samba+ldap
Milan Ježek
milan.jezek na bierhanzl.cz
Středa Květen 18 11:56:25 CEST 2005
Dobrý den,
chci zprovoznit sambu s ldap, ale nějak se mi nedaří.
při pokusu sambu spustit nebo jen smbpasswd mi to vyhodí následující:
Failed to issue the StartTLS instruction: Not Supported
Connection to LDAP server failed for the 1 try!
Failed to issue the StartTLS instruction: Not Supported
Connection to LDAP server failed for the 2 try!
.
.
Connection to LDAP server failed for the 15 try!
Failed to issue the StartTLS instruction: Not Supported
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
Interupted by signal.
kde mám chybu?
přikládám části conf souborů
slapd.conf
**********
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 15
#######################################################################
# ldbm database definitions
#######################################################################
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "o=bierhanzl,c=cz"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Indexing options
index objectClass eq
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by dn="cn=admin,o=bierhanzl,c=cz" write
by anonymous auth
by self write
by * none
#access to attribute=userPassword
# by dn="cn=Manager,o=bierhanzl,c=cz" write
# by anonymous auth
# by self write
# by * none
# The admin dn has full write access
access to *
by dn="cn=admin,o=bierhanzl,c=cz" write
by * read
#access to *
# by dn="cn=Manager,o=bierhanzl,c=cz" write
# by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,ou=Roaming,o=morsnet"
by dn="cn=admin,o=bierhanzl,c=cz" write
by dnattr=owner write
smb.conf
*********
passdb backend = ldapsam:ldap://127.0.0.1/
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = uid=samba,ou=Users,ou=bierhanzl,c=cz
ldap suffix = ou=bierhanzl,c=cz
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = start tls
add user script = /etc/samba/ldap/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /etc/samba/ldap/smbldap-userdel "%u"
add machine script = /etc/samba/ldap/smbldap-useradd -w "%u"
add group script = /etc/samba/ldap/smbldap-groupadd -p "%g"
#delete group script = /etc/samba/ldap/smbldap-groupdel "%g"
add user to group script = /etc/samba/ldap/smbldap-groupmod -m
"%u" "%g"
delete user from group script =
/etc/samba/ldap/smbldap-groupmod -x "%u" "%g"
set primary group script = /etc/samba/ldap/smbldap-usermod -g
"%g" "%u"
ldap admin dn = "cn=Manager,ou=bierhanzl,c=cz"
# ldap admin dn = "cn=admin,ou=bierhanzl,c=cz"
ldap delete dn = No
ldap suffix = ou=bierhnazl,c=cz
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap passwd sync = Yes
výpis slapcat
*************
dn: o=bierhanzl,c=cz
objectClass: organization
o: bierhanzl
dn: cn=admin,o=bierhanzl,c=cz
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
description: LDAP administrator
userPassword:: e0NSWVBUfW5CVkdDeTVhWjdzMFk=
dn: ou=People,o=bierhanzl,c=cz
objectClass: organizationalUnit
ou: People
dn: ou=Roaming,o=bierhanzl,c=cz
objectClass: organizationalUnit
ou: Roaming
dn: cn=Manager,o=bierhanzl,c=cz
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: Manager
description: Directory Manager
userPassword:: e1NTSEF9OSttUW9PSEdHWnNKNnpEekVtdTUydFU4RnZGMkxVQkI=
předem díky za radu
Další informace o konferenci Linux