Сервер CentOS 5.2 (openldap-2.3.43-3.el5 + samba-3.0.33-3.7.el5)Сервер PDC на самбе. Хотим перевести авторизацию на ldap.
Настроил лдап (вроде :[)
/etc/openldap/slapd.conf
------------------------------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/openldap.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=sclad,dc=lan"
directory /var/lib/ldap
rootdn "cn=root,dc=sclad,dc=lan"
rootpw {SSHA}Tg....9xl
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by anonymous auth
by * none
index objectClass eq
index cn eq,pres,sub
index mail eq,pres,sub
index uid eq,pres,sub
index displayName eq,pres,sub
index surname eq,pres,sub
index givenname eq,pres,sub
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
------------------------------
/etc/openldap/ldap.conf и /etc/ldap.conf
------------------------------
host 127.0.0.1
#uri ldap://127.0.0.1/
base dc=sclad,dc=lan
#ldap_version 3
rootbinddn cn=root,dc=sclad,dc=lan
port 389
scope one
timelimit 30
bind_timelimit 10
bind_policy soft
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
nss_base_passwd ou=Users,dc=sclad,dc=lan?one
nss_base_passwd ou=Computers,dc=sclad,dc=lan?one
nss_base_shadow ou=Users,dc=sclad,dc=lan?one
nss_base_group ou=Group,dc=sclad,dc=lan?one
------------------------------
Начинаю настраивать самбу:
/etc/samba/smb.conf
------------------------------
[global]
workgroup = SCLAD.LAN
netbios name = DSRV
server string = Domain Controller Samba Server
security = user
encrypt passwords = yes
hosts allow = 192. 127.
interfaces = 192.168.1.1
smb ports = 139
log file = /var/log/samba/%m.log
max log size = 1000
load printers = no
wins support = Yes
# time server = yes
dns proxy = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=4096 SO_RCVBUF=4096
logon script = logon.bat
logon path =
logon drive = Z:
local master = Yes
domain master = Yes
preferred master = Yes
domain logons = Yes
os level = 255
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=root,dc=sclad,dc=lan
ldap suffix = dc=spec,dc=lan
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap delete dn = No
# скрипты для добавления юзеров и групп (юзается в usermgr от nt4)
add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
add machine script = /etc/smbldap-tools/smbldap-useradd -t 0 -w "%u"
add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
add user to group script = /etc/smbldap-tools/smbldap-groupmod -m "%u" "%g"
delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g"
delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
set primary group script = /etc/smbldap-tools/smbldap-usermod -g '%g' '%u'
[homes]
comment = Home Directories
path = /home/%S
read only = No
create mask = 0600
force create mode = 0600
directory mask = 0700
force directory mode = 0700
browseable = No
[netlogon]
comment = Network Logon Service
path = /docs/netlogon/logon.bat
read only = No
guest ok = Yes
browseable = No
share modes = No
------------------------------
Стартуем:
[root@dsrv samba]# service iptables status
Firewall is stopped.
[root@dsrv samba]# service ldap status
slapd (pid 5596) is running...
[root@dsrv samba]# service winbind status
winbindd (pid 7741 7740 7709 7708) is running...
[root@dsrv samba]# service smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@dsrv samba]# service smb status
smbd dead but pid file exists
nmbd (pid 8161 8160) is running...
В логах:
/var/log/samba/smbd.log
------------------------------
[2009/04/14 16:07:36, 0] smbd/server.c:main(944)
smbd version 3.0.33-3.7.el5 started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
[2009/04/14 16:07:36, 0] auth/auth_util.c:create_builtin_administrators(844)
create_builtin_administrators: Failed to create Administrators
[2009/04/14 16:07:36, 0] auth/auth_util.c:create_builtin_users(810)
create_builtin_users: Failed to create Users
[2009/04/14 16:07:36, 0] auth/auth_util.c:create_builtin_administrators(844)
create_builtin_administrators: Failed to create Administrators
[2009/04/14 16:07:36, 0] auth/auth_util.c:create_builtin_users(810)
create_builtin_users: Failed to create Users
[2009/04/14 16:07:36, 0] services/services_db.c:svcctl_init_keys(420)
svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED)
[2009/04/14 16:07:36, 0] auth/auth_util.c:create_builtin_administrators(844)
create_builtin_administrators: Failed to create Administrators
[2009/04/14 16:07:36, 0] auth/auth_util.c:create_builtin_users(810)
create_builtin_users: Failed to create Users
[2009/04/14 16:07:36, 0] smbd/server.c:main(1059)
ERROR: failed to setup guest info.
------------------------------
/var/log/samba/nmbd.log
------------------------------
*****
Samba name server DSRV is now a local master browser for workgroup SCLAD.LAN on subnet 192.168.1.1
*****
------------------------------
Подскажите куда копать.
Вожусь уже неделю, в результате в голове уже полная каша. :(
