[Samba-it] Problema di Samba o ldap ??
Angelo Venera
angelo at unict.it
Tue Oct 2 01:40:11 MDT 2007
Salve a tutti,
Ho la seguente situazione, un master LDAP e 3 slave LDAP, ho dei problemi sulla funzionalità cambio password "CTRL+ALT+CANC", precisamente, se uso il comando smbldap-passwd nomeutente da qualunque slave, quindi da shell la modifica si propaga, ma se lo faccio fare da qualunque workstation, la password rimane modificata solo sullo slave. Premesso che quando aggiungo un pc al dominio da uno slave questo si propaga sia al master che poi agli slave, premesso che con il comando suddetto tramite shell funziona. Ho notato comunque questi messaggi di errori nel master, nella cartella replica:
ERROR: No such attribute: modify/delete: sambaNextRid: no such value
replica: 192.168.2.12:389
time: 1191245967.2
dn: sambaDomainName=ICT,dc=gruppoict,dc=local
changetype: modify
delete: sambaNextRid
sambaNextRid: 1005
-
add: sambaNextRid
sambaNextRid: 1006
-
replace: entryCSN
entryCSN: 20071001133927Z#000002#00#000000
-
replace: modifiersName
modifiersName: cn=root,dc=gruppoict,dc=local
-
replace: modifyTimestamp
modifyTimestamp: 20071001133927Z
ed esiste lo stesso file che contiene l'errore con estensione .rej e .rej.lock
Allego la configurazione dei server ldap master:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /usr/share/doc/samba-3.0.24/LDAP/samba.schema
schemacheck on
loglevel 256
lastmod on
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=gruppoict,dc=local"
rootdn "cn=root,dc=gruppo,dc=local"
rootpw ********
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
# Modifica password utente
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by anonymous auth
by self write
by * none
access to *
by * read
replica uri=ldap://192.168.2.12:389 binddn="cn=root,dc=gruppo,dc=local" bindmethod=simple credentials=********
replica uri=ldap://192.168.3.12:389 binddn="cn=root,dc=gruppo,dc=local" bindmethod=simple credentials=********
replica uri=ldap://192.168.4.12:389 binddn="cn=root,dc=gruppo,dc=local" bindmethod=simple credentials=********
replogfile /var/lib/ldap/replog
file configurazione ldap slave:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /usr/share/doc/samba-3.0.25c/LDAP/samba.schema
schemacheck on
loglevel 256
lastmod on
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
updatedn "cn=root,dc=gruppoict,dc=local"
updateref ldap://192.168.1.12
suffix "dc=gruppoict,dc=local"
rootdn "cn=root,dc=gruppo,dc=local"
rootpw ********
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
# Modifica password utente
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by anonymous auth
by self write
by * none
access to *
by * read
e la configurazione di samba:
; Configurazione per SAMBA BDC + LDAP
[global]
; Parametri per il BDC
domain master = yes
domain logons = yes
local master = yes
preferred master = yes
os level = 255
security = user
passdb backend = ldapsam:ldap://192.168.4.12
; Parametri nome dominio, nome netbios
workgroup = ICT
netbios name = dati
server string = File Server
; Parametri per LDAP
obey pam restrictions = no
ldap admin dn = cn=root,dc=gruppo,dc=local
ldap suffix = dc=gruppoict,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = no
; Parametri per password
encrypt passwords = yes
unix password sync = no
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
; Parametri per gestire gli utenti e i gruppi
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
; Parametri generali
log file = /var/log/samba/log.%m
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
force directory mode = 777
logon path = \\%L\profiles\%U
force create mode = 666
debug level = 2
create mode = 666
interfaces = 192.168.4.12 127.0.0.1
bind interfaces only = yes
log level = 2
winbind nested groups = no
password server = 192.168.4.12
host msdfs = no
Non capisco a capire xchè il cambio password non si propaga, chi mi aiuta...
Ciao Angelo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/samba-it/attachments/20071002/651fb06f/attachment.html>
More information about the samba-it
mailing list