[Samba-it] IDMAP con LDAP di backend.
Simo Sorce
simo.sorce at xsec.it
Thu Mar 31 23:00:01 MST 2005
Primo:
http://www.expita.com/nomime.html
Configuring Mail Clients to Send Plain ASCII Text
Secondo:
Complimenti per l'ottimo modo di presentare il problema, fornire tutti i
dati è la cosa migliore che si possa fare.
Terzo:
Hai dato in pasto a samba la password di manager di ldap?
Hai cocnfigurato slapd in modo da includere l'ultimo schema disponibile
di samba3 (samba.schema) ?
On Thu, 2005-03-31 at 16:38 +0200, Meli Marco wrote:
> Ciao,
> Sto lavorando con i seguenti tool:
> samba-3.0.13-1 su RH9
> (openldap-2.0.27-8,krb5-1.2.7-10,nss_ldap-202-5) .
> Ho seguito la documentazione presente sul sito per configurare un
> server che salvi gli IDMAP su un LDAP backend di seguito credo di
> avere riportato tutti i file modificati escluso il
> file /etc/openldap/slapd.conf, di cui in documentazione non si tiene
> conto, e si presentano gli errori riportati sotto.
>
> Ammetto di non aver mai praticato con LDAP, quindi potrei avere
> sbagliato anche la configurazione, ma nessuna documentazione in merito
> è comunque completa.
>
> Come devo configurare il file /etc/openldap/slapd.conf?Dov'è
> l'errore?
> Saluti, grazie.
> Marco.
>
> /etc/samba/smb.conf
> netbios name = XXXX03
> os level = 16
> wins server = XXX.XXX.XXX.XXX
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
> unix charset = LOCALE
> workgroup = WORKGROUP
> realm = PREFIX1.PREFIX2.COM
> security = ADS
> password server = kdc01.sinter.gkn.com
> encrypt passwords = yes
> winbind use default domain = Yes
> winbind separator = /
> winbind enum users = Yes
> winbind enum groups = Yes
> ldap ssl = No
> ldap admin dn = cn=Manager,dc=prefix1,dc=prefix2,dc=com
> ldap idmap suffix = ou=Idmap
> ldap suffix = dc=prefix1,dc=prefix2,dc=com
> idmap backend = ldap:ldap://localhost
> idmap uid = 10000-40000
> idmap gid = 10000-40000
> hide unreadable = Yes
> template homedir = /data/user/%U
> template shell = /bin/false
> use sendfile = Yes
>
> /etc/nsswitch.conf
> passwd: compat ldap
> shadow: compat ldap
> group: compat ldap
> hosts: files dns wins
>
> /etc/ldap.conf
> host 127.0.0.1
> base dc=prefix1,dc=prefix2,dc=com
> binddn cn=Manager,dc=prefix1,dc=prefix2,dc=com
> bindpw secret
> pam_password exop
> nss_base_passwd ou=People,dc=prefix1,dc=prefix2,dc=com?one
> nss_base_shadow ou=People,dc=prefix1,dc=prefix2,dc=com?one
> nss_base_group ou=Group,dc=prefix1,dc=prefix2,dc=com?one
> ssl no
>
> /etc/openldap/idmap.ldif
> dn: dc=prefix1,dc=prefix2,dc=com
> objectClass: dcObject
> objectClass: organization
> dc: prefix1.prefix2
> o: xxx
> description: xxx
>
> dn: cn=Manager,dc=prefix1,dc=prefix2,dc=com
> objectClass: organizationalRole
> cn: Manager
> description: Directory Manager
>
> dn: ou=Idmap,dc=prefix1,dc=prefix2,dc=com
> objectClass: organizationalUnit
> ou: idmap
>
> /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = PREFIX1.PREFIX2.COM
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> PREFIX1.PREFIX2.COM = {
> kdc = KDC01.PREFIX1.PREFIX2.COM
> }
>
> [domain_realm]
> .prefix1.prefix2.com = PREFIX1.PREFIX2.COM
> prefix1.prefix2.com = PREFIX1.PREFIX2.COM
>
> [kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
>
> /var/spool/samba/log.winbindd
> [2005/03/30 17:53:26, 0] sam/idmap.c:idmap_init(138)
> idmap_init: failed to initialize remote backend!
> [2005/03/30 17:53:26, 1] nsswitch/winbindd.c:main(897)
> Could not init idmap -- netlogon proxy only
> [2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent
> (50)
> error getting user id for sid
> S-1-5-21-597916725-1483147915-620655208-19426
> [2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent
> (50)
> error getting user id for sid
> S-1-5-21-597916725-1483147915-620655208-19426
>
--
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Garofalo, 39 - 20133 - Milano
mobile: +39 329 328 7702
tel. +39 02 2953 4143 - fax: +39 02 700 442 399
More information about the samba-it
mailing list