PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : "transport endpoint not connected" bei registrierung von win clients



martin2002
12.03.05, 18:56
hallo,

auch auf die gefahr hin das thema zum tausendsten mal anzusprechen... ich habe aber bisher keine vernünftige lösung gefunden.

ich habe SuSE 9.1 mit samba v3.0.2 und openldap2 v2.2.5 am laufen...
es geht um folgenden fehler:

[2005/03/12 18:06:50, 0] lib/util_sock.c:get_peer_addr(975)
getpeername failed. Error was Transport endpoint is not connected

er tritt auf, wenn ich einen windows client (xp und 2000 - is egal) zur samba-domäne hinzufügen will. am client erscheint die meldung "benutzer nicht gefunden" - nach der eingabe von root zum einfügen des clients

das maschinenkonto wird auch im ldap erstellt... die windows clients werden dann aber nicht integriert (denke aber das ist ein clientseitiges problem -> keine bestätigung vor einem timeout)

die ganzen netzwerkdienste funktionieren (dns, dhcp, firewall, ldap)

meine vermutung ist (momentan), dass samba zu lange braucht und windows dann schon ein timeout ausgelöst hat. die frage ist jetzt stimmt das bzw. was könnte es noch sein?

smb.conf

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE
# Date: 2004-04-06
[global]
hosts allow = 192.168.10.0/255.255.255.0
workgroup = simon.local
interfaces = 127.0.0.1 eth0
bind interfaces only = true
printing = cups
printcap name = cups
printer admin = @ntadmin, root, administrator
map to guest = Bad User
security = user
encrypt passwords = yes
server string =
netbios name = ORION
domain master = yes
domain logons = yes
local master = yes
preferred master = yes
wins support = yes
os level = 65
log level = 10
log file = /var/log/samba/log.%m
client schannel = No
server schannel = No

# ldap settings for auth
passdb backend = ldapsam:ldap://localhost
smb ports = 445 139 137
#ldap server = orion.simon.local
#ldap port = 389
ldap suffix = ou=accounts,dc=simon,dc=local
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap admin dn = cn=Administrator,dc=simon,dc=local
ldap filter = "(&(uid=%u)(objectClass=sambaSamAccount))"
ldap ssl = no
ldap delete dn = yes

# scripts for adding objects
passwd program = /usr/local/sbin/smbldap-passwd %u
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

# Mapping of UID/GID
idmap backend = ldap:ldap://localhost:389
ldap idmap suffix = ou=idmap
ldap passwd sync = yes

logon home = \\orion.simon.local\homes
logon path = \\orion.simon.local\profiles

[profiles]
comment = Network Profiles Service
path = /home/samba/profiles
valid users = %U, '@Domain Admins'
force user = %U
read only = No
create mask = 0600
directory mask = 0700
nt acl support = yes
csc policy = disable
profile acls = yes

[netlogon]
path = /home/samba/netlogon
write list = ntadmin
guest ok = Yes

[ldap]
path = /home/ldap
read only = No
guest ok = Yes

[homes]
path = /home/%u
comment = Home Directories
valid users = %U
[users]
comment = All users
path = /home/shared
writeable = Yes
inherit permissions = Yes
veto files = /aquota.user/groups/shares/
browseable = yes
guest ok = no
printable = no
[groups]
comment = All groups
path = /home/groups
writeable = Yes
inherit permissions = Yes
browseable = yes
guest ok = no
printable = no
[pdf]
comment = PDF creator
path = /var/tmp
printable = yes
print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z
create mask = 0600
browseable = yes
guest ok = no
[printers]
comment = All Printers
path = /var/tmp
printable = yes
create mask = 0600
browseable = no
guest ok = no
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
browseable = yes
guest ok = no
printable = no
[public]
browseable = yes
writeable = yes
comment =
path = /usr/misc/public
read only = no
guest ok = no
printable = no

ldap.conf

#
# This is the configuration file for the LDAP nameservice
# switch library, the LDAP PAM module and the shadow package.
#

# Your LDAP server. Must be resolvable without using LDAP.
host 127.0.0.1

# The distinguished name of the search base.
base ou=accounts,dc=simon,dc=local

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=Manager,dc=example,dc=com

# The credentials to bind with.
# Optional: default is no credential.
#bindpw secret

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=Administrator,dc=simon,dc=local

# The port.
# Optional: default is 389.
#port 389

# The search scope.
#scope sub
#scope one
#scope base

# Search timelimit
#timelimit 30

# Bind timelimit
#bind_timelimit 30

# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600

# Filter to AND with uid=%s
#pam_filter objectclass=account

# The user ID attribute (defaults to uid)
#pam_login_attribute uid

# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes

# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes

# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com

# Group member attribute
#pam_member_attribute uniquemember

# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0

# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody

pam_password md5

# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear

# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt

# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds

# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad

# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop

# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change your password.

# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd ou=users,ou=accounts,dc=simon,dc=local
#nss_base_shadow ou=users,ou=accounts,dc=simon,dc=local
#nss_base_group ou=groups,ou=accounts,dc=simon,dc=local
#nss_base_hosts ou=hosts,ou=system,dc=simon,dc=local
#nss_base_services ou=Services,dc=padl,dc=com?one
#nss_base_networks ou=Networks,dc=padl,dc=com?one
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
nss_base_rpc ou=rpc,ou=system,dc=simon,dc=local
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one

# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attribute mapped_attribute
#nss_map_objectclass rfc2307objectclass mapped_objectclass

# configure --enable-nds is no longer supported.
# For NDS now do:
#nss_map_attribute uniqueMember member

# configure --enable-mssfu-schema is no longer supported.
# For MSSFU now do:
#nss_map_objectclass posixAccount User
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad

# configure --enable-authpassword is no longer supported
# For authPassword support, now do:
#nss_map_attribute userPassword authPassword
#pam_password nds

# For IBM SecureWay support, do:
#nss_map_objectclass posixAccount aixAccount
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear

# Netscape SDK LDAPS
ssl no

# Netscape SDK SSL options
#sslpath /etc/ssl/certs/cert7.db

# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
#ssl start_tls
pam_filter objectclass=posixAccount
nss_base_passwd ou=users,ou=accounts,dc=simon,dc=local
nss_base_shadow ou=users,ou=accounts,dc=simon,dc=local
nss_base_group ou=groups,ou=accounts,dc=simon,dc=local
#ssl on

# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
#tls_checkpeer yes

# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs

# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1

# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
smbldap.conf

# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
# $Id: smbldap.conf,v 1.6 2004/02/07 16:58:52 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools

# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.

# Purpose :
# . be the configuration file for all smbldap-tools scripts

################################################## ############################
#
# General Configuration
#
################################################## ############################

# UID and GID starting at...
UID_START="1000"
GID_START="1000"

# Put your own SID
# to obtain this number do: net getlocalsid
SID="S-1-5-21-1787419469-2344606504-2540868039"

################################################## ############################
#
# LDAP Configuration
#
################################################## ############################

# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)

# Ex: slaveLDAP=127.0.0.1
slaveLDAP="192.168.10.1"
slavePort="389"
slaveDN="cn=Administrator,dc=simon,dc=local"
slavePw="[hidden]"

# Master LDAP : needed for write operations
# Ex: masterLDAP=127.0.0.1
masterLDAP="192.168.10.1"
masterPort="389"
masterDN="cn=Administrator,dc=simon,dc=local"
masterPw="[hidden]"

# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
ldapTLS="0"

# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="require"

# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile="/etc/smbldap-tools/ca.pem"

# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/smbldap-tools/smbldap-tools.pem"

# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/smbldap-tools/smbldap-tools.key"

# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=simon,dc=local"

# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
usersdn="ou=users,ou=accounts,dc=simon,dc=local"

# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
computersdn="ou=computers,ou=accounts,dc=simon,dc=local"

# Where are stored Groups
# Ex groupsdn="ou=groups,ou=accounts,dc=simon,dc=local"
groupsdn="ou=groups,ou=accounts,dc=simon,dc=local"

# Default scope Used
scope="sub"

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)
hash_encrypt="SSHA"

################################################## ############################
#
# Unix Accounts Configuration
#
################################################## ############################

# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"

# Home directory prefix (without username)
# Ex: userHomePrefix="/home/"
userHomePrefix="/home"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="1000"

# Default Computer (Samba) GID
defaultComputerGid="1001"

# Skel dir
skeletonDir="/etc/skel"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
#defaultMaxPasswordAge="55"

################################################## ############################
#
# SAMBA Configuration
#
################################################## ############################

# The UNC path to home drives location without the username last extension
# (will be dynamically prepended)
# Ex: \\My-PDC-netbios-name\homes
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or desabling roaming profiles
userSmbHome="\\orion.simon.local\homes\"

# The UNC path to profiles locations without the username last extension
# (will be dynamically prepended)
# Ex: \\My-PDC-netbios-name\profiles\
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or desabling roaming profiles
userProfile="\\orion.simon.local\homes\"

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: q(U:) for U:
userHomeDrive="Z:"

# The default user netlogon script name
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
userScript="\\orion.simon.local\netlogon\netlogon.bat"


################################################## ############################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
################################################## ############################

# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer mkntpwd... most of the time, it's a wise choice :-)
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
mk_ntpasswd="/usr/sbin/mkntpwd"

Sargnagel
04.01.06, 15:55
Hallöchen...

Bin wohl etwas spät dran, aber vielleicht hilft es anderen weiter...

Ich weiß nicht mehr, wo ich das gelesen habe und ich würde auch meine Hand nicht dafür ins Feuer legen, dass es stimmt :), aber es angeblich betreiben WinXP-Clients die Unsitte, einen (Samba-)Server auf zwei Ports ansprechen und dann die Verbindung zu verwenden, die sie zuerst "bekommen", ohne die andere ordnungsgemäß zu beenden. Ich hatte solche Probleme auch einmal, allerdings kam die Fehlermeldung "Transport endpoint is not connected" auch noch, nachdem das ganze System funktionierte... Das Problem lag wohl woanders und war nach einem Samba-Update behoben. Habe es damals nicht weiter verfolgt.
Mit W2k-Clients ist mir das noch nicht untergekommen.

Grüße
Marc

emba
04.01.06, 21:58
das problem wurde bereits hier beschrieben
http://www.linuxforen.de/forums/showthread.php?t=192708&highlight=transport+endpoint

nicht nur im bezug auf samba, verhält sich windows so, sondern jeder neuere client (ab 2k) baut parallel verbindungen nach 139/445 auf, egal welches server OS im einsatz ist

<closed>

greez