samba+ldap

Milan Ježek milan.jezek na bierhanzl.cz
Středa Květen 18 11:56:25 CEST 2005 

Dobrý den,
chci zprovoznit sambu s ldap, ale nějak se mi nedaří.
při pokusu sambu spustit nebo jen smbpasswd mi to vyhodí následující:

Failed to issue the StartTLS instruction: Not Supported
Connection to LDAP server failed for the 1 try!
Failed to issue the StartTLS instruction: Not Supported
Connection to LDAP server failed for the 2 try!
.
.
Connection to LDAP server failed for the 15 try!
Failed to issue the StartTLS instruction: Not Supported
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
Interupted by signal.

kde mám chybu?

přikládám části conf souborů

slapd.conf
**********
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema

# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck     on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd.args

# Where to store the replica logs
replogfile	/var/lib/ldap/replog

# Read slapd.conf(5) for possible values
loglevel        15

#######################################################################
# ldbm database definitions
#######################################################################

# The backend type, ldbm, is the default standard
database        ldbm

# The base of your directory
suffix          "o=bierhanzl,c=cz"

# Where the database file are physically stored
directory       "/var/lib/ldap"

# Indexing options
index objectClass eq

# Save the time that the entry gets modified
lastmod on

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
         by dn="cn=admin,o=bierhanzl,c=cz" write
         by anonymous auth
         by self write
         by * none
#access to attribute=userPassword
#        by dn="cn=Manager,o=bierhanzl,c=cz" write
#        by anonymous auth
#        by self write
#        by * none

# The admin dn has full write access
access to *
         by dn="cn=admin,o=bierhanzl,c=cz" write
         by * read
#access to *
#        by dn="cn=Manager,o=bierhanzl,c=cz" write
#        by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,ou=Roaming,o=morsnet"
         by dn="cn=admin,o=bierhanzl,c=cz" write
         by dnattr=owner write




smb.conf
*********
    passdb backend = ldapsam:ldap://127.0.0.1/
	# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
         ldap admin dn = uid=samba,ou=Users,ou=bierhanzl,c=cz
         ldap suffix = ou=bierhanzl,c=cz
         ldap group suffix = ou=Groups
         ldap user suffix = ou=Users
         ldap machine suffix = ou=Computers
         ldap idmap suffix = ou=Users
         ldap ssl = start tls
         add user script = /etc/samba/ldap/smbldap-useradd -m "%u"
         ldap delete dn = Yes
         #delete user script = /etc/samba/ldap/smbldap-userdel "%u"
         add machine script = /etc/samba/ldap/smbldap-useradd -w "%u"
         add group script = /etc/samba/ldap/smbldap-groupadd -p "%g"
         #delete group script = /etc/samba/ldap/smbldap-groupdel "%g"
         add user to group script = /etc/samba/ldap/smbldap-groupmod -m 
"%u" "%g"
         delete user from group script = 
/etc/samba/ldap/smbldap-groupmod -x "%u" "%g"
         set primary group script = /etc/samba/ldap/smbldap-usermod -g 
"%g" "%u"
	
	ldap admin dn = "cn=Manager,ou=bierhanzl,c=cz"
#	ldap admin dn = "cn=admin,ou=bierhanzl,c=cz"
	ldap delete dn = No
	ldap suffix = ou=bierhnazl,c=cz
	ldap machine suffix = ou=Computers
	ldap group suffix = ou=Groups
	ldap user suffix = ou=People
	ldap passwd sync = Yes




výpis slapcat
*************
dn: o=bierhanzl,c=cz
objectClass: organization
o: bierhanzl

dn: cn=admin,o=bierhanzl,c=cz
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
description: LDAP administrator
userPassword:: e0NSWVBUfW5CVkdDeTVhWjdzMFk=

dn: ou=People,o=bierhanzl,c=cz
objectClass: organizationalUnit
ou: People

dn: ou=Roaming,o=bierhanzl,c=cz
objectClass: organizationalUnit
ou: Roaming

dn: cn=Manager,o=bierhanzl,c=cz
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: Manager
description: Directory Manager
userPassword:: e1NTSEF9OSttUW9PSEdHWnNKNnpEekVtdTUydFU4RnZGMkxVQkI=


předem díky za radu

Další informace o konferenci Linux