forum.opennet.ru

Составление сообщения

Исходное сообщение

"Samba3 + ldap + LAM:Кругом ошибки. HELP!!! :-/"
Отправлено paul, 19-Июл-05 11:37

Мои рабочие конфиги связки freebsd 4.11 + samba-3.0.11,1 + openldap-2.2.23 :
ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE    dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT    12
#TIMELIMIT    15
#DEREF        never
host 127.0.0.1
base dc=mydomen,dc=com
rootbinddn cn=root,dc=mydomen,dc=com
port 389
scope sub
#pam_filter objectclass=posixAccount
#pam_login_attribute uid
#nss_base_passwd dc=pupkin,dc=com,dc=ru?sub?objectClass=posixAccount
#nss_base_group  dc=pupkin,dc=com,dc=ru?sub?objectClass=posixGroup
#nss_base_shadow dc=pupkin,dc=com,dc=ru?sub?objectClass=posixAccount
ssl no
#pam_password md5
slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include        /usr/local/etc/openldap/schema/core.schema
include        /usr/local/etc/openldap/schema/cosine.schema
include        /usr/local/etc/openldap/schema/inetorgperson.schema
include        /usr/local/etc/openldap/schema/misc.schema
include        /usr/local/etc/openldap/schema/nis.schema
include        /usr/local/etc/openldap/schema/openldap.schema
include        /usr/local/etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral    ldap://root.openldap.org
pidfile        /var/run/openldap/slapd.pid
argsfile    /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath    /usr/local/libexec/openldap
# moduleload    back_bdb
# moduleload    back_ldap
# moduleload    back_ldbm
# moduleload    back_passwd
# moduleload    back_shell
# Sample security restrictions
#    Require integrity protection (prevent hijacking)
#    Require 112-bit (3DES or better) encryption for updates
#    Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# ssl support
###TLSCipherSuite         HIGH:MEDIUM:+SSLv2:+TLSv1
###TLSCertificateFile      /etc/openldap/ldap.pem
###TLSCertificateKeyFile   /etc/openldap/ldap.pem
# Sample access control policy:
#    Root DSE: allow anyone to read it
#    Subschema (sub)entry DSE: allow anyone to read it
#    Other DSEs:
#        Allow self write access
#        Allow authenticated users read access
#        Allow anonymous users to authenticate
#    Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#    by self write
#    by users read
#    by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database    ldbm
suffix        "dc=mydomen,dc=com"
rootdn        "cn=root,dc=mydomen,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged. Help - I..m.L
rootpw        {MD5}...my-hash...==
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory    /var/db/openldap-data
# Indices to maintain
loglevel 256
index objectClass,uid,uidNumber,gidNumber     eq
index cn,mail,surname,givenname               eq,subinitial
# For samba3
index   sambaSID              eq
index   sambaPrimaryGroupSID  eq
index   sambaDomainName       eq
# Basic ACL
access to attr=userPassword
    by self write
    by anonymous auth
    by * none
# Access to smb-passwopds only for samba root
access to attrs=sambaLMPassword,sambaNTPassword
    by dn="cn=root,dc=mydomen,dc=com" write
    by * none
access to *
    by * read

файл для заведения в ldap администраторского аккаунта для самбы, исторически его назвали "root"-ом
main_root.ldif
# LDAP - main_root.ldif
dn: uid=root,dc=mydomen,dc=com
cn: root
objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 1000
uid: root
uidNumber: 1000
homeDirectory: /home/pavel
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\somewhere\users
sambaHomeDrive: H:
#sambaProfilePath:
sambaPrimaryGroupSID: S-1-5-21-2126506599-3373075323-406065605-512
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaAcctFlags: [U          ]
sambaSID: S-1-5-21-2126506599-3373075323-406065605-1000
loginShell: /bin/false
gecos: Netbios Domain Administrator
smb.conf
# Mystic's config for samba3
# Global parameters
[global]
    wins support = yes
    passdb backend = smbpasswd
    workgroup = MYDOMEN-a
    netbios name = MASTER
    interfaces = 192.168.1.0/255.255.255.0
    server string = %h server (Samba %v) Domain Master
    security = user
    admin users = root @wheel
    encrypt passwords = Yes
    unix password sync = no

