[Samba-it] Problema doppio dominio...ma nel mondo delle favole

Davide Barbaria davide.barbaria at itcserasmo.it
Mon Feb 21 05:06:36 MST 2011


Scusate, da pochi giorni, ho un problema su un pdc samba con etch: mi
ritrovo 2 domini probabilmente con lo stesso sid;
eccovi una parte del contenuto del file ldif a seguito di slapcat

dn: sambaDomainName=levi,dc=isi,dc=lan
structuralObjectClass: sambaDomain
entryUUID: 2ce879f0-c946-102f-8a2c-5d8112e86366
creatorsName: cn=admin,dc=isi,dc=lan
createTimestamp: 20110210094501Z
sambaAlgorithmicRidBase: 1000
sambaRefuseMachinePwdChange: 0
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaMinPwdLength: 5
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaMaxPwdAge: -1
sambaSID: S-1-5-21-63036134-2943069286-51311574
sambaPwdHistoryLength: 0
sambaDomainName: levi
gidNumber: 10045
sambaMinPwdAge: 0
sambaLogonToChgPwd: 0
uidNumber: 10591
sambaNextRid: 1076
entryCSN: 20110221085224.572545Z#000000#000#000000
modifiersName: cn=admin,dc=isi,dc=lan
modifyTimestamp: 20110221085224Z

dn: sambaDomainName=LEVI.LAN,dc=isi,dc=lan
sambaAlgorithmicRidBase: 1000
sambaNextUserRid: 1000
structuralObjectClass: sambaDomain
entryUUID: 693bf4be-c95e-102f-8801-7d0a5aad9d2a
creatorsName: cn=admin,dc=isi,dc=lan
createTimestamp: 20110210123831Z
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
gidNumber: 10045
sambaDomainName: levi.lan
sambaSID: S-1-5-21-63036134-2943069286-51311574
sambaNextRid: 1000
uidNumber: 10501
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
entryCSN: 20110210123831.563508Z#000000#000#000000
modifiersName: cn=admin,dc=isi,dc=lan
modifyTimestamp: 20110210123831Z

Il dominio esatto deve essere solo LEVI con SID finale 574, ma ne ritrovo 2
a seguito di diverse installazioni in cui prima volevo mantenere il
suffisso .LAN che dopo ho ritenuto togliere.

l'smb.conf è:

[global]
workgroup = levi
netbios name = servlab
server string = %h 
dns proxy = No
bind interfaces only = Yes
interfaces = lo, eth0
smb ports = 139
#   invalid users = root
#   admin users = root, at admins
#   printer admin = @lpadmin

wide links = yes
unix extensions = no

### registra i logon via samba
utmp = yes
utmp directory = /var/log/samba/utmp
wtmp directory = /var/log/samba/wtmp

### evita l'apertura di notepad con un file desktop.ini
hide files = /desktop.ini/ntuser.ini/NTUSER.*/

### conserva i permessi e i privilegi dei file dell'utente
inherit acls = yes
inherit owner = yes

log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
log level = 1

security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1/
obey pam restrictions = no
deadtime = 15
browseable = no

wins support = Yes
name resolve order = lmhosts host wins bcast

local master = yes
domain master = Yes
preferred master = Yes
os level = 254
domain logons = Yes

#   map system = yes
#   map archive = yes
#   map hidden = yes

unix password sync = no
enable privileges = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
socket options = TCP_NODELAY, SO_KEEPALIVE

load printers = yes
printing = cups
printcap name = cups

ldap ssl = no
ldap passwd sync = yes
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmaps
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap suffix = dc=isi,dc=lan
ldap delete dn = Yes
ldap admin dn = cn=admin,dc=isi,dc=lan

# Supporto Win9x/XP
# logon home = \\%N\%U\.\\.profili\%a
# logon drive = H:
# logon path = \\%N\%U\.profili\%a
# logon script = logon.bat

# Supporto XP/Win7 (Win9x escluso).
logon home = \\%L\%U
logon drive = H:
logon path = \\%L\%U\.profili\%a
logon script = logon.bat


add machine script = /usr/sbin/smbldap-useradd -w  "%m"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"

#   check password script = /usr/bin/crackcheck -s

panic action = /usr/share/samba/panic-action %d



More information about the samba-it mailing list