URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID14
Нить номер: 1252
[ Назад ]

Исходное сообщение
"не могу никак ввести комп в домен PDC Samba+ldap"

Отправлено 0m3r , 15-Мрт-07 14:26 
Доброго времени суток собствено сабж
использовал howto: http://www.lissyara.su/?id=1280
uname 6.1-RELEASE FreeBSD
pkg_info |grep samba
samba-3.0.23d,1     A free SMB and CIFS client and server for UNIX
# pkg_info | grep ldap
nss_ldap-1.251_1    RFC 2307 NSS module
openldap-client-2.3.33 Open source LDAP client implementation
openldap-server-2.3.33 Open source LDAP server implementation
p5-perl-ldap-0.33   A Client interface to LDAP servers
pam_ldap-1.8.2      A pam module for authenticating with LDAP
smbldap-tools-0.9.2a Useful package for managing users and groups in a LDAP dire
===
# testparm
Load smb config files from /usr/local/etc/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[data]"
Processing section "[tst]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        dos charset = cp866
        unix charset = koi8-r
        display charset = koi8-r
        workgroup = EDU
        netbios name = PM
        server string = samba pdc with ldap auth
        passdb backend = ldapsam:ldap://127.0.0.1/
        log file = /var/log/samba/log.%m
        max log size = 500
        time server = Yes
        load printers = No
        add machine script = /usr/local/etc/samba/add_machine.pl %m
        logon script = proxy.vbs
        logon path = \\%L\Profiles\%U\%m\%a
        logon drive = Z:
        logon home = \\%L\Profiles\%U\%m\%a
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        ldap admin dn = "cn=root,dc=pm,dc=edu"
        ldap group suffix = ou=groups
        ldap machine suffix = ou=computers
        ldap suffix = dc=pm,dc=edu
        ldap ssl = no
        ldap user suffix = ou=users
        admin users = admin
        hosts allow = 10.6.83., 127.

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /usr/local/etc/samba/netlogon/
        guest ok = Yes
        browseable = No
        share modes = No

[Profiles]
        path = /home
        create mask = 0600
        directory mask = 0700
        guest ok = Yes
        browseable = No

[data]
        comment = Dump of files
        path = /data
        read list = @People, @wheel
        write list = @People, @wheel
        read only = No
        create mask = 0660
        directory mask = 0770
        guest ok = Yes

[sus]
        comment = Dump of files
        path = /tst
        read list = @People, @wheel, admin
        write list = sus, admin
        create mask = 0664
        directory mask = 0770
        guest ok = Yes
++++
скрипт добавленния  add_machine.pl висит
а на
ldapadd -x -h 127.0.0.1 -D "cn=root,dc=pm,dc=edu" -W -f 683-ad.machine.ldif

=683-ad.machine.ldif=
dn: cn=683-ad,ou=computers,dc=pm,dc=edu
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
cn: 683-ad
sn: 683-ad Computer
uid: 683-ad$
userPassword: *
uidNumber: 10000
gidNumber: 5002
gecos: Computer
homeDirectory: /dev/null
loginShell: /usr/sbin/nologin
sambaDomainName: EDU
sambaAcctFlags: [W]
sambaSID:  S-1-5-21-4264372741-296706239-3456055400-515
+++

adding new entry "cn=683-ad,ou=computers,dc=pm,dc=edu"
ldap_add: Object class violation (65)
        additional info: attribute 'sambaDomainName' not allowed

ldap структура
ldapsearch -x -LLL -b 'dc=pm,dc=edu'
dn: dc=pm,dc=edu
objectClass: dcObject
objectClass: organization
objectClass: top
dc: pm
o: pm

dn: ou=users,dc=pm,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=pm,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: groups

dn: cn=Admin Group Samba,ou=groups,dc=pm,dc=edu
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: Admin Group Samba
gidNumber: 1000
memberUid: admin
sambaSID: S-1-5-21-4264372741-296706239-3456055400-512
sambaGroupType: 2
displayName: Admin group Samba
description: Domain Unix group

dn: cn=admin,ou=users,dc=pm,dc=edu
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: admin
sn: admin
uid: admin
uidNumber: 1000
gidNumber: 1000
gecos: Samba Admin
homeDirectory: /home/admin
loginShell: /usr/sbin/nologin
sambaSID: S-1-5-21-4264372741-296706239-3456055400-3000
displayName: Samba Admin
sambaPwdCanChange: 1173881775
sambaPwdMustChange: 2147483647
sambaLMPassword: 18DC02FF7E4408BBE3DC53D5AE35ECA7
sambaNTPassword: EAD80322AD8C90D90BC46FD88D6ED744
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1173881775
sambaAcctFlags: [U          ]

dn: cn=People,ou=groups,dc=pm,dc=edu
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: People
gidNumber: 5001
sambaSID: S-1-5-21-4264372741-296706239-3456055400-513
sambaGroupType: 2
displayName: People
description: Domain Unix group

dn: cn=sus,ou=users,dc=pm,dc=edu
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: sambaSamAccount
cn: sus
sn:: 0JzQuNGI0LjQvdCw
uid: sus
uidNumber: 5004
gidNumber: 5001
gecos: User
homeDirectory: /home/sus
loginShell: /usr/sbin/nologin
sambaSID: S-1-5-21-4264372741-296706239-3456055400-11008
displayName: User
sambaPwdCanChange: 1173881787
sambaPwdMustChange: 2147483647
sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
sambaNTPassword: 0CB6948805F797BF2A82807973B89537
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1173881787
sambaAcctFlags: [U          ]

dn: sambaDomainName=EDU,dc=pm,dc=edu
sambaDomainName: EDU
sambaSID: S-1-5-21-4264372741-296706239-3456055400
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0

dn: ou=computers,dc=pm,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: computers


вот такая вот фигня
помогите люди  а то у мну уже башка болит


Содержание

Сообщения в этом обсуждении
"не могу никак ввести комп в домен PDC Samba+ldap"
Отправлено 0m3r , 20-Мрт-07 09:03 
http://www.lissyara.su/?id=1329
заработал вот такой вариант :)