    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    dns proxy = no
    case sensitive = no
    lanman auth = Yes

    obey pam restrictions = No
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
    username map = /usr/local/etc/smbusers.map
    syslog = 7
    log file = /var/log/samba/log.%m
    max log size = 500

    # PDC options
    domain master = yes
    local master = yes
    preferred master = yes
    os level = 255
    domain logons = Yes
    logon script =
    logon path =
    logon drive = X:
    logon home = \\somewhere\Users\%u
    # LDAP options
    passdb backend = ldapsam:ldap://localhost
    ldap suffix = dc=mydomen,dc=com
    ldap admin dn = "cn=root,dc=mydomen,dc=com"
    ldap delete dn = no
    ldap ssl = off
    ldap passwd sync = yes

    # Cyrillic options
    dos charset = CP866
    unix charset = KOI8-R
    display charset = KOI8-R
    # Hren ego znaet zachem eto nado
    kernel oplocks = yes
    level2 oplocks = no
    locking = no
    oplocks = no
[homes]
    comment = %u Home Directories
    valid users = %U
    write list = %U
    read only = No
    create mask = 0700
    directory mask = 0700
    browseable = No
    writable = yes
[netlogon]
    comment = Network Logon Service
    path = /usr/local/etc/samba/netlogon
    write list = root
    read only = No
    guest ok = Yes
    share modes = No

Исходное сообщение
"Samba3 + ldap + LAM:Кругом ошибки. HELP!!! :-/" Отправлено paul, 19-Июл-05 11:37
Мои рабочие конфиги связки freebsd 4.11 + samba-3.0.11,1 + openldap-2.2.23 : ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never host 127.0.0.1 base dc=mydomen,dc=com rootbinddn cn=root,dc=mydomen,dc=com port 389 scope sub #pam_filter objectclass=posixAccount #pam_login_attribute uid #nss_base_passwd dc=pupkin,dc=com,dc=ru?sub?objectClass=posixAccount #nss_base_group dc=pupkin,dc=com,dc=ru?sub?objectClass=posixGroup #nss_base_shadow dc=pupkin,dc=com,dc=ru?sub?objectClass=posixAccount ssl no #pam_password md5 slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/openldap.schema include /usr/local/etc/openldap/schema/samba.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args # Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_bdb # moduleload back_ldap # moduleload back_ldbm # moduleload back_passwd # moduleload back_shell # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # ssl support ###TLSCipherSuite HIGH:MEDIUM:+SSLv2:+TLSv1 ###TLSCertificateFile /etc/openldap/ldap.pem ###TLSCertificateKeyFile /etc/openldap/ldap.pem # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database ldbm suffix "dc=mydomen,dc=com" rootdn "cn=root,dc=mydomen,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. Help - I..m.L rootpw {MD5}...my-hash...== # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data # Indices to maintain loglevel 256 index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenname eq,subinitial # For samba3 index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq # Basic ACL access to attr=userPassword by self write by anonymous auth by * none # Access to smb-passwopds only for samba root access to attrs=sambaLMPassword,sambaNTPassword by dn="cn=root,dc=mydomen,dc=com" write by * none access to * by * read файл для заведения в ldap администраторского аккаунта для самбы, исторически его назвали "root"-ом main_root.ldif # LDAP - main_root.ldif dn: uid=root,dc=mydomen,dc=com cn: root objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 1000 uid: root uidNumber: 1000 homeDirectory: /home/pavel sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\somewhere\users sambaHomeDrive: H: #sambaProfilePath: sambaPrimaryGroupSID: S-1-5-21-2126506599-3373075323-406065605-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-2126506599-3373075323-406065605-1000 loginShell: /bin/false gecos: Netbios Domain Administrator smb.conf # Mystic's config for samba3 # Global parameters [global] wins support = yes passdb backend = smbpasswd workgroup = MYDOMEN-a netbios name = MASTER interfaces = 192.168.1.0/255.255.255.0 server string = %h server (Samba %v) Domain Master security = user admin users = root @wheel encrypt passwords = Yes unix password sync = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no case sensitive = no lanman auth = Yes obey pam restrictions = No passwd program = /usr/bin/passwd %u passwd chat = Enter\snew\sUNIX\spassword: %n\n Retype\snew\sUNIX\spassword: %n\n . username map = /usr/local/etc/smbusers.map syslog = 7 log file = /var/log/samba/log.%m max log size = 500 # PDC options domain master = yes local master = yes preferred master = yes os level = 255 domain logons = Yes logon script = logon path = logon drive = X: logon home = \\somewhere\Users\%u # LDAP options passdb backend = ldapsam:ldap://localhost ldap suffix = dc=mydomen,dc=com ldap admin dn = "cn=root,dc=mydomen,dc=com" ldap delete dn = no ldap ssl = off ldap passwd sync = yes # Cyrillic options dos charset = CP866 unix charset = KOI8-R display charset = KOI8-R # Hren ego znaet zachem eto nado kernel oplocks = yes level2 oplocks = no locking = no oplocks = no [homes] comment = %u Home Directories valid users = %U write list = %U read only = No create mask = 0700 directory mask = 0700 browseable = No writable = yes [netlogon] comment = Network Logon Service path = /usr/local/etc/samba/netlogon write list = root read only = No guest ok = Yes share modes = No

