[Samba-it] IDMAP con LDAP di backend.
Meli Marco
Marco.Meli at gknsintermetals.com
Thu Mar 31 16:39:01 MST 2005
Ciao,
Sto lavorando con i seguenti tool:
samba-3.0.13-1 su RH9 (openldap-2.0.27-8,krb5-1.2.7-10,nss_ldap-202-5) .
Ho seguito la documentazione presente sul sito per configurare un server che
salvi gli IDMAP su un LDAP backend di seguito credo di avere riportato tutti
i file modificati escluso il file /etc/openldap/slapd.conf, di cui in
documentazione non si tiene conto, e si presentano gli errori riportati
sotto.
Ammetto di non aver mai praticato con LDAP, quindi potrei avere sbagliato
anche la configurazione, ma nessuna documentazione in merito è comunque
completa.
Come devo configurare il file /etc/openldap/slapd.conf?Dov'è l'errore?
Saluti, grazie.
Marco.
/etc/samba/smb.conf
netbios name = XXXX03
os level = 16
wins server = XXX.XXX.XXX.XXX
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
unix charset = LOCALE
workgroup = WORKGROUP
realm = PREFIX1.PREFIX2.COM
security = ADS
password server = kdc01.sinter.gkn.com
encrypt passwords = yes
winbind use default domain = Yes
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
ldap ssl = No
ldap admin dn = cn=Manager,dc=prefix1,dc=prefix2,dc=com
ldap idmap suffix = ou=Idmap
ldap suffix = dc=prefix1,dc=prefix2,dc=com
idmap backend = ldap:ldap://localhost
idmap uid = 10000-40000
idmap gid = 10000-40000
hide unreadable = Yes
template homedir = /data/user/%U
template shell = /bin/false
use sendfile = Yes
/etc/nsswitch.conf
passwd: compat ldap
shadow: compat ldap
group: compat ldap
hosts: files dns wins
/etc/ldap.conf
host 127.0.0.1
base dc=prefix1,dc=prefix2,dc=com
binddn cn=Manager,dc=prefix1,dc=prefix2,dc=com
bindpw secret
pam_password exop
nss_base_passwd ou=People,dc=prefix1,dc=prefix2,dc=com?one
nss_base_shadow ou=People,dc=prefix1,dc=prefix2,dc=com?one
nss_base_group ou=Group,dc=prefix1,dc=prefix2,dc=com?one
ssl no
/etc/openldap/idmap.ldif
dn: dc=prefix1,dc=prefix2,dc=com
objectClass: dcObject
objectClass: organization
dc: prefix1.prefix2
o: xxx
description: xxx
dn: cn=Manager,dc=prefix1,dc=prefix2,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=Idmap,dc=prefix1,dc=prefix2,dc=com
objectClass: organizationalUnit
ou: idmap
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log <FILE:/var/log/krb5libs.log>
kdc = FILE:/var/log/krb5kdc.log <FILE:/var/log/krb5kdc.log>
admin_server = FILE:/var/log/kadmind.log <FILE:/var/log/kadmind.log>
[libdefaults]
ticket_lifetime = 24000
default_realm = PREFIX1.PREFIX2.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
PREFIX1.PREFIX2.COM = {
kdc = KDC01.PREFIX1.PREFIX2.COM
}
[domain_realm]
.prefix1.prefix2.com = PREFIX1.PREFIX2.COM
prefix1.prefix2.com = PREFIX1.PREFIX2.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
/var/spool/samba/log.winbindd
[2005/03/30 17:53:26, 0] sam/idmap.c:idmap_init(138)
idmap_init: failed to initialize remote backend!
[2005/03/30 17:53:26, 1] nsswitch/winbindd.c:main(897)
Could not init idmap -- netlogon proxy only
[2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
error getting user id for sid
S-1-5-21-597916725-1483147915-620655208-19426
[2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
error getting user id for sid
S-1-5-21-597916725-1483147915-620655208-19426
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/samba-it/attachments/20050331/0bf81d4a/attachment.html>
More information about the samba-it
mailing list