oafish
07.01.05, 08:43
Hallo,
OpenLDAP ist soweit konfiguriert, zumindest funktioniert der Login lokal. Samba sollte soweit auch funktionieren. Sobald ich nach dem Eintritt in die Domäne mich anmelden will funktioniert das nicht. Ldap gibt mir folgende Meldung aus:
conn=40 op=4 SRCH attr=gidNumber
conn=40 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=39 op=6 SRCH base="dc=io,dc=de" scope=2 filter="(&(uid=tester1)(objectClass=sambaSamAccount))"
conn=39 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
conn=39 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=40 op=5 UNBIND
conn=40 fd=15 closed
conn=41 fd=15 ACCEPT from IP=192.168.1.3:32969 (IP=0.0.0.0:389)
conn=41 op=0 BIND dn="" method=128
conn=41 op=0 RESULT tag=97 err=0 text=
deferring operation
conn=41 op=1 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixAccount)(uid=tester1))"
conn=41 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
conn=41 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=41 op=2 UNBIND
conn=41 fd=15 closed
conn=42 fd=15 ACCEPT from IP=192.168.1.3:32970 (IP=0.0.0.0:389)
conn=42 op=0 BIND dn="" method=128
conn=42 op=0 RESULT tag=97 err=0 text=
deferring operation
conn=42 op=1 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixAccount)(uid=tester1))"
conn=42 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=42 op=2 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixGroup)(|(memberUid=tester1)(uniq ueMember=uid=tester1,ou=users,dc=io,dc=de)))"
conn=42 op=2 SRCH attr=gidNumber
conn=42 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=39 op=7 SRCH base="ou=Groups,dc=ioconn=40 op=4 SRCH attr=gidNumber
conn=40 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=39 op=6 SRCH base="dc=io,dc=de" scope=2 filter="(&(uid=tester1)(objectClass=sambaSamAccount))"
conn=39 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
conn=39 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=40 op=5 UNBIND
conn=40 fd=15 closed
conn=41 fd=15 ACCEPT from IP=192.168.1.3:32969 (IP=0.0.0.0:389)
conn=41 op=0 BIND dn="" method=128
conn=41 op=0 RESULT tag=97 err=0 text=
deferring operation
conn=41 op=1 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixAccount)(uid=tester1))"
conn=41 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
conn=41 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=41 op=2 UNBIND
conn=41 fd=15 closed
conn=42 fd=15 ACCEPT from IP=192.168.1.3:32970 (IP=0.0.0.0:389)
conn=42 op=0 BIND dn="" method=128
conn=42 op=0 RESULT tag=97 err=0 text=
deferring operation
conn=42 op=1 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixAccount)(uid=tester1))"
conn=42 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=42 op=2 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixGroup)(|(memberUid=tester1)(uniq ueMember=uid=tester1,ou=users,dc=io,dc=de)))"
conn=42 op=2 SRCH attr=gidNumber
conn=42 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=39 op=7 SRCH base="ou=Groups,dc=io,dc=de" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=513))"
conn=39 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
conn=39 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
,dc=de" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=513))"
conn=39 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
conn=39 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
Das sieht, denke ich mals soweit ganz gut aus. Bin mir aber nicht sicher!
Denke der Fehler müsste irgendwo bei Samba liegen...
Hier meine smb.conf:
[global]
workgroup = NETWORK
netbios name = tslinux
server string = Samba-LDAP PDC-Server
encrypt passwords = yes
passwd program = /usr/sbin/smbldap-passwd -o %u
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
unix password sync = yes
hostname lookups = yes
log file = /var/log/samba/%m.log
log level = 10
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE IPTOS_LOWDELAY
domain logons = yes
os level = 66
preferred master = yes
domain master = yes
dns proxy = no
wins support = yes
#wins server = yes
ldap suffix = dc=io,dc=de
ldap machine suffix = ou=computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
#ldap idmap suffix = ou=Idmap
#idmap uid = 10000-20000
#idmap gid = 10000-20000
ldap admin dn = cn=Manager,dc=io,dc=de
#ldap admin dn = cn=samba,ou=DSA,dc=io,dc=de
ldap ssl = no
ldap delete dn = yes
ldap passwd sync = yes
#ldap server = 192.168.1.6
#ldap port = 389
passdb backend = ldapsam:ldap://192.168.1.6
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script= /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script= /usr/sbin/smbldap-usermod -g "%g" "%u"
Denke das müsste auch alles passen, oder?
Direkte Fehlermeldungen bekomme ich eigentlich nicht. Ich weiß jetzt auch überhautp nicht mehr wo ich noch nachschauen sollte/kann.
Vielleicht kann jemand helfen....
