samba+ldap
Milan Ježek
milan.jezek na bierhanzl.cz
Středa Květen 18 13:36:40 CEST 2005
Tak jsem se malinko posunul. slapd, který jsem instaloval (debian
stable) není kompilován s TLS. Ale jak nastavit sambu, aby TLS
nepotřebovala? (samba 3.0.14a Debian)
Milan Ježek napsal(a):
> Dobrý den,
> chci zprovoznit sambu s ldap, ale nějak se mi nedaří.
> při pokusu sambu spustit nebo jen smbpasswd mi to vyhodí následující:
>
> Failed to issue the StartTLS instruction: Not Supported
> Connection to LDAP server failed for the 1 try!
> Failed to issue the StartTLS instruction: Not Supported
> Connection to LDAP server failed for the 2 try!
> .
> .
> Connection to LDAP server failed for the 15 try!
> Failed to issue the StartTLS instruction: Not Supported
> smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed
> out)
> Interupted by signal.
>
> kde mám chybu?
>
> přikládám části conf souborů
>
> slapd.conf
> **********
> # This is the main ldapd configuration file. See slapd.conf(5) for more
> # info on the configuration options.
>
> # Schema and objectClass definitions
> include /etc/ldap/schema/core.schema
> include /etc/ldap/schema/cosine.schema
> include /etc/ldap/schema/nis.schema
> include /etc/ldap/schema/inetorgperson.schema
> include /etc/ldap/schema/samba.schema
>
> # Schema check allows for forcing entries to
> # match schemas for their objectClasses's
> schemacheck on
>
> # Where the pid file is put. The init.d script
> # will not stop the server if you change this.
> pidfile /var/run/slapd.pid
>
> # List of arguments that were passed to the server
> argsfile /var/run/slapd.args
>
> # Where to store the replica logs
> replogfile /var/lib/ldap/replog
>
> # Read slapd.conf(5) for possible values
> loglevel 15
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> # The backend type, ldbm, is the default standard
> database ldbm
>
> # The base of your directory
> suffix "o=bierhanzl,c=cz"
>
> # Where the database file are physically stored
> directory "/var/lib/ldap"
>
> # Indexing options
> index objectClass eq
>
> # Save the time that the entry gets modified
> lastmod on
>
> # The userPassword by default can be changed
> # by the entry owning it if they are authenticated.
> # Others should not be able to see it, except the
> # admin entry below
> access to attribute=userPassword
> by dn="cn=admin,o=bierhanzl,c=cz" write
> by anonymous auth
> by self write
> by * none
> #access to attribute=userPassword
> # by dn="cn=Manager,o=bierhanzl,c=cz" write
> # by anonymous auth
> # by self write
> # by * none
>
> # The admin dn has full write access
> access to *
> by dn="cn=admin,o=bierhanzl,c=cz" write
> by * read
> #access to *
> # by dn="cn=Manager,o=bierhanzl,c=cz" write
> # by * read
>
> # For Netscape Roaming support, each user gets a roaming
> # profile for which they have write access to
> access to dn=".*,ou=Roaming,o=morsnet"
> by dn="cn=admin,o=bierhanzl,c=cz" write
> by dnattr=owner write
>
>
>
>
> smb.conf
> *********
> passdb backend = ldapsam:ldap://127.0.0.1/
> # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
> ldap admin dn = uid=samba,ou=Users,ou=bierhanzl,c=cz
> ldap suffix = ou=bierhanzl,c=cz
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Users
> ldap ssl = start tls
> add user script = /etc/samba/ldap/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> #delete user script = /etc/samba/ldap/smbldap-userdel "%u"
> add machine script = /etc/samba/ldap/smbldap-useradd -w "%u"
> add group script = /etc/samba/ldap/smbldap-groupadd -p "%g"
> #delete group script = /etc/samba/ldap/smbldap-groupdel "%g"
> add user to group script = /etc/samba/ldap/smbldap-groupmod -m
> "%u" "%g"
> delete user from group script = /etc/samba/ldap/smbldap-groupmod
> -x "%u" "%g"
> set primary group script = /etc/samba/ldap/smbldap-usermod -g
> "%g" "%u"
>
> ldap admin dn = "cn=Manager,ou=bierhanzl,c=cz"
> # ldap admin dn = "cn=admin,ou=bierhanzl,c=cz"
> ldap delete dn = No
> ldap suffix = ou=bierhnazl,c=cz
> ldap machine suffix = ou=Computers
> ldap group suffix = ou=Groups
> ldap user suffix = ou=People
> ldap passwd sync = Yes
>
>
>
>
> výpis slapcat
> *************
> dn: o=bierhanzl,c=cz
> objectClass: organization
> o: bierhanzl
>
> dn: cn=admin,o=bierhanzl,c=cz
> objectClass: organizationalRole
> objectClass: simpleSecurityObject
> cn: admin
> description: LDAP administrator
> userPassword:: e0NSWVBUfW5CVkdDeTVhWjdzMFk=
>
> dn: ou=People,o=bierhanzl,c=cz
> objectClass: organizationalUnit
> ou: People
>
> dn: ou=Roaming,o=bierhanzl,c=cz
> objectClass: organizationalUnit
> ou: Roaming
>
> dn: cn=Manager,o=bierhanzl,c=cz
> objectClass: top
> objectClass: organizationalRole
> objectClass: simpleSecurityObject
> cn: Manager
> description: Directory Manager
> userPassword:: e1NTSEF9OSttUW9PSEdHWnNKNnpEekVtdTUydFU4RnZGMkxVQkI=
>
>
> předem díky za radu
>
Další informace o konferenci Linux