[Samba-it] Problema doppio dominio...ma nel mondo delle favole
Davide Barbaria
davide.barbaria at itcserasmo.it
Mon Feb 21 05:06:36 MST 2011
Scusate, da pochi giorni, ho un problema su un pdc samba con etch: mi
ritrovo 2 domini probabilmente con lo stesso sid;
eccovi una parte del contenuto del file ldif a seguito di slapcat
dn: sambaDomainName=levi,dc=isi,dc=lan
structuralObjectClass: sambaDomain
entryUUID: 2ce879f0-c946-102f-8a2c-5d8112e86366
creatorsName: cn=admin,dc=isi,dc=lan
createTimestamp: 20110210094501Z
sambaAlgorithmicRidBase: 1000
sambaRefuseMachinePwdChange: 0
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaMinPwdLength: 5
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaMaxPwdAge: -1
sambaSID: S-1-5-21-63036134-2943069286-51311574
sambaPwdHistoryLength: 0
sambaDomainName: levi
gidNumber: 10045
sambaMinPwdAge: 0
sambaLogonToChgPwd: 0
uidNumber: 10591
sambaNextRid: 1076
entryCSN: 20110221085224.572545Z#000000#000#000000
modifiersName: cn=admin,dc=isi,dc=lan
modifyTimestamp: 20110221085224Z
dn: sambaDomainName=LEVI.LAN,dc=isi,dc=lan
sambaAlgorithmicRidBase: 1000
sambaNextUserRid: 1000
structuralObjectClass: sambaDomain
entryUUID: 693bf4be-c95e-102f-8801-7d0a5aad9d2a
creatorsName: cn=admin,dc=isi,dc=lan
createTimestamp: 20110210123831Z
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
gidNumber: 10045
sambaDomainName: levi.lan
sambaSID: S-1-5-21-63036134-2943069286-51311574
sambaNextRid: 1000
uidNumber: 10501
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
entryCSN: 20110210123831.563508Z#000000#000#000000
modifiersName: cn=admin,dc=isi,dc=lan
modifyTimestamp: 20110210123831Z
Il dominio esatto deve essere solo LEVI con SID finale 574, ma ne ritrovo 2
a seguito di diverse installazioni in cui prima volevo mantenere il
suffisso .LAN che dopo ho ritenuto togliere.
l'smb.conf è:
[global]
workgroup = levi
netbios name = servlab
server string = %h
dns proxy = No
bind interfaces only = Yes
interfaces = lo, eth0
smb ports = 139
# invalid users = root
# admin users = root, at admins
# printer admin = @lpadmin
wide links = yes
unix extensions = no
### registra i logon via samba
utmp = yes
utmp directory = /var/log/samba/utmp
wtmp directory = /var/log/samba/wtmp
### evita l'apertura di notepad con un file desktop.ini
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
### conserva i permessi e i privilegi dei file dell'utente
inherit acls = yes
inherit owner = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
log level = 1
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1/
obey pam restrictions = no
deadtime = 15
browseable = no
wins support = Yes
name resolve order = lmhosts host wins bcast
local master = yes
domain master = Yes
preferred master = Yes
os level = 254
domain logons = Yes
# map system = yes
# map archive = yes
# map hidden = yes
unix password sync = no
enable privileges = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
socket options = TCP_NODELAY, SO_KEEPALIVE
load printers = yes
printing = cups
printcap name = cups
ldap ssl = no
ldap passwd sync = yes
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmaps
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap suffix = dc=isi,dc=lan
ldap delete dn = Yes
ldap admin dn = cn=admin,dc=isi,dc=lan
# Supporto Win9x/XP
# logon home = \\%N\%U\.\\.profili\%a
# logon drive = H:
# logon path = \\%N\%U\.profili\%a
# logon script = logon.bat
# Supporto XP/Win7 (Win9x escluso).
logon home = \\%L\%U
logon drive = H:
logon path = \\%L\%U\.profili\%a
logon script = logon.bat
add machine script = /usr/sbin/smbldap-useradd -w "%m"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
# check password script = /usr/bin/crackcheck -s
panic action = /usr/share/samba/panic-action %d
More information about the samba-it
mailing list