В общем, вопрос такой, поднят контроллер домена на самбе, юзеры в LDAP, вроде-бы всё работает, но при старте в лог пишет...
FreeBSD 7.0-RELEASE
Mar 4 23:38:11 mylocaldomain named[597]: nss_ldap: could not search LDAP server - Server is unavailable
Mar 4 23:38:11 mylocaldomain named[598]: starting BIND 9.4.3-P1 -c /etc/namedb/named.conf -t /var/named -u bind
Mar 4 23:38:11 mylocaldomain named[598]: could not get query source dispatcher (0.0.0.0#53)
Mar 4 23:38:11 mylocaldomain named[598]: loading configuration: address in use
Mar 4 23:38:11 mylocaldomain named[598]: exiting (due to fatal error)
Mar 4 23:38:12 mylocaldomain slapd[655]: nss_ldap: could not search LDAP server - Server is unavailableи ещё при попытке добавить машину виндовую в домен она туда добавляется, НО!!!!
при входе с виндовой машине вываливается
ПОДКЛЮЧЕНИЕ К СИСТЕМЕ НЕВОЗМОЖНО, ТАК КАК ДОМЕН НЕДОСТУПЕН....
Народ, помогите, куда копать? я уже весь мозг сломал....
more ldap.conf
host 127.0.0.1
uri ldap://127.0.0.1/
ldap_version 3
port 389
bind_timelimit 30
bind_policy soft
idle_timelimit 3600
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_min_uid 1000
pam_max_uid 65530
pam_password SSHA
nss_base_passwd ou=users,dc=mylocaldomain,dc=local?one
nss_base_shadow ou=users,dc=mylocaldomain,dc=local?one
nss_base_group ou=groups,dc=mylocaldomain,dc=local?one
more slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/local/libexec/openldap
moduleload back_ldbm
access to attrs=userPassword by self write by anonymous auth by * none
access to * by self write by anonymous read by * none
database ldbm
suffix "dc=mylocaldomain,dc=local"
rootdn "cn=root,dc=mylocaldomain,dc=local"
rootpw {SSHA}dfEfFfp0IuqfCnhj3BGOCi94Qs5HVAa/R
directory /var/db/openldap-data
loglevel 256
index objectClass eq
index cn eq
more nss_ldap.conf
base dc=mylocaldomain,dc=local
bind_policy soft
bind_timelimit 10
host localhost
idle_timelimit 3600
ldap_version 3
nss_base_group ou=groups,dc=mylocaldomain,dc=local?one
nss_base_passwd ou=users,dc=mylocaldomain,dc=local?one
nss_base_passwd ou=computers,dc=mylocaldomain,dc=local?one
nss_base_shadow ou=users,dc=mylocaldomain,dc=local?one
nss_connect_policy persist
nss_paged_results yes
pagesize 1000
port 389
scope one
timelimit 30
/etc/nsswitch.conf
group: files ldap
hosts: files dns
networks: files
passwd: files ldap
shadow: files ldap
shells: files
more /usr/local/etc/ldapscripts/ldapscripts.conf
SERVER="localhost"
BINDDN="cn=root,dc=mylocaldomain,dc=local"
BINDPWD="mypassword"
SUFFIX="dc=mylocaldomain,dc=local" #
GSUFFIX="ou=groups" # , ( )
USUFFIX="ou=users" # ,
MSUFFIX="ou=computers" #
GIDSTART="10000" # Group ID
UIDSTART="10000" # User ID
MIDSTART="20000" # Machine ID
USHELL="/usr/sbin/nologin"
UHOMES="/home/%u"
ASKGECOS="no"
CREATEHOMES="yes"
HOMESKEL="/etc/skel"
PASSWORDGEN="head -c8 /dev/random | uuencode -m - | sed -n -e '2s|=*$||;2p' | sed -e 's|+||g' -e 's|/||g'"
RECORDPASSWORDS="yes"
PASSWORDFILE="/var/log/ldapscripts_passwd.log"
LOGFILE="/var/log/ldapscripts.log"
LDAPSEARCHBIN="/usr/local/bin/ldapsearch"
LDAPADDBIN="/usr/local/bin/ldapadd"
LDAPDELETEBIN="/usr/local/bin/ldapdelete"
LDAPMODIFYBIN="/usr/local/bin/ldapmodify"
LDAPMODRDNBIN="/usr/local/bin/ldapmodrdn"
LDAPPASSWDBIN="/usr/local/bin/ldappasswd"
GETENTPWCMD=""
GETENTGRCMD=""
more /usr/local/etc/smb.conf
[global]
workgroup = mylocaldomain
netbios name = mylocaldomain
server string = Documents
security = user
hosts allow = 192.168.51. 192.168.50. 192.168.2. 10.11. 127.
load printers = no
log file = /var/log/samba/log.%m
max log size = 500
encrypt passwords = yes
admin users = admin
passdb backend = ldapsam:ldap://localhost/
ldap suffix = dc=mylocaldomain,dc=local
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap admin dn = "cn=root,dc=mylocaldomain,dc=local"
ldap delete dn = no
ldap ssl = off
socket options = TCP_NODELAY
local master = yes
os level = 64
domain master = yes
preferred master = yes
domain logons = yes
logon script = proxy.vbs
logon path = \\%L\Profiles\%U\%m\
logon home = \\%L\Profiles\%U\%m\
logon drive = Z:
wins support = yes
dns proxy = no
display charset = koi8-r
unix charset = koi8-r
dos charset = cp866
time server = yes
add machine script = /usr/local/sbin/ldapaddmachine '%u' computers
add user script = /usr/local/sbin/ldapadduser '%u' people
add group script = /usr/local/sbin/ldapaddgroup '%g'
add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
delete user script = /usr/local/sbin/ldapdeleteuser '%u'
delete group script = /usr/local/sbin/ldapdeletegroup '%g'
delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'
[homes]
comment = Home Directories
browseable = no
writable = yes
[netlogon]
comment = Network Logon Service
path = /usr/local/etc/samba/netlogon/
guest ok = yes
writable = no
share modes = no
browseable = no
[Profiles]
create mode = 600
directory mode = 700
path = /home
browseable = no
guest ok = yes
[data]
comment = Dump of files
path = /data
create mode = 660
directory mode = 770
public = yes
writeable = yes
write list = @people
read list = @people
Вариант для распечатки
(??) on 05-Мрт-09, 11:52 