Danke und viele Grüße
oafish
OpenLDAP ist soweit konfiguriert, zumindest funktioniert der Login lokal. Samba sollte soweit auch funktionieren. Sobald ich nach dem Eintritt in die Domäne mich anmelden will funktioniert das nicht. Ldap gibt mir folgende Meldung aus:
conn=40 op=4 SRCH attr=gidNumber
conn=40 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=39 op=6 SRCH base="dc=io,dc=de" scope=2 filter="(&(uid=tester1)(objectClass=sambaSamAccount))"
conn=39 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
conn=39 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=40 op=5 UNBIND
conn=40 fd=15 closed
conn=41 fd=15 ACCEPT from IP=192.168.1.3:32969 (IP=0.0.0.0:389)
conn=41 op=0 BIND dn="" method=128
conn=41 op=0 RESULT tag=97 err=0 text=
deferring operation
conn=41 op=1 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixAccount)(uid=tester1))"
conn=41 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
conn=41 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=41 op=2 UNBIND
conn=41 fd=15 closed
conn=42 fd=15 ACCEPT from IP=192.168.1.3:32970 (IP=0.0.0.0:389)
conn=42 op=0 BIND dn="" method=128
conn=42 op=0 RESULT tag=97 err=0 text=
deferring operation
conn=42 op=1 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixAccount)(uid=tester1))"
conn=42 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=42 op=2 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixGroup)(|(memberUid=tester1)(uniq ueMember=uid=tester1,ou=users,dc=io,dc=de)))"
conn=42 op=2 SRCH attr=gidNumber
conn=42 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=39 op=7 SRCH base="ou=Groups,dc=ioconn=40 op=4 SRCH attr=gidNumber
conn=40 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=39 op=6 SRCH base="dc=io,dc=de" scope=2 filter="(&(uid=tester1)(objectClass=sambaSamAccount))"
conn=39 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
conn=39 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=40 op=5 UNBIND
conn=40 fd=15 closed
conn=41 fd=15 ACCEPT from IP=192.168.1.3:32969 (IP=0.0.0.0:389)
conn=41 op=0 BIND dn="" method=128
conn=41 op=0 RESULT tag=97 err=0 text=
deferring operation
conn=41 op=1 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixAccount)(uid=tester1))"
conn=41 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
conn=41 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=41 op=2 UNBIND
conn=41 fd=15 closed
conn=42 fd=15 ACCEPT from IP=192.168.1.3:32970 (IP=0.0.0.0:389)
conn=42 op=0 BIND dn="" method=128
conn=42 op=0 RESULT tag=97 err=0 text=
deferring operation
conn=42 op=1 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixAccount)(uid=tester1))"
conn=42 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=42 op=2 SRCH base="dc=io,dc=de" scope=2 filter="(&(objectClass=posixGroup)(|(memberUid=tester1)(uniq ueMember=uid=tester1,ou=users,dc=io,dc=de)))"
conn=42 op=2 SRCH attr=gidNumber
conn=42 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=39 op=7 SRCH base="ou=Groups,dc=io,dc=de" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=513))"
conn=39 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
conn=39 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
,dc=de" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=513))"
conn=39 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
conn=39 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
Das sieht, denke ich mals soweit ganz gut aus. Bin mir aber nicht sicher!
Denke der Fehler müsste irgendwo bei Samba liegen...
Hier meine smb.conf:
[global]
workgroup = NETWORK
netbios name = tslinux
server string = Samba-LDAP PDC-Server
encrypt passwords = yes
passwd program = /usr/sbin/smbldap-passwd -o %u
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
unix password sync = yes
hostname lookups = yes
log file = /var/log/samba/%m.log
log level = 10
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE IPTOS_LOWDELAY
domain logons = yes
os level = 66
preferred master = yes
domain master = yes
dns proxy = no
wins support = yes
#wins server = yes
ldap suffix = dc=io,dc=de
ldap machine suffix = ou=computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
#ldap idmap suffix = ou=Idmap
#idmap uid = 10000-20000
#idmap gid = 10000-20000
ldap admin dn = cn=Manager,dc=io,dc=de
#ldap admin dn = cn=samba,ou=DSA,dc=io,dc=de
ldap ssl = no
ldap delete dn = yes
ldap passwd sync = yes
#ldap server = 192.168.1.6
#ldap port = 389
passdb backend = ldapsam:ldap://192.168.1.6
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script= /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script= /usr/sbin/smbldap-usermod -g "%g" "%u"
Denke das müsste auch alles passen, oder?
Direkte Fehlermeldungen bekomme ich eigentlich nicht. Ich weiß jetzt auch überhautp nicht mehr wo ich noch nachschauen sollte/kann.
Vielleicht kann jemand helfen....
Danke und viele Grüße
oafish