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> Мои рабочие конфиги связки freebsd 4.11 + samba-3.0.11,1 + openldap-2.2.23 : > ldap.conf > # > # LDAP Defaults > # > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > #BASE dc=example, dc=com > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > host 127.0.0.1 > base dc=mydomen,dc=com > rootbinddn cn=root,dc=mydomen,dc=com > port 389 > scope sub > #pam_filter objectclass=posixAccount > #pam_login_attribute uid > #nss_base_passwd dc=pupkin,dc=com,dc=ru?sub?objectClass=posixAccount > #nss_base_group dc=pupkin,dc=com,dc=ru?sub?objectClass=posixGroup > #nss_base_shadow dc=pupkin,dc=com,dc=ru?sub?objectClass=posixAccount > ssl no > #pam_password md5 > slapd.conf > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /usr/local/etc/openldap/schema/core.schema > include /usr/local/etc/openldap/schema/cosine.schema > include /usr/local/etc/openldap/schema/inetorgperson.schema > include /usr/local/etc/openldap/schema/misc.schema > include /usr/local/etc/openldap/schema/nis.schema > include /usr/local/etc/openldap/schema/openldap.schema > include /usr/local/etc/openldap/schema/samba.schema > # Define global ACLs to disable default read access. > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > # Load dynamic backend modules: > # modulepath /usr/local/libexec/openldap > # moduleload back_bdb > # moduleload back_ldap > # moduleload back_ldbm > # moduleload back_passwd > # moduleload back_shell > # Sample security restrictions > # Require integrity protection (prevent hijacking) > # Require 112-bit (3DES or better) encryption for updates > # Require 63-bit encryption for simple bind > # security ssf=1 update_ssf=112 simple_bind=64 > # ssl support > ###TLSCipherSuite HIGH:MEDIUM:+SSLv2:+TLSv1 > ###TLSCertificateFile /etc/openldap/ldap.pem > ###TLSCertificateKeyFile /etc/openldap/ldap.pem > # Sample access control policy: > # Root DSE: allow anyone to read it > # Subschema (sub)entry DSE: allow anyone to read it > # Other DSEs: > # Allow self write access > # Allow authenticated users read access > # Allow anonymous users to authenticate > # Directives needed to implement policy: > # access to dn.base="" by * read > # access to dn.base="cn=Subschema" by * read > # access to * > # by self write > # by users read > # by anonymous auth > # > # if no access controls are present, the default policy > # allows anyone and everyone to read anything but restricts > # updates to rootdn. (e.g., "access to * by * read") > # > # rootdn can always read and write EVERYTHING! > ####################################################################### > # BDB database definitions > ####################################################################### > database ldbm > suffix "dc=mydomen,dc=com" > rootdn "cn=root,dc=mydomen,dc=com" > # Cleartext passwords, especially for the rootdn, should > # be avoid. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. Help - I..m.L > rootpw {MD5}...my-hash...== > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd and slap tools. > # Mode 700 recommended. > directory /var/db/openldap-data > # Indices to maintain > loglevel 256 > index objectClass,uid,uidNumber,gidNumber eq > index cn,mail,surname,givenname > eq,subinitial > # For samba3 > index sambaSID > eq > index sambaPrimaryGroupSID eq > index sambaDomainName eq > # Basic ACL > access to attr=userPassword > by self write > by anonymous auth > by * none > # Access to smb-passwopds only for samba root > access to attrs=sambaLMPassword,sambaNTPassword > by dn="cn=root,dc=mydomen,dc=com" write > by * none > access to * > by * read > файл для заведения в ldap администраторского аккаунта для самбы, исторически его назвали > "root"-ом > main_root.ldif > # LDAP - main_root.ldif > dn: uid=root,dc=mydomen,dc=com > cn: root > objectClass: sambaSAMAccount > objectClass: posixAccount > gidNumber: 1000 > uid: root > uidNumber: 1000 > homeDirectory: /home/pavel > sambaPwdLastSet: 0 > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaPwdMustChange: 2147483647 > sambaHomePath: \\somewhere\users > sambaHomeDrive: H: > #sambaProfilePath: > sambaPrimaryGroupSID: S-1-5-21-2126506599-3373075323-406065605-512 > sambaLMPassword: XXX > sambaNTPassword: XXX > sambaAcctFlags: [U ] > sambaSID: S-1-5-21-2126506599-3373075323-406065605-1000 > loginShell: /bin/false > gecos: Netbios Domain Administrator > smb.conf > # Mystic's config for samba3 > # Global parameters > [global] > wins support = yes > passdb backend = smbpasswd > workgroup = MYDOMEN-a > netbios name = MASTER > interfaces = 192.168.1.0/255.255.255.0 > server string = %h server (Samba %v) Domain Master > security = user > admin users = root @wheel > encrypt passwords = Yes > unix password sync = no > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = no > case sensitive = no > lanman auth = Yes > obey pam restrictions = No > passwd program = /usr/bin/passwd %u > passwd chat = Enter\snew\sUNIX\spassword: %n\n Retype\snew\sUNIX\spassword: %n\n > . > username map = /usr/local/etc/smbusers.map > syslog = 7 > log file = /var/log/samba/log.%m > max log size = 500 > # PDC options > domain master = yes > local master = yes > preferred master = yes > os level = 255 > domain logons = Yes > logon script = > logon path = > logon drive = X: > logon home = \\somewhere\Users\%u > # LDAP options > passdb backend = ldapsam:ldap://localhost > ldap suffix = dc=mydomen,dc=com > ldap admin dn = "cn=root,dc=mydomen,dc=com" > ldap delete dn = no > ldap ssl = off > ldap passwd sync = yes > # Cyrillic options > dos charset = CP866 > unix charset = KOI8-R > display charset = KOI8-R > # Hren ego znaet zachem eto nado > kernel oplocks = yes > level2 oplocks = no > locking = no > oplocks = no > [homes] > comment = %u Home Directories > valid users = %U > write list = %U > read only = No > create mask = 0700 > directory mask = 0700 > browseable = No > writable = yes > [netlogon] > comment = Network Logon Service > path = /usr/local/etc/samba/netlogon > write list = root > read only = No > guest ok = Yes > share modes = No
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру