OS: Gentoo.
Поставил LDAP, подключил к ней nextcloud за пару минут через веб-интерфейс. Но вот уже неделю пытаюсь подключить samba к ldap. Для тестирования поставил samba на том же хосте, что и ldap. Группа samba это группа внутри ldap, чтобы понимать каким пользователям давать доступ к samba. test2 - тестовый пользователь. Так же поставил и настроил smbldap-tools. Она нормально получает список пользователей и изменяет их в ldap.
Но все равно не могу зайти в папку test под пльзователем test2 из под Windows 10, пишет не правильный пароль (сложно ошибиться в пароле «1234»). В чем может быть проблема?
Из под root или создавал отдельно пользователя test на самом хосте Gentoo, с них нормально заходит. Но не хочу хранить кучу пользователей на сервере, в ldap безопаснее.
... # testparm
Load smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "idmap backend" option is deprecated
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/openldap/ldap.conf
ldap_init: using /etc/openldap/ldap.conf
ldap_url_parse_ext(ldap://127.0.0.1:389/)
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add machine script = /usr//sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
dns proxy = No
idmap backend = ldap:ldap://192.168.2.7
ldap admin dn = cn=admin,dc=srd,dc=ru
ldap debug level = 1
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = yes
ldap suffix = dc=srd,dc=ru
ldap user suffix = ou=people
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = ldapsam:ldap://192.168.2.7
password server = 192.168.2.7
security = USER
server string = Samba Server
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
wins support = Yes
idmap config * : backend = ldap:ldap://192.168.2.7
[test]
comment = Test dir
force group = users
force user = nobody
path = /srv/test
read only = No
valid users = @samba test2 root
write list = @samba test2
... # smbldap-userlist
uid |username
0 |root |
999 |nobody |
10000 |test2 |
... # pdbedit -L -v
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/openldap/ldap.conf
ldap_init: using /etc/openldap/ldap.conf
ldap_url_parse_ext(ldap://127.0.0.1:389/)
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
---------------
Unix username: root
NT username: root
Account Flags: [U ]
User SID: S-1-5-21-795321463-2392883250-3341194798-500
Primary Group SID: S-1-5-21-795321463-2392883250-3341194798-513
Full Name: Netbios Domain Administrator
Home Directory: \\POWSRV\root
HomeDir Drive: S:
Logon Script:
Profile Path: \\POWSRV\root\profile
Domain: POWSRV
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Вт, 19 янв 2038 06:14:07 MSK
Kickoff time: Вт, 19 янв 2038 06:14:07 MSK
Password last set: Ср, 17 ноя 2021 14:34:24 MSK
Password can change: Ср, 17 ноя 2021 14:34:24 MSK
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: nobody
NT username:
Account Flags: [U ]
User SID: S-1-5-21-795321463-2392883250-3341194798-501
Primary Group SID: S-1-5-21-795321463-2392883250-3341194798-513
Full Name: System user; nobody
Home Directory:
HomeDir Drive: (null)
Logon Script:
Profile Path:
Domain: POWSRV
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 0
Password can change: 0
Password must change: 0
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: test2
NT username: test2
Account Flags: [UX ]
User SID: S-1-5-21-795321463-2392883250-3341194798-21000
Failed to find a Unix account for test2
Primary Group SID: (NULL SID)
Full Name: test2
Home Directory: \\POWSRV\test2
HomeDir Drive: U:
Logon Script:
Profile Path: \\POWSRV\test2\profile
Domain: POWSRV
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: Вт, 01 янв 2030 17:01:01 MSK
Password last set: Ср, 17 ноя 2021 17:18:21 MSK
Password can change: Ср, 17 ноя 2021 17:18:21 MSK
Password must change: Вт, 19 янв 2038 06:14:07 MSK
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF