[Samba-it] IDMAP con LDAP di backend.

Simo Sorce simo.sorce at xsec.it
Thu Mar 31 23:00:01 MST 2005 

Primo:
http://www.expita.com/nomime.html
Configuring Mail Clients to Send Plain ASCII Text

Secondo:
Complimenti per l'ottimo modo di presentare il problema, fornire tutti i
dati è la cosa migliore che si possa fare.

Terzo:
Hai dato in pasto a samba la password di manager di ldap?
Hai cocnfigurato slapd in modo da includere l'ultimo schema disponibile
di samba3 (samba.schema) ?

On Thu, 2005-03-31 at 16:38 +0200, Meli Marco wrote:
> Ciao, 
> Sto lavorando con i seguenti tool: 
> samba-3.0.13-1 su RH9
> (openldap-2.0.27-8,krb5-1.2.7-10,nss_ldap-202-5) . 
> Ho seguito la documentazione presente sul sito per configurare un
> server che salvi gli IDMAP su un LDAP backend di seguito credo di
> avere riportato tutti i file modificati escluso il
> file /etc/openldap/slapd.conf, di cui in documentazione non si tiene
> conto, e si presentano gli errori riportati sotto.
> 
> Ammetto di non aver mai praticato con LDAP, quindi potrei avere
> sbagliato anche la configurazione, ma nessuna documentazione in merito
> è comunque completa.
> 
> Come devo configurare il file /etc/openldap/slapd.conf?Dov'è
> l'errore? 
> Saluti, grazie. 
> Marco. 
> 
> /etc/samba/smb.conf 
>         netbios name = XXXX03 
>         os level = 16 
>         wins server = XXX.XXX.XXX.XXX 
>         socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE 
>         unix charset = LOCALE 
>         workgroup = WORKGROUP 
>         realm = PREFIX1.PREFIX2.COM 
>         security = ADS 
>         password server = kdc01.sinter.gkn.com 
>         encrypt passwords = yes 
>         winbind use default domain = Yes 
>         winbind separator = / 
>         winbind enum users = Yes 
>         winbind enum groups = Yes 
>         ldap ssl = No 
>         ldap admin dn = cn=Manager,dc=prefix1,dc=prefix2,dc=com 
>         ldap idmap suffix = ou=Idmap 
>         ldap suffix = dc=prefix1,dc=prefix2,dc=com 
>         idmap backend = ldap:ldap://localhost 
>         idmap uid = 10000-40000 
>         idmap gid = 10000-40000 
>         hide unreadable = Yes 
>         template homedir = /data/user/%U 
>         template shell = /bin/false 
>         use sendfile = Yes
> 
> /etc/nsswitch.conf 
> passwd:     compat ldap 
> shadow:     compat ldap 
> group:        compat ldap 
> hosts:        files dns wins
> 
> /etc/ldap.conf 
> host 127.0.0.1 
> base dc=prefix1,dc=prefix2,dc=com 
> binddn cn=Manager,dc=prefix1,dc=prefix2,dc=com 
> bindpw secret 
> pam_password exop 
> nss_base_passwd         ou=People,dc=prefix1,dc=prefix2,dc=com?one 
> nss_base_shadow         ou=People,dc=prefix1,dc=prefix2,dc=com?one 
> nss_base_group          ou=Group,dc=prefix1,dc=prefix2,dc=com?one 
> ssl no
> 
> /etc/openldap/idmap.ldif 
> dn: dc=prefix1,dc=prefix2,dc=com 
> objectClass: dcObject 
> objectClass: organization 
> dc: prefix1.prefix2 
> o: xxx 
> description: xxx
> 
> dn: cn=Manager,dc=prefix1,dc=prefix2,dc=com 
> objectClass: organizationalRole 
> cn: Manager 
> description: Directory Manager
> 
> dn: ou=Idmap,dc=prefix1,dc=prefix2,dc=com 
> objectClass: organizationalUnit 
> ou: idmap
> 
> /etc/krb5.conf 
> [logging] 
>  default = FILE:/var/log/krb5libs.log 
>  kdc = FILE:/var/log/krb5kdc.log 
>  admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults] 
>  ticket_lifetime = 24000 
>  default_realm = PREFIX1.PREFIX2.COM 
>  dns_lookup_realm = false 
>  dns_lookup_kdc = false
> 
> [realms] 
>  PREFIX1.PREFIX2.COM = { 
>   kdc = KDC01.PREFIX1.PREFIX2.COM 
>  }
> 
> [domain_realm] 
>  .prefix1.prefix2.com = PREFIX1.PREFIX2.COM 
>  prefix1.prefix2.com = PREFIX1.PREFIX2.COM
> 
> [kdc] 
>  profile = /var/kerberos/krb5kdc/kdc.conf
> 
> [appdefaults] 
>  pam = { 
>    debug = false 
>    ticket_lifetime = 36000 
>    renew_lifetime = 36000 
>    forwardable = true 
>    krb4_convert = false
> 
> /var/spool/samba/log.winbindd 
> [2005/03/30 17:53:26, 0] sam/idmap.c:idmap_init(138) 
>   idmap_init: failed to initialize remote backend! 
> [2005/03/30 17:53:26, 1] nsswitch/winbindd.c:main(897) 
>   Could not init idmap -- netlogon proxy only 
> [2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent
> (50) 
>   error getting user id for sid
> S-1-5-21-597916725-1483147915-620655208-19426 
> [2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent
> (50) 
>   error getting user id for sid
> S-1-5-21-597916725-1483147915-620655208-19426
> 
-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Garofalo, 39 - 20133 - Milano
mobile: +39 329 328 7702
tel. +39 02 2953 4143 - fax: +39 02 700 442 399

More information about the samba-it mailing list