Ubuntu 12.04 Server.
Помогите связать самбу и лдап. LDAP уже установлен, управлять им удаётся. Дело за самбой. Настраиваю по инструкции: http://forum.ubuntu.ru/index.php?topic=45970.0 (начиная с пункта «Установка SAMBA»)
/etc/samba/smbd.conf
[global]
workgroup = MYFIRM
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no
ldap admin dn = cn=admin,dc=myfirm,dc=local
ldap suffix = dc=myfirm,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
domain logons = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
map to guest = bad user
logon path =
socket options = TCP_NODELAY
usershare allow guests = yes
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
/etc/ldap/ldap.conf:
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/misc.schema
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
/etc/smbldap-tools/smbldap.conf:
SID="S-1-5-21-260130283-2911224480-2891038847"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
ldapSSL="0"
verify="require"
suffix="dc=myfirm,dc=local"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
password_hash="SSHA"
password_crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/ldapusers/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
shadowAccount="1"
defaultMaxPasswordAge="45"
userSmbHome=
userProfile=
userHomeDrive=
userScript=
mailDomain="myfirm.ru"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
/etc/smbldap-tools/smbldap_bind.conf:
slaveDN="cn=admin,dc=myfirm,dc=local"
slavePw="qwerty"
masterDN="cn=admin,dc=myfirm,dc=local"
masterPw="qwerty"
Проблемы такие:
- при генерации SID вылезают ошибки:
Failed to issue the StartTLS instruction: Protocol error
Failed to issue the StartTLS instruction: Protocol error
Failed to issue the StartTLS instruction: Protocol error
smbldap_search_domain_info: Adding domain info for MYFIRM failed with NT_STATUS_UNSUCCESSFUL
SID for domain SUPERSERVER is: S-1-5-21-260130283-2911224480-2891038847
- ступор при выполнении populate:
smbldap-populate -u 30000 -g 30000
Use of qw(...) as parentheses is deprecated at /usr/share/perl5/smbldap_tools.pm line 1423, <DATA> line 522.
Populating LDAP directory for domain MYFIRM (S-1-5-21-260130283-2911224480-2891038847)
(using builtin directory structure)
entry dc=myfirm,dc=local already exist.
adding new entry: ou=Users,dc=myfirm,dc=local
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 500.
entry ou=Groups,dc=myfirm,dc=local already exist.
adding new entry: ou=Computers,dc=myfirm,dc=local
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 500.
adding new entry: ou=Idmap,dc=myfirm,dc=local
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 500.
failed to search entry: invalid DN at /usr/sbin/smbldap-populate line 480.
В /var/log/syslog:
superserver slapd[3379]: conn=1088 op=9 do_search: invalid dn: "sambaDomainName=MYFIRM,dc=myfirm,dc=local"
В тот же лог периодически выплёвывается:
superserver slapd[3379]: conn=1084 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
