URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID14
Нить номер: 2025
[ Назад ]

Исходное сообщение
"samba LDAP сломала мой мозг!"

Отправлено Alex , 05-Мрт-09 11:52 
В общем, вопрос такой, поднят контроллер домена на самбе, юзеры в LDAP, вроде-бы всё работает, но при старте в лог пишет...
FreeBSD 7.0-RELEASE
Mar 4 23:38:11 mylocaldomain named[597]: nss_ldap: could not search LDAP server - Server is unavailable
Mar 4 23:38:11 mylocaldomain named[598]: starting BIND 9.4.3-P1 -c /etc/namedb/named.conf -t /var/named -u bind
Mar 4 23:38:11 mylocaldomain named[598]: could not get query source dispatcher (0.0.0.0#53)
Mar 4 23:38:11 mylocaldomain named[598]: loading configuration: address in use
Mar 4 23:38:11 mylocaldomain named[598]: exiting (due to fatal error)
Mar 4 23:38:12 mylocaldomain slapd[655]: nss_ldap: could not search LDAP server - Server is unavailable

и ещё при попытке добавить машину виндовую в домен она туда добавляется, НО!!!!
при входе с виндовой машине вываливается

ПОДКЛЮЧЕНИЕ К СИСТЕМЕ НЕВОЗМОЖНО, ТАК КАК ДОМЕН НЕДОСТУПЕН....


Народ, помогите, куда копать? я уже весь мозг сломал....

more ldap.conf

    host 127.0.0.1
    uri ldap://127.0.0.1/
    ldap_version 3
    port 389
    bind_timelimit 30
    bind_policy soft
    idle_timelimit 3600
    pam_filter objectclass=posixAccount
    pam_login_attribute uid
    pam_min_uid 1000
    pam_max_uid 65530
    pam_password SSHA
    nss_base_passwd ou=users,dc=mylocaldomain,dc=local?one
    nss_base_shadow ou=users,dc=mylocaldomain,dc=local?one
    nss_base_group ou=groups,dc=mylocaldomain,dc=local?one

more slapd.conf

    include         /usr/local/etc/openldap/schema/core.schema
    include         /usr/local/etc/openldap/schema/cosine.schema
    include         /usr/local/etc/openldap/schema/inetorgperson.schema
    include         /usr/local/etc/openldap/schema/misc.schema
    include         /usr/local/etc/openldap/schema/nis.schema
    include         /usr/local/etc/openldap/schema/openldap.schema
    include         /usr/local/etc/openldap/schema/samba.schema
    pidfile         /var/run/openldap/slapd.pid
    argsfile        /var/run/openldap/slapd.args
    modulepath      /usr/local/libexec/openldap
    moduleload      back_ldbm
    access to attrs=userPassword by self write by anonymous auth by * none
    access to * by   self write by anonymous read by         * none
    database        ldbm
    suffix          "dc=mylocaldomain,dc=local"
    rootdn          "cn=root,dc=mylocaldomain,dc=local"
    rootpw          {SSHA}dfEfFfp0IuqfCnhj3BGOCi94Qs5HVAa/R
    directory       /var/db/openldap-data
    loglevel        256
    index   objectClass     eq
    index   cn              eq


more nss_ldap.conf

    base dc=mylocaldomain,dc=local
    bind_policy soft
    bind_timelimit 10
    host localhost
    idle_timelimit 3600
    ldap_version 3
    nss_base_group  ou=groups,dc=mylocaldomain,dc=local?one
    nss_base_passwd ou=users,dc=mylocaldomain,dc=local?one
    nss_base_passwd ou=computers,dc=mylocaldomain,dc=local?one
    nss_base_shadow ou=users,dc=mylocaldomain,dc=local?one
    nss_connect_policy persist
    nss_paged_results yes
    pagesize 1000
    port 389
    scope one
    timelimit 30


