raffael.schmid
Newbie
Hallo,
Ich habe nun während zwei Tagen einen Samba Server mit LDAP aufgesetzt. Nun komme ich aber nicht mehr weiter:
Ich habe zwei Benutzer (raffi,tester) und root angelegt.
Wenn ich mich von W2K auf den Server verbinde, kann ich mich mit raffi authentifizieren, mit tester aber nicht. Den Rechner der Domain hinzufügen funktioniert auch nicht (mit root).
Auszug des logfiles (loglevel 2) als raffi:
Auszug des logfiles (loglevel 2) als tester:
smb.conf:
/etc/openldap/sldap.conf:
In den Logs sehe ich "User tester in passdb, but getpwnam() fails!"
Was soll das??
von Mac oder Linux (SuSE 9.3 getestet) kann ich mich problemlos per LDAP authentifizieren.
Das System ist ein SuSE 9.3, Samba Version 3.0.13-1.1-SUSE, openldap slapd 2.2.23
Wie kann ich mich nun von Windows aus einloggen und den Rechner in die Domäne einbinden?
Vielen Dank schon im Vorraus
Grüsse
rs
Ich habe nun während zwei Tagen einen Samba Server mit LDAP aufgesetzt. Nun komme ich aber nicht mehr weiter:
Ich habe zwei Benutzer (raffi,tester) und root angelegt.
Wenn ich mich von W2K auf den Server verbinde, kann ich mich mit raffi authentifizieren, mit tester aber nicht. Den Rechner der Domain hinzufügen funktioniert auch nicht (mit root).
Auszug des logfiles (loglevel 2) als raffi:
Code:
[2005/09/21 08:19:49, 0] lib/util_sock.c:get_peer_addr(1150)
getpeername failed. Error was Transport endpoint is not connected
[2005/09/21 08:19:49, 0] lib/util_sock.c:read_socket_data(384)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2005/09/21 08:19:49, 2] smbd/server.c:exit_server(609)
Closing connections
[2005/09/21 08:19:49, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/09/21 08:19:49, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/09/21 08:19:49, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/21 08:19:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: raffi
[2005/09/21 08:19:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)
[2005/09/21 08:19:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)
[2005/09/21 08:19:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)
[2005/09/21 08:19:49, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [raffi] -> [raffi] -> [raffi] succeeded
[2005/09/21 09:10:48, 2] smbd/server.c:exit_server(609)
Closing connections
Auszug des logfiles (loglevel 2) als tester:
Code:
[2005/09/21 09:13:09, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/09/21 09:13:09, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2005/09/21 09:13:09, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/21 09:13:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: tester
[2005/09/21 09:13:09, 1] auth/auth_util.c:make_server_info_sam(840)
User tester in passdb, but getpwnam() fails!
[2005/09/21 09:13:09, 0] auth/auth_sam.c:check_sam_security(324)
check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
[2005/09/21 09:13:09, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [tester] -> [tester] FAILED with error NT_STATUS_NO_SUCH_USER
[2005/09/21 09:13:09, 2] smbd/server.c:exit_server(609)
Closing connections
smb.conf:
Code:
[global]
netbios name = fileserver
workgroup = YUX
server string = fileserver Rules the World
encrypt passwords = true
unix password sync = false
security = user
log file = /var/log/samba/log
log level = 2
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = true
os level = 254
preferred master = true
local master = true
domain master = true
dns proxy = true
wins support = true
logon path = \\fileserver\profiles\%u
logon drive = U:
logon home = \\fileserver\%u
logon script = logon.cmd
null passwords = no
hide unreadable = yes
hide dot files = yes
ldap passwd sync = yes
passdb backend = ldapsam:ldap://127.0.0.1:389
ldap suffix = ou=Users,dc=yux
ldap group suffix = ou=Groups,dc=yux
ldap machine suffix= ou=Workstations,dc=yux
ldap admin dn = cn=root,dc=yux
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
[homes]
comment = Home Directories
valid users = %S
read only = false
create mask = 0600
directory mask = 0700
browseable = false
[netlogon]
comment = Network Logon Service
path = /usr/local/var/samba/netlogon
writable = no
[profiles]
path = /usr/local/var/samba/profiles
writeable = true
browseable = false
create mode = 0600
directory mode = 0700
/etc/openldap/sldap.conf:
Code:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/samba.schema
#include /etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
#access to attr=userPassword,userPKCS12
# by self write
# by * auth
#access to attr=shadowLastChange
# by self write
# by * read
#access to *
# by * read
access to attr=userPassword
by dn="cn=root,dc=yux" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=root,dc=yux" write
by * read
#access to dn=".*,ou=Roaming,dc=yux"
# by dn="cn=root,dc=yux" write
# by dnattr=owner write
database ldbm
suffix "dc=yux"
lastmod on
directory /var/lib/ldap
index objectClass eq
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
#database bdb
#checkpoint 1024 5
#cachesize 10000
#suffix "dc=yux"
rootdn "cn=root,dc=yux"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw admin11
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
#directory /var/lib/ldap
# Indices to maintain
#index objectClass eq
In den Logs sehe ich "User tester in passdb, but getpwnam() fails!"
Was soll das??
von Mac oder Linux (SuSE 9.3 getestet) kann ich mich problemlos per LDAP authentifizieren.
Das System ist ein SuSE 9.3, Samba Version 3.0.13-1.1-SUSE, openldap slapd 2.2.23
Wie kann ich mich nun von Windows aus einloggen und den Rechner in die Domäne einbinden?
Vielen Dank schon im Vorraus
Grüsse
rs