• Willkommen im Linux Club - dem deutschsprachigen Supportforum für GNU/Linux. Registriere dich kostenlos, um alle Inhalte zu sehen und Fragen zu stellen.

Samba->LDAP Problem: Kann keine Windows Rechner in Domäne

atracura

Newbie
Hi,

ich habe ein kleines Problem mit Samba und OpenLDAP:

Meine Daten:
Suse 9.2
Samba 3.0.9-2.3-SUSE
OpenLDAP: slapd 2.2.15

Nun zu meinem Problem:
Ich habe Samba und OpenLDAP wie in der IDELAX Dokumentation eingerichtet. Wenn ich einen Benutzer mit dem smbldap-useradd Script anlege funktioniert alles ganz normal, ich kann mich auch ohne weiteres anmelden.
Wenn ich aber nun einen Rechner in die Domäne einhängen möchte bekomme ich folgende Fehlermeldung in der Rechnerlogdatei:

Code:
[2005/09/01 13:26:49, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/01 13:26:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] succeeded
[2005/09/01 13:26:50, 2] smbd/server.c:exit_server(575)
  Closing connections
[2005/09/01 13:26:50, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/01 13:26:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] succeeded
[2005/09/01 13:26:51, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain MYDOMAIN -> S-1-5-21-3304255874-2887972702-1555624387
[2005/09/01 13:26:52, 2] smbd/server.c:exit_server(575)
  Closing connections
[2005/09/01 13:43:32, 2] smbd/server.c:exit_server(575)
  Closing connections
[2005/09/01 13:43:32, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/01 13:43:32, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] succeeded
[2005/09/01 13:43:33, 2] smbd/server.c:exit_server(575)
  Closing connections
[2005/09/01 13:43:34, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/01 13:43:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] succeeded
[2005/09/01 13:43:34, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain MYDOMAIN -> S-1-5-21-3304255874-2887972702-1555624387
[2005/09/01 13:43:36, 2] smbd/server.c:exit_server(575)
  Closing connections

Das komische ist aber, dass es diese Gruppen gibt:

dn: cn=Domain Users,ou=Groups,dc=cologne,dc=mydomain,dc=local
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3304255874-2887972702-1555624387-513
sambaGroupType: 2
displayName: Domain Users
structuralObjectClass: posixGroup
entryUUID: 3c3a55c4-aa64-1029-879f-fa8a7468604f
creatorsName: cn=Manager,dc=cologne,dc=mydomain,dc=local
createTimestamp: 20050826100220Z
memberUid: root
memberUid: benjamin
entryCSN: 20050901101848Z#000003#00#000000
modifiersName: cn=Manager,dc=cologne,dc=mydomain,dc=local
modifyTimestamp: 20050901101848Z

smb.conf:
[global]
workgroup = MYDOMAIN
netbios name = hawking
server string = hawking as Samba-Server

passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=cologne,dc=mydomain,dc=local
ldap suffix = dc=cologne,dc=mydomain,dc=local
ldap group suffix = ou=Groups,dc=cologne,dc=mydomain,dc=local
ldap user suffix = ou=Users,dc=cologne,dc=mydomain,dc=local
ldap machine suffix = ou=Computers,dc=cologne,dc=mydomain,dc=local
ldap idmap suffix = ou=Idmap,dc=cologne,dc=mydomain,dc=local
ldap ssl = no

add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

username map = /etc/samba/smbusers
logon script = %u.BAT
logon drive = Y:
logon path = \\%L\profiles\%U
logon home = \\%L\%U
domain logons = yes
preferred master = yes
domain master = yes
security = user
local master = yes
os level = 65

dos charset = 850
unix charset = ISO-8859-15
display charset = ISO-8859-15

log level = 2
log file = /home/samba/logs/%m.log

wins support = yes

panic action = kill `cat /var/run/samba/smbd.pid`; rm /var/run/samba/smbd.pid ; /etc/init.d/smb start

keepalive = 60
smb ports = 445 139
use sendfile = no
large readwrite = no
idmap backend = ldap:ldap://10.0.1.253
 
OP
A

atracura

Newbie
Also in meinem Fall lag es daran, dass Samba nicht mit der Computer OU zusammenarbeiten wollte. Nachdem ich die Computer OU in der Samba Config File auf Users geändert hatte, konnte ich auch den Rechner in die Domäne hinzufügen.
 

stka

Guru
Hast du das Groupmapping für die Windows-Hosts erzeugt? Schau mal in die conf Datei der smbldap-tools dort steht welche UID dieses Groupmapping haben muss. Die Host in einer samba domäne müssen eine eigene Gruppen haben, die scheint hier zu fehlen.
 
Oben