/etc/nsswitch.conf

    group: files ldap
    hosts: files dns
    networks: files
    passwd: files ldap
    shadow: files ldap
    shells: files


more /usr/local/etc/ldapscripts/ldapscripts.conf

    SERVER="localhost"
    BINDDN="cn=root,dc=mylocaldomain,dc=local"
    BINDPWD="mypassword"
    SUFFIX="dc=mylocaldomain,dc=local" #
    GSUFFIX="ou=groups" # ,   ( )
    USUFFIX="ou=users" #  ,
    MSUFFIX="ou=computers" #
    GIDSTART="10000" # Group ID
    UIDSTART="10000" # User ID
    MIDSTART="20000" # Machine ID
    USHELL="/usr/sbin/nologin"
    UHOMES="/home/%u"
    ASKGECOS="no"
    CREATEHOMES="yes"
    HOMESKEL="/etc/skel"
    PASSWORDGEN="head -c8 /dev/random | uuencode -m - | sed -n -e '2s|=*$||;2p' | sed -e 's|+||g' -e 's|/||g'"
    RECORDPASSWORDS="yes"
    PASSWORDFILE="/var/log/ldapscripts_passwd.log"
    LOGFILE="/var/log/ldapscripts.log"
    LDAPSEARCHBIN="/usr/local/bin/ldapsearch"
    LDAPADDBIN="/usr/local/bin/ldapadd"
    LDAPDELETEBIN="/usr/local/bin/ldapdelete"
    LDAPMODIFYBIN="/usr/local/bin/ldapmodify"
    LDAPMODRDNBIN="/usr/local/bin/ldapmodrdn"
    LDAPPASSWDBIN="/usr/local/bin/ldappasswd"
    GETENTPWCMD=""
    GETENTGRCMD=""


more /usr/local/etc/smb.conf


    [global]
    workgroup = mylocaldomain
    netbios name = mylocaldomain
    server string = Documents
    security = user
    hosts allow = 192.168.51. 192.168.50. 192.168.2. 10.11. 127.
    load printers = no
    log file = /var/log/samba/log.%m
    max log size = 500
    encrypt passwords = yes
    admin users = admin
    passdb backend = ldapsam:ldap://localhost/
    ldap suffix = dc=mylocaldomain,dc=local
    ldap user suffix = ou=users
    ldap group suffix = ou=groups
    ldap machine suffix = ou=computers
    ldap admin dn = "cn=root,dc=mylocaldomain,dc=local"
    ldap delete dn = no
    ldap ssl = off
    socket options = TCP_NODELAY
    local master = yes
    os level = 64
    domain master = yes
    preferred master = yes
    domain logons = yes
    logon script = proxy.vbs
    logon path = \\%L\Profiles\%U\%m\
    logon home = \\%L\Profiles\%U\%m\
    logon drive = Z:
    wins support = yes
    dns proxy = no
    display charset = koi8-r
    unix charset = koi8-r
    dos charset = cp866
    time server = yes
    add machine script = /usr/local/sbin/ldapaddmachine '%u' computers
    add user script = /usr/local/sbin/ldapadduser '%u' people
    add group script = /usr/local/sbin/ldapaddgroup '%g'
    add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
    delete user script = /usr/local/sbin/ldapdeleteuser '%u'
    delete group script = /usr/local/sbin/ldapdeletegroup '%g'
    delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
    set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
    rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'

    [homes]
    comment = Home Directories
    browseable = no
    writable = yes

    [netlogon]
    comment = Network Logon Service
    path = /usr/local/etc/samba/netlogon/
    guest ok = yes
    writable = no
    share modes = no
    browseable = no

    [Profiles]
    create mode = 600
    directory mode = 700
    path = /home
    browseable = no
    guest ok = yes

     [data]
     comment = Dump of files
     path = /data
     create mode = 660
     directory mode = 770
     public = yes
     writeable = yes
     write list = @people
     read list = @people


Содержание

Сообщения в этом обсуждении
"samba LDAP сломала мой мозг!"
Отправлено Alex , 05-Мрт-09 12:30 
Всем спасибо! Нашел косяк.

В самбе имя совпадает с доменным


"samba LDAP сломала мой мозг!"
Отправлено Илья , 03-Мрт-11 11:30 
> Всем спасибо! Нашел косяк.
> В самбе имя совпадает с доменным

Спасибо, помогло