[Samba-it] re: problema samba pdc

Davide Barbaria davide.barbaria at itcserasmo.it
Fri May 25 07:48:19 MDT 2007 

On Fri, 2007-05-25 at 12:16 +0200, davide.barbaria at itcserasmo.it wrote:
>  > Non so se ho capito bene il problema ma controllerei:
>  > 1) di avere incluso il samba.schema
>  > 2) di indicare le clausole di accesso: Accesso a ; da parte di chi ; per
>  > fare che cosa .
>  > 
>  > esempio
>  > 
>  > access to attrs=userPAssword,SambaLMPassword,SambaNTPassword
>  >          by dn="cn=YYYY,dc=XXXX,dc=XXXX" write
>  >          by anonymous auth
>  >          by self write
>  >          by * none
>  > 
>  > ciao
> 
> 
> Si ho incluso lo schema ed ho indicato le clausole, ma ottengo sempre lo stesso errore

Attento a non cercare di mettere commenti nella ACL, il testo di una ACL
deve essere tutto consecutivo altrimenti slapd non riescie parsare.

Una sosa cosi':
access to attrs=userPAssword,SambaLMPassword,SambaNTPassword
#access to attrs=userPAssword
        by dn="cn=YYYY,dc=XXXX,dc=XXXX" write

non va bene.

Comunque incolla eventualmente direttamente da slapd.conf le 10 righe
prima e dopo la linea 103

Simo.

Ciao Simo ecco il slapd.conf...come vedi non credo ci siano errori su quelle linee
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
checkpoint 512 30
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #1
suffix "dc=segerasmo,dc=lcl"
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
# rootdn "cn=admin,dc=segerasmo,dc=lcl"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index objectClass eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
# access to attrs=userPassword,shadowLastChange
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=segerasmo,dc=lcl" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work 
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=segerasmo,dc=lcl" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=segerasmo,dc=lcl" write
# by dnattr=owner write
#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/samba-it/attachments/20070525/fe12c995/attachment.html>

More information about the samba-it mailing list