openldap samba аторизация пользователей
Сделал как в "Руководство по настройке Samba в режиме PDC с использованием LDAP" (на wiki)
если добавлять пользователя скртиптом то он есть через GQ я его вижу, но авторизоваться неполучается (даже на Линуксовой машине). В логах ошибок нет, при старте все стартует без ошибок. Если сделать прямо на это машине su user то он пишет Unknown id: user
ldapsearch -x полказывет содержимое ЛДАПа, с другой машины ldapsearch -x -h host тожу все показывает.
Что у меня не так? Помогите разобраться!
Настройки следующие
====>slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to dn.subtree="dc=domain,dc=com" attrs=userPassword,sambaLMPassword,sambaNTPassword
by dn.subtree="cn=Manager,dc=domain,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=domain,dc=com" write
by dn="cn=Domain Users,ou=Groups,dc=domain,dc=com" write
by dn="cn=Domain Guests,ou=Groups,dc=domain,dc=com" write
by dn="cn=Domain Computers,ou=Groups,dc=domain,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=domain,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=domain,dc=com" write
by dn="cn=Print Operators,ou=Groups,dc=domain,dc=com" write
by dn="cn=Backup Operators,ou=Groups,dc=domain,dc=com" write
by dn="cn=Replicators,ou=Groups,dc=domain,dc=com" write
by self write
by anonymous auth
by * none
access to dn.subtree="ou=Users,dc=domain,dc=com"
by dn.subtree="cn=Manager,dc=domain,dc=com" write
by self write
by * read
access to dn.subtree="ou=Groups,dc=domain,dc=com"
by dn="cn=Manager,dc=domain,dc=com" write
by * read
access to dn.subtree="dc=domain,dc=com"
by dn.subtree="cn=Manager,dc=domain,dc=com" write
by self write
by * read
access to *
by dn.subtree="cn=Manager,dc=domain,dc=com" write
by anonymous auth
access to dn.base=""
by self write
by * auth
access to attrs=userPassword
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
by anonymous auth
loglevel 256
database bdb
suffix "dc=domain,dc=com"
rootdn "cn=Manager,dc=domain,dc=com"
rootpw {MD5}secret
directory /var/lib/openldap-data
index objectClass eq
index cn eq,subinitial
index sn eq,subinitial
index uid eq,subinitial
index displayName eq,subinitial
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
samba.conf
[global]
workgroup = DOMAIN
netbios name = DOMAIN
nt acl support = yes
acl compatibility = win2k
map acl inherit = yes
server string = Samba Server %v
interfaces = eth0
bind interfaces only = yes
hosts allow = 192.168.7. 127. 10.
log file = /var/log/samba/log.%m
debug level = 9
max log size = 500
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
security = user
os level = 250
passdb backend = ldapsam:"ldap://127.0.0.1/"
enable privileges = yes
passwd program = /usr/sbin/smbldap-passwd "%u"
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
passdb expand explicit = no
unix password sync = no
ldap passwd sync = no
ldap suffix = dc=domain,dc=com
ldap admin dn = cn=Manager,dc=domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Users
ldap idmap suffix = ou=Idmap
idmap backend = ldapsam:ldap://127.0.0.1/
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap delete dn = Yes
ldap ssl = no
add user script = /usr/sbin/smbldap-useradd -n -a "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-userdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
domain master = yes
preferred master = yes
# domain master = no
# preferred master = no
domain logons = Yes
logon script =
#logon path = \\%L\Profiles\%a\%U
logon path =
logon drive = U:
logon home = \\%L\users\%U
#============================ Share Definitions ==============================
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
browseable = yes
guest ok = yes
writable = no
share modes = no
[Profiles]
admin users = admin
create mode = 600
directory mode = 700
path = /var/lib/samba/profiles
browseable = yes
guest ok = yes
writable = yes
{homes]
comment = Home Directories
browseable = no
read only = no
[public]
path = /export/home/public
guest ok = yes
read only = no
[users]
path = /export/home
writable = yes
printable = no
- Для комментирования войдите или зарегистрируйтесь
приведи
приведи вывод
cat nsswitch.conf
getent passwd
_________________
Главное не забыть mount /dev/hands
[cat nsswitch.conf] passwd:
[cat nsswitch.conf]
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins
networks: files dns
services: db files
protocols: db files
rpc: ldap [NOTFOUND=return] db files
ethers: ldap [NOTFOUND=return] db files
netmasks: files
netgroup: ldap [NOTFOUND=return] files
bootparams: files
automount: files
aliases: files
[getent passwd]
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/adm:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0:operator:/root:/bin/bash
man:x:13:15:man:/usr/share/man:/bin/false
postmaster:x:14:12:postmaster:/var/spool/mail:/bin/false
postgres:x:70:70::/var/lib/postgresql:/bin/bash
nut:x:84:84:nut:/var/state/nut:/bin/false
postfix:x:207:207:postfix:/var/spool/postfix:/bin/false
smmsp:x:209:209:smmsp:/var/spool/mqueue:/bin/false
portage:x:250:250:portage:/var/tmp/portage:/bin/false
nobody:x:65534:65534:nobody:/:/bin/false
sshd:x:22:22:added by portage for openssh:/var/empty:/bin/false
cron:x:16:16:added by portage for cronbase:/var/spool/cron:/bin/false
ldap:x:439:439:added by portage for openldap:/usr/lib/openldap:/bin/false
apache:x:81:81:added by portage for apache:/var/www:/bin/false
rpc:x:111:111:added by portage for portmap:/dev/null:/bin/false