ruff
27.06.06, 18:31
HAllo,
Ich hab einen Samba PDC mit LDAP-Backend, kann mir bitte jemand erklären wie ich LDAP einrichten muss damit für jegliche authentifizierungsfragen die LDAP-Datenbank gefragt wird un nicht die linux dateien passwd oder shadow bzw smbpasswd ??
dann hab cih noch ein problem was damit zutun den ich muss alles computerkonten manuell anlegen sowohl in ldap und unter linux also in der passwd, aber eigentlich sollte das doch automatisch funktionieren wenn ich den rechner in die domäne nehme kann mir da jemand einen tipp geben ???
meine sldap.conf
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
loglevel 0
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_ldbm
backend ldbm
#checkpoint 512 30
database ldbm
# The base of your directory in database #1
suffix "dc=gfu,dc=local"
rootdn "cn=admin,dc=gfu,dc=local"
rootpw {SSHA}5eftlqyh/XdQrePuX9A2uWGOhXTItpJw
#oWhere the database file are physically stored for database #1
directory "/var/lib/ldap"
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to attrs=sambaLMPassword
by self write
by anonymous auth
by * none
access to attrs=sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
replogfile /var/lib/slurpd/slapd.replog
replica uri=ldap://10.250.1.241:389
binddn=cn=admin,dc=gfu,dc=local
bindmethod=simple
credentials= {SSHA}VB6y1F0QHRLK+XFSgryTV7A2Usj2EoyV
jemand ne idee ??
Danke schon mal im vorraus...
mfg
Ruff
Ich hab einen Samba PDC mit LDAP-Backend, kann mir bitte jemand erklären wie ich LDAP einrichten muss damit für jegliche authentifizierungsfragen die LDAP-Datenbank gefragt wird un nicht die linux dateien passwd oder shadow bzw smbpasswd ??
dann hab cih noch ein problem was damit zutun den ich muss alles computerkonten manuell anlegen sowohl in ldap und unter linux also in der passwd, aber eigentlich sollte das doch automatisch funktionieren wenn ich den rechner in die domäne nehme kann mir da jemand einen tipp geben ???
meine sldap.conf
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
loglevel 0
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_ldbm
backend ldbm
#checkpoint 512 30
database ldbm
# The base of your directory in database #1
suffix "dc=gfu,dc=local"
rootdn "cn=admin,dc=gfu,dc=local"
rootpw {SSHA}5eftlqyh/XdQrePuX9A2uWGOhXTItpJw
#oWhere the database file are physically stored for database #1
directory "/var/lib/ldap"
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to attrs=sambaLMPassword
by self write
by anonymous auth
by * none
access to attrs=sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
replogfile /var/lib/slurpd/slapd.replog
replica uri=ldap://10.250.1.241:389
binddn=cn=admin,dc=gfu,dc=local
bindmethod=simple
credentials= {SSHA}VB6y1F0QHRLK+XFSgryTV7A2Usj2EoyV
jemand ne idee ??
Danke schon mal im vorraus...
mfg
Ruff