samba+ldap

[Milan Ježek]

Tak jsem se malinko posunul. slapd, který jsem instaloval (debian 
stable) není kompilován s TLS. Ale jak nastavit sambu, aby TLS 
nepotřebovala? (samba 3.0.14a Debian)


Milan Ježek napsal(a):
> Dobrý den,
> chci zprovoznit sambu s ldap, ale nějak se mi nedaří.
> při pokusu sambu spustit nebo jen smbpasswd mi to vyhodí následující:
> 
> Failed to issue the StartTLS instruction: Not Supported
> Connection to LDAP server failed for the 1 try!
> Failed to issue the StartTLS instruction: Not Supported
> Connection to LDAP server failed for the 2 try!
> .
> .
> Connection to LDAP server failed for the 15 try!
> Failed to issue the StartTLS instruction: Not Supported
> smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed 
> out)
> Interupted by signal.
> 
> kde mám chybu?
> 
> přikládám části conf souborů
> 
> slapd.conf
> **********
> # This is the main ldapd configuration file. See slapd.conf(5) for more
> # info on the configuration options.
> 
> # Schema and objectClass definitions
> include         /etc/ldap/schema/core.schema
> include         /etc/ldap/schema/cosine.schema
> include         /etc/ldap/schema/nis.schema
> include         /etc/ldap/schema/inetorgperson.schema
> include         /etc/ldap/schema/samba.schema
> 
> # Schema check allows for forcing entries to
> # match schemas for their objectClasses's
> schemacheck     on
> 
> # Where the pid file is put. The init.d script
> # will not stop the server if you change this.
> pidfile         /var/run/slapd.pid
> 
> # List of arguments that were passed to the server
> argsfile        /var/run/slapd.args
> 
> # Where to store the replica logs
> replogfile    /var/lib/ldap/replog
> 
> # Read slapd.conf(5) for possible values
> loglevel        15
> 
> #######################################################################
> # ldbm database definitions
> #######################################################################
> 
> # The backend type, ldbm, is the default standard
> database        ldbm
> 
> # The base of your directory
> suffix          "o=bierhanzl,c=cz"
> 
> # Where the database file are physically stored
> directory       "/var/lib/ldap"
> 
> # Indexing options
> index objectClass eq
> 
> # Save the time that the entry gets modified
> lastmod on
> 
> # The userPassword by default can be changed
> # by the entry owning it if they are authenticated.
> # Others should not be able to see it, except the
> # admin entry below
> access to attribute=userPassword
>         by dn="cn=admin,o=bierhanzl,c=cz" write
>         by anonymous auth
>         by self write
>         by * none
> #access to attribute=userPassword
> #        by dn="cn=Manager,o=bierhanzl,c=cz" write
> #        by anonymous auth
> #        by self write
> #        by * none
> 
> # The admin dn has full write access
> access to *
>         by dn="cn=admin,o=bierhanzl,c=cz" write
>         by * read
> #access to *
> #        by dn="cn=Manager,o=bierhanzl,c=cz" write
> #        by * read
> 
> # For Netscape Roaming support, each user gets a roaming
> # profile for which they have write access to
> access to dn=".*,ou=Roaming,o=morsnet"
>         by dn="cn=admin,o=bierhanzl,c=cz" write
>         by dnattr=owner write
> 
> 
> 
> 
> smb.conf
> *********
>    passdb backend = ldapsam:ldap://127.0.0.1/
>     # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
>         ldap admin dn = uid=samba,ou=Users,ou=bierhanzl,c=cz
>         ldap suffix = ou=bierhanzl,c=cz
>         ldap group suffix = ou=Groups
>         ldap user suffix = ou=Users
>         ldap machine suffix = ou=Computers
>         ldap idmap suffix = ou=Users
>         ldap ssl = start tls
>         add user script = /etc/samba/ldap/smbldap-useradd -m "%u"
>         ldap delete dn = Yes
>         #delete user script = /etc/samba/ldap/smbldap-userdel "%u"
>         add machine script = /etc/samba/ldap/smbldap-useradd -w "%u"
>         add group script = /etc/samba/ldap/smbldap-groupadd -p "%g"
>         #delete group script = /etc/samba/ldap/smbldap-groupdel "%g"
>         add user to group script = /etc/samba/ldap/smbldap-groupmod -m 
> "%u" "%g"
>         delete user from group script = /etc/samba/ldap/smbldap-groupmod 
> -x "%u" "%g"
>         set primary group script = /etc/samba/ldap/smbldap-usermod -g 
> "%g" "%u"
>     
>     ldap admin dn = "cn=Manager,ou=bierhanzl,c=cz"
> #    ldap admin dn = "cn=admin,ou=bierhanzl,c=cz"
>     ldap delete dn = No
>     ldap suffix = ou=bierhnazl,c=cz
>     ldap machine suffix = ou=Computers
>     ldap group suffix = ou=Groups
>     ldap user suffix = ou=People
>     ldap passwd sync = Yes
> 
> 
> 
> 
> výpis slapcat
> *************
> dn: o=bierhanzl,c=cz
> objectClass: organization
> o: bierhanzl
> 
> dn: cn=admin,o=bierhanzl,c=cz
> objectClass: organizationalRole
> objectClass: simpleSecurityObject
> cn: admin
> description: LDAP administrator
> userPassword:: e0NSWVBUfW5CVkdDeTVhWjdzMFk=
> 
> dn: ou=People,o=bierhanzl,c=cz
> objectClass: organizationalUnit
> ou: People
> 
> dn: ou=Roaming,o=bierhanzl,c=cz
> objectClass: organizationalUnit
> ou: Roaming
> 
> dn: cn=Manager,o=bierhanzl,c=cz
> objectClass: top
> objectClass: organizationalRole
> objectClass: simpleSecurityObject
> cn: Manager
> description: Directory Manager
> userPassword:: e1NTSEF9OSttUW9PSEdHWnNKNnpEekVtdTUydFU4RnZGMkxVQkI=
> 
> 
> předem díky za radu
>