Делал все по этой статье:
http://smb-conf.ru/kontroller-domena-sa ... -ldap.html
Все здорово, но цель достигнута не была.
Может быть автор что-то забыл дописать еще.
У меня проблема возникла в самом конце статьи, на 6 пункте:#net rpc rights list accounts -U administrator%пароль_администратора
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_INVALID_HANDLEвот что пишет при этом в логе:
#cat slapd.log
Jul 6 15:36:55 red slapd[602]: conn=2 op=6 UNBIND
Jul 6 15:36:55 red slapd[602]: conn=2 fd=18 closed
Jul 6 15:36:55 red slapd[602]: conn=4 op=19 UNBIND
Jul 6 15:36:55 red slapd[602]: conn=4 fd=20 closed
Jul 6 15:37:03 red slapd[602]: conn=9 op=4 SRCH base="sambaDomainName=MYDOMEN2,dc=mydomen2,dc=ru" scope=2 deref=0 filter="(objectClass=sambaTrustedDomainPassword)"
Jul 6 15:37:03 red slapd[602]: conn=9 op=4 SRCH attr=sambaDomainName sambaSID
Jul 6 15:37:03 red slapd[602]: conn=9 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 6 15:37:11 red slapd[602]: conn=12 op=35 UNBIND
Jul 6 15:37:11 red slapd[602]: conn=12 fd=28 closedЕсли попробовать дальше идти по статье, то:
#net rpc rights grant -U administrator%пароль_администратора 'MYDOMEN2\Domain Admins' SeAddUsersPrivilege
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_INVALID_HANDLEВ логе пишет:
#cat slapd.log
Jul 6 15:40:03 red slapd[602]: conn=22 fd=18 ACCEPT from IP=192.168.0.102:64476 (IP=0.0.0.0:389)
Jul 6 15:40:03 red slapd[602]: conn=22 op=0 BIND dn="" method=128
Jul 6 15:40:03 red slapd[602]: conn=22 op=0 RESULT tag=97 err=0 text=
Jul 6 15:40:03 red slapd[602]: conn=22 op=1 SRCH base="ou=Groups,dc=mydomen2,dc=ru" scope=1 deref=0 filter="(&(objectClass=posixGroup))"
Jul 6 15:40:03 red slapd[602]: conn=22 op=1 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Jul 6 15:40:03 red slapd[602]: conn=22 op=1 SEARCH RESULT tag=101 err=0 nentries=9 text=
Jul 6 15:40:03 red slapd[602]: conn=22 fd=18 closed (connection lost)Показываю свои конфиги:
Это моя система...
# uname -a
FreeBSD red.nmbank2.ru 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
========================================================================Это то что у нее есть..
#pkg_info
autoconf-2.62 Automatically configure source code on many Un*x platforms
autoconf-wrapper-20071109 Wrapper script for GNU autoconf
automake-1.9.6_3 GNU Standards-compliant Makefile generator (1.9)
automake-wrapper-20071109 Wrapper script for GNU automake
cups-client-1.3.10_4 Common UNIX Printing System: Library cups
db46-4.6.21.4 The Berkeley DB package, revision 4.6
en-freebsd-doc-20090913 Documentation from the FreeBSD Documentation Project
gamin-0.1.10_3 A file and directory monitoring system
gettext-0.17_1 GNU gettext package
gio-fam-backend-2.20.5 FAM backend for GLib's GIO library
glib-2.20.5 Some useful routines of C programming (current stable versi
gmake-3.81_3 GNU version of 'make' utility
gnutls-2.8.3 GNU Transport Layer Security library
help2man-1.36.4_3 Automatically generating simple manual pages from program o
ja-p5-Jcode-2.07 Perl extension interface to convert Japanese text
libexecinfo-1.1_3 A library for inspecting program's backtrace
libgcrypt-1.4.4 General purpose crypto library based on code used in GnuPG
libgpg-error-1.7 Common error values for all GnuPG components
libiconv-1.13.1 A character set conversion library
libltdl-2.2.6a System independent dlopen wrapper
libslang2-2.1.4_1 Routines for rapid alpha-numeric terminal applications deve
libtool-2.2.6a Generic shared library support script
m4-1.4.13,1 GNU m4
mc-4.6.2 Midnight Commander, a free Norton Commander Clone
nss_ldap-1.264_3 RFC 2307 NSS module
openldap-client-2.4.18 Open source LDAP client implementation
openldap-server-2.4.18_1 Open source LDAP server implementation
p5-Authen-SASL-2.13 Perl5 module for SASL authentication
p5-Convert-ASN1-0.22 Perl5 module to encode and decode ASN.1 data structures
p5-Crypt-SmbHash-0.12 Perl module implementing lanman and nt md4 hash functions
p5-Digest-HMAC-1.01 Perl5 interface to HMAC Message-Digest Algorithms
p5-Digest-MD5-2.39 Perl5 interface to the MD5 algorithm
p5-Digest-SHA1-2.12 Perl interface to the SHA-1 Algorithm
p5-GSSAPI-0.26 Perl extension providing access to the GSSAPIv2 library
p5-IO-Socket-SSL-1.30 Perl5 interface to SSL sockets
p5-Net-SSLeay-1.35_2 Perl5 interface to SSL
p5-Text-Iconv-1.7 Perl interface to iconv() codeset conversion function
p5-URI-1.40 Perl5 interface to Uniform Resource Identifier (URI) refere
p5-Unicode-Map-0.112 Perl class that converts strings to/from 2-byte Unicode UCS
p5-Unicode-Map8-0.12_1 Mapping table between 8-bit chars and Unicode
p5-Unicode-MapUTF8-1.11 Perl class that implements conversion between arbitrary cha
p5-Unicode-String-2.09 These are experimental Perl5 modules to handle various Unic
p5-XML-Filter-BufferText-1.01 Filter to put all characters() in one event
p5-XML-NamespaceSupport-1.10 A simple generic namespace support class
p5-XML-SAX-0.96 Simple API for XML
p5-XML-SAX-Writer-0.52 SAX2 XML Writer
p5-gettext-1.05_2 Message handling functions
p5-perl-ldap-0.39 A Client interface to LDAP (includes Net::LDAP)
pcre-7.9 Perl Compatible Regular Expressions library
perl-5.8.9_3 Practical Extraction and Report Language
pkg-config-0.23_1 A utility to retrieve information about installed libraries
png-1.2.40 Library for manipulating PNG images
popt-1.14 A getopt(3) like library with a number of enhancements, fro
python26-2.6.2_3 An interpreted object-oriented programming language
samba-3.3.8 A free SMB and CIFS client and server for UNIX
smbldap-tools-0.9.5 Samba-LDAP management and support tools========================================================================
#cat /usr/local/etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schemaloglevel 256
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.orgpidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
# moduleload back_hdb
# moduleload back_ldap# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encrypt
Ответ
http://forum.smb-conf.ru/viewtopic.php?f=1&t=301#p619
определённо забугорные люди имели NT_STATUS_INVALID_HANDLE в 3.5.3 и ранее
вроде в 3.5.4 поправили, но у меня winbind всё равно даёт такой ответ на wbinfo -a ..., хотя всё остальное работает.
на что именно ругается сама самба в своих логах?