pomalá Samba s LDAP
"Ing. Jiří Nováček"
jnovacek na spst.cz
Pondělí Srpen 4 20:23:44 CEST 2008
Dobrý den,
už delší dobu se snažím rozumně rozběhat Sambu společně s LDAP, ale
pořád to je nějaké divné.
Když nakonfiguruji samotnou Sambu tak jede perfektně. Provedu si
nastavení LDAP a to se zdá také dobré. Do konfiguráků od Samby přidám
napojení na LDAP a vše se hrozně zpomalí. Přihlášení do domény je hrůza,
načtení profilu trvá také dlouho. Po přihlášení je potom problém s
prvním přístupem na Samba sdílený disk. Po jeho načtení však vše jede
zase perfektně. Odhlášení je opět na kávu.
Setkal se někdo s něčím takovým. Sambu a LDAP jsem konfiguroval různě
podle návodů z netu. Konfiguráky jsou na konci.
Pak mám ještě další dotaz. Používal jsem Novell Netware, ale časy se
mění. Tam jsem měl vytvořeny "ou" pro jednotlivé třídy a v těchto "o"u
jsem měl studenty. Každý student se přihlašoval pomoci svého jména a
příslušného ou (novacek.str2). Je možné tohoto docílit i v Sambě s LDAP.
Snad ještě systém openSUSE 11 (KDE 3.5.9), openLDAP 2.4.9, Samba 3.2.0
Předem děkuji
Nováček
soubor smb.conf
# # Primary Domain Controller smb.conf
# # Global parameters
[global]
unix charset = LOCALE
workgroup = spstl
netbios name = a01l
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
name resolve order = wins bcast hosts
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon script = logon.bat
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = G:
time server = Yes
domain logons = Yes
domain master = Yes
wins support = Yes
local master = Yes
os level = 65
preferred master = Yes
security = domain
# peformance optimization all users stored in ldap
ldapsam:trusted = yes
ldap suffix = dc=spstl
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=sambaadmin,dc=spstl
idmap backend = ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
printcap name = CUPS
printer admin = root
printing = cups
#========================Share Definitions=========================
[homes]
comment = Home Directories
valid users = %S
browseable = yes
writable = yes
create mask = 0600
directory mask = 0700
[sysvol]
path = /samba/sysvol
read only = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
writeable = yes
browseable = yes
read only = no
[profiles]
path = %H
writeable = yes
browseable = no
read only = no
create mode = 0777
directory mode = 0777
---
soubor slapd.conf
#path: /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
modulepath /usr/lib/openldap/modules/
# moduleload back_bdb.la
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Samba Primary Database spst
loglevel 0
database bdb
suffix "dc=spstl"
directory /var/lib/ldap/
rootdn "cn=Manager,dc=spstl"
rootpw "{ssha}sifrovaneheslo"
index entryCSN eq
index entryUUID eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by dn="cn=sambaadmin,dc=spstl" write
by * auth
access to *
by dn="cn=sambaadmin,dc=spstl" write
by * read
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
---
soubor smbldap.conf
SID="S-1-5-21-3876946720-xxxxxx"
sambaDomain="spstl"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify=""
cafile=""
clientcert=""
clientkey=""
suffix="dc=spstl"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=spstl,ou=Domains,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format=""
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\%L\%U\.9xprofile"
userProfile="\\%L\profiles\.msprofile"
userHomeDrive="G:"
userScript="logon.bat"
mailDomain=""
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
---
Soubor spst.ldif pro naplnění LDAP
# SAMBA LDAP PRELOAD
# SID S-1-5-21-3876946720-xxxxx
dn: dc=spstl
objectClass: dcObject
objectClass: organization
dc: spstl
o: SPSTL
description: Posix and Samba LDAP Identity Database
dn: cn=Manager,dc=spstl
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: cn=syncuser,dc=spstl
objectClass: person
cn: syncuser
sn: syncuser
userPassword: SyncUser
dn: cn=sambaadmin,dc=spstl
objectClass: person
cn: sambaadmin
sn: sambaadmin
userPassword: SambaAdmin
dn: cn=mailadmin,dc=spstl
objectClass: person
cn: mailadmin
sn: mailadmin
userPassword: MailAdmin
dn: ou=Users,dc=spstl
objectClass: top
objectClass: organizationalUnit
ou: Users
dn: ou=Computers,dc=spstl
objectClass: top
objectClass: organizationalUnit
ou: Computers
dn: ou=Groups,dc=spstl
objectClass: top
objectClass: organizationalUnit
ou: Groups
dn: ou=Idmap,dc=spstl
objectClass: top
objectClass: organizationalUnit
ou: Idmap
dn: ou=Domains,dc=spstl
objectClass: top
objectClass: organizationalUnit
ou: Domains
dn: sambaDomainName=SPSTL,ou=Domains,dc=spstl
objectClass: sambaDomain
objectClass: sambaUnixIdPool
uidNumber: 1000
gidNumber: 1000
sambaDomainName: SPSTL
sambaSID: S-1-5-21-3876946720-xxxxx
sambaAlgorithmicRidBase: 1000
structuralObjectClass: sambaDomain
dn: cn=Domain Admins,ou=Groups,dc=spstl
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
sambaSID: S-1-5-21-3876946720-xxxxx-512
sambaGroupType: 2
displayName: Domain Admins
description: Domain Administrators
dn: cn=Domain Users,ou=Groups,dc=spstl
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
sambaSID: S-1-5-21-3876946720-xxxxx-513
sambaGroupType: 2
displayName: Domain Users
description: Domain Users
dn: cn=Domain Guests,ou=Groups,dc=spstl
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
sambaSID: S-1-5-21-3876946720-xxxxx-514
sambaGroupType: 2
displayName: Domain Guests
description: Domain Guests
dn: cn=Domain Computers,ou=Groups,dc=spstl
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
sambaSID: S-1-5-21-3876946720-xxxxx-515
sambaGroupType: 2
displayName: Domain Computers
description: Domain Computers
dn: cn=Administrators,ou=Groups,dc=spstl
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
sambaSID: S-1-5-21-3876946720-xxxxx-544
sambaGroupType: 5
displayName: Administrators
description: Administrators
dn: cn=Account Operators,ou=Groups,dc=spstl
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
sambaSID: S-1-5-21-3876946720-xxxxx-548
sambaGroupType: 5
displayName: Account Operators
description: Account Operators
dn: cn=Print Operators,ou=Groups,dc=spstl
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
sambaSID: S-1-5-21-3876946720-xxxxx-550
sambaGroupType: 5
displayName: Print Operators
description: Print Operators
dn: cn=Backup Operators,ou=Groups,dc=spstl
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
sambaSID: S-1-5-21-3876946720-xxxxx-551
sambaGroupType: 5
displayName: Backup Operators
description: Backup Operators
dn: cn=Replicators,ou=Groups,dc=spstl
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
sambaSID: S-1-5-21-3876946720-xxxxx-552
sambaGroupType: 5
displayName: Replicators
description: Replicators
Další informace o konferenci Linux