samba & domenove prihlasovani
David Sauer
davids na jelly.cz
Čtvrtek Červen 21 09:21:34 CEST 2001
Zdravim konferenci,
mam nasledujici situaci v siti:
sit 192.168.0/24
nekolik klientu win95, nekolik win98 a 2x NT server a 1 suse linux 7.1.
2 domeny: DOMENA a DOMENA2
(DOMENA2 jsem zalozil po dobu testovani, nez linux prevezme domenu
DOMENA)
soucasny stav: klienti se prihlasuji do domeny DOMENA pres NT server.
nicmene pocet uzivatelu roste a dosahne 50 - 100 a licecni politika MS
nepreje tomuto rustu.
Master pro DOMENA je jeden z tech NT serveru.
Master pro DOMENA2 je ten linux.
plan: umoznit logovani do DOMENA2 (ale domena muze byt ve vysledku
klidne i jen jedna)
na ten linux, tak aby ty NT servery
nebylo treba rozsirovat, nicmene tam zustanou (ale uz nebudou slouzit
pro login do domeny)
Problem:
Samba 2.2.0 umoznujici spolupraci s NT ma zatim nejake problemy se
zamykanim souboru a to tak velke, ze ji nelze pouzit, nicmene logovani
do domeny DOMENA2 bezi (uzivatele vyplni jmeno, heslo a DOMENA2 a
zaloguje se).
Proto jsem downgradoval na sambu 2.0.9, ktera zamyka svele, ale zase
neumozni zalogovani do domeny DOMENA2 (jako by vubec nedostala pozadavek
od klienta). Klient vyhodi po nejake minute nasledujici chybu:
"Zadane heslo pro domenu neni spravne, nebo je pristup k prihlasovacimu
serveru zakazany."
konfigurace: (tahle je pro 2.0.9, ale pro 2.2.0 je stejna)
# Samba config file created using SWAT
# from 192.168.0.1 (192.168.0.1)
# Date: 2001/06/20 15:07:38
# Global parameters
[global]
coding system = iso8859-2
client code page = 852
workgroup = DOMENA2
netbios name = LINUX
interfaces = lo eth0 127.0.0.1 192.168.0.100
encrypt passwords = Yes
update encrypted = Yes
map to guest = Bad User
passwd program = /usr/bin/passwd
unix password sync = Yes
debug level = 0
syslog = 0
log file = /var/log/smb/smb.log
name resolve order = lmhosts wins bcast
deadtime = 10
keepalive = 180
logon script = login.bat
logon path =
logon home =
domain logons = Yes
os level = 39
lm announce = True
preferred master = Yes
domain master = Yes
wins support = Yes
lock directory = /var/samba/locks/
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
hosts allow = 192.168. 127.
[homes]
comment = Home Directories
writeable = Yes
create mask = 0750
browseable = No
[netlogon]
path = /var/samba/shares/netlogon/
[hplj1200]
comment = printer
path = /var/samba/printers/printer/
writeable = Yes
create mask = 0700
printable = Yes
printer = printer
[Abra1]
path = /var/samba/shares/abra1/
writeable = Yes
[cdrom]
path = /cdrom
root preexec = /bin/mount /cdrom
root postexec = /bin/umount /cdrom
volume = CDROM
pokud nekoho neco napada ....
--
* David Sauer, linux programmer and system administrator.
Další informace o konferenci Linux