"
Apr 28 10:39:51 elektronik-srv slapd[614]: conn=50 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Apr 28 10:39:51 elektronik-srv slapd[614]: conn=50 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=2 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(&(sambaSID=S-1-5-21-32530410-4040378486-3622242199-501)(objectClass=sambaSamAccount))"
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 28 10:39:52 elektronik-srv slapd[611]: conn=51 fd=18 ACCEPT from IP=192.168.11.144:32934 (IP=0.0.0.0:389)
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=0 BIND dn="" method=128
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=0 RESULT tag=97 err=0 text=
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=51 op=1 SRCH base="dc=ELEKTRONIK,dc=NETZ" scope=2 filter="(uid=nobody)"
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=51 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=2 SRCH base="ou=Group,dc=ELEKTRONIK,dc=NETZ" scope=1 filter="(&(objectClass=posixGroup)(memberUid=nobody))"
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Apr 28 10:39:52 elektronik-srv slapd[614]: conn=51 op=2 RESULT tag=101 err=32 text=
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=3 SRCH base="ou=groups,dc=ELEKTRONIK,dc=NETZ,dc=ELEKTRONIK,dc=N ETZ" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=3 SRCH attr=gidNumber sambaSID sambaGroupType description displayName cn objectClass
Apr 28 10:39:52 elektronik-srv slapd[613]: conn=50 op=3 RESULT tag=101 err=32 text=
Apr 28 10:39:52 elektronik-srv smbd[706]: [2004/04/28 10:39:52, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 28 10:39:52 elektronik-srv smbd[706]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)
Hier hab ich euch noch die slapd.conf:
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/misc.schema
#include /etc/ldap/schema/samba.schema
# These should be present for GOsa
include /etc/ldap/schema/goschema/samba.schema
include /etc/ldap/schema/goschema/samba3.schema
include /etc/ldap/schema/goschema/gohard.schema
include /etc/ldap/schema/goschema/goto.schema
include /etc/ldap/schema/goschema/gosa.schema
include /etc/ldap/schema/goschema/gofirewall.schema
include /etc/ldap/schema/goschema/gofax.schema
include /etc/ldap/schema/goschema/goserver.schema
include /etc/ldap/schema/goschema/pureftpd.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 256
# Save the time that the entry gets modified
lastmod off
#allow bind_v2
# Set up replication for entire database to LDAPserver. Please note that this
# does not use a secure connection!
# replica host=192.168.11.144:389 bindmethod=sasl mech=sasl mech binddn=ELEKTRONIK.NETZ authcid=root credentials=root
################################################## #####################
# ldbm database definitions
################################################## #####################
modulepath /usr/lib/ldap
moduleload back_ldbm.so
backend ldbm
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "dc=ELEKTRONIK,dc=NETZ"
# Where the database file are physically stored
directory "/var/lib/ldap"
rootdn "cn=admin,dc=ELEKTRONIK,dc=NETZ"
rootpw pwadmin
#pseudorootdn "cn=admin,dc=ELEKTRONIK,dc=NETZ"
#pseudorootpw admin
#saslRegexp#
GNU nano 1.0.6 File: /etc/ldap/slapd.conf
#uid=(.*),cn=GSSPAPI,cn=auth
#ldap:///,ou=users,o=ELEKTRONIK,c=NETZ??su?uid$1
# Indexing options
index objectClass eq,pres
index cn,sn,uid,mail,givenname eq,pres,approx,sub
index default sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uidNumber,gidNumber,memberUid eq
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by * read
by self write
by * compare
# The admin dn has full write access
access to *
by dn="cn=root,dc=ELEKTRONIK,dc=NETZ" write
by * read
access to *
by dn="cn=admin,dc=ELEKTRONIK,dc=NETZ" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,o=HuberKaeltemaschinenbauGmbH,c=DE" write
# by dnattr=owner write
Hier die smb.conf:
# Samba config file created using SWAT
# from 192.168.11.166 (192.168.11.166)
# Date: 2004/04/28 10:20:13
# Global parameters
[global]
workgroup = ELEKTRONIK
server string = %h server (Samba %v)
obey pam restrictions = Yes
password server = root
passdb backend = ldapsam:ldap://localhost
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
syslog = 256
log file = /var/log/samba/log.%m
max log size = 1000
add user script = useradd -d /dev/null -s /bin/false %u
domain logons = Yes
dns proxy = No
wins support = Yes
ldap suffix = dc=ELEKTRONIK,dc=NETZ
ldap machine suffix = ou=machines,dc=ELEKTRONIK,dc=NETZ
ldap user suffix = ou=people,dc=ELEKTRONIK,dc=NETZ
ldap group suffix = ou=groups,dc=ELEKTRONIK,dc=NETZ
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap admin dn = cn=admin,dc=ELEKTRONIK,dc=NETZ
ldap ssl = no
ldap passwd sync = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
comment = Profiles
path = /profiles
profile acls = Yes
[homes]
comment = Home Directories
path = /home/%U
username = %U
invalid users = all
valid users = %U
create mask = 0700
directory mask = 0700
browseable = No