Scaryman
02.05.07, 08:58
Hallo,
ich habe auf meinem Server Samba auf Ldap umgestellt das Funktioniert auch soweit, also ich kann mich mit einem Benutzer den ich in Ldap über LAM angelegt habe sowohl an der Shell als auch bei Samba anmelden, wenn ich ich auf ein Samba Verzeichnis zugreifen möchte funktioniert das auch mit dem Login von dem Angelegt benutzer. Wenn ich jedoch einen Rechner in eine Domäne aufnehmen möchte funktioniert nichts.
Hier sind mal die auszüge aus dem Log:
/var/log/samba/log.vmware-Rechner
[2007/04/27 11:56:24, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 5 -w "vmware-flanders$"' gave 1
Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1056.
[2007/04/27 11:56:34, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 5 -w "vmware-flanders$"' gave 1
[2007/04/27 12:02:10, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 5 -w "vmware-flanders$"' gave 9
[2007/04/27 12:04:42, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 5 -w "vmware-flanders$"' gave 9
Meine SMB-Conf
[global]
workgroup = Schule
server string = %h server (Samba, Ubuntu)
netbios name = kss
wins support = yes
dns proxy = no
nterfaces = 127.0.0.0/8 eth0
log file = /var/log/samba/log.%m
security = user
encrypt passwords = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=SchulServer-schulsupport,dc=de
ldap suffix = dc=SchulServer-schulsupport,dc=de
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
obey pam restrictions = No
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
domain logons = yes
logon path =
logon script = logon.bat
load printers = yes
printing = cups
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -t 5 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
domain master = yes
os level = 64
Unix charset = ISO8859-1
Dos charset = 850
time server = yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
Meine SLAP-Conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba3.schema
include /etc/ldap/schema/krb5-kdc.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 3
directory "/var/lib/ldap"
modulepath /usr/lib/ldap
moduleload back_bdb
sizelimit 500
tool-threads 1
backend bdb
checkpoint 512 30
database bdb
suffix "dc=SchulServer-schulsupport,dc=de"
rootdn "cn=Manager,dc=SchulServer-schulsupport,dc=de"
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
lastmod on
access to attrs=userPassword,shadowLastChange,sambaNTPasswor d,sambaLMPassword
by dn="cn=Manager,dc=SchulServer-schulsupport,dc=de" write
by self write
by anonymous auth
by * read
access to * by * read
access to *
by dn="cn=Manager,dc=SchulServer-schulsupport,dc=de" write
by * read
Meine LDAP-Conf
BASE dc=SchulServer-schulsupport,dc=de
scope sub
URI ldap://127.0.0.1
suffix "dc=SchulServer-schulsupport,dc=de"
rootbinddn cn=Manager,dc=SchulServer-schulsupport,dc=de
pam_password exop
timelimit 5
bind_timelimit 5
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=Computers,dc=SchulServer-schulsupport,dc=de
nss_base_passwd ou=People,dc=SchulServer-schulsupport,dc=de
nss_base_shadow ou=People,dc=SchulServer-schulsupport,dc=de
nss_base_group ou=Group,dc=SchulServer-schulsupport,dc=de
nss_base_hosts ou=Hosts,dc=SchulServer-schulsupport,dc=de
ich habe auf meinem Server Samba auf Ldap umgestellt das Funktioniert auch soweit, also ich kann mich mit einem Benutzer den ich in Ldap über LAM angelegt habe sowohl an der Shell als auch bei Samba anmelden, wenn ich ich auf ein Samba Verzeichnis zugreifen möchte funktioniert das auch mit dem Login von dem Angelegt benutzer. Wenn ich jedoch einen Rechner in eine Domäne aufnehmen möchte funktioniert nichts.
Hier sind mal die auszüge aus dem Log:
/var/log/samba/log.vmware-Rechner
[2007/04/27 11:56:24, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 5 -w "vmware-flanders$"' gave 1
Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1056.
[2007/04/27 11:56:34, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 5 -w "vmware-flanders$"' gave 1
[2007/04/27 12:02:10, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 5 -w "vmware-flanders$"' gave 9
[2007/04/27 12:04:42, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 5 -w "vmware-flanders$"' gave 9
Meine SMB-Conf
[global]
workgroup = Schule
server string = %h server (Samba, Ubuntu)
netbios name = kss
wins support = yes
dns proxy = no
nterfaces = 127.0.0.0/8 eth0
log file = /var/log/samba/log.%m
security = user
encrypt passwords = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=SchulServer-schulsupport,dc=de
ldap suffix = dc=SchulServer-schulsupport,dc=de
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
obey pam restrictions = No
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
domain logons = yes
logon path =
logon script = logon.bat
load printers = yes
printing = cups
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -t 5 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
domain master = yes
os level = 64
Unix charset = ISO8859-1
Dos charset = 850
time server = yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
Meine SLAP-Conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba3.schema
include /etc/ldap/schema/krb5-kdc.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 3
directory "/var/lib/ldap"
modulepath /usr/lib/ldap
moduleload back_bdb
sizelimit 500
tool-threads 1
backend bdb
checkpoint 512 30
database bdb
suffix "dc=SchulServer-schulsupport,dc=de"
rootdn "cn=Manager,dc=SchulServer-schulsupport,dc=de"
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
lastmod on
access to attrs=userPassword,shadowLastChange,sambaNTPasswor d,sambaLMPassword
by dn="cn=Manager,dc=SchulServer-schulsupport,dc=de" write
by self write
by anonymous auth
by * read
access to * by * read
access to *
by dn="cn=Manager,dc=SchulServer-schulsupport,dc=de" write
by * read
Meine LDAP-Conf
BASE dc=SchulServer-schulsupport,dc=de
scope sub
URI ldap://127.0.0.1
suffix "dc=SchulServer-schulsupport,dc=de"
rootbinddn cn=Manager,dc=SchulServer-schulsupport,dc=de
pam_password exop
timelimit 5
bind_timelimit 5
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=Computers,dc=SchulServer-schulsupport,dc=de
nss_base_passwd ou=People,dc=SchulServer-schulsupport,dc=de
nss_base_shadow ou=People,dc=SchulServer-schulsupport,dc=de
nss_base_group ou=Group,dc=SchulServer-schulsupport,dc=de
nss_base_hosts ou=Hosts,dc=SchulServer-schulsupport,dc=de