RE [Samba] samba ldap problem
spu at corman.be
spu at corman.be
Fri Jun 10 15:03:03 GMT 2005
What is your guest user in smb.conf ?
check if is not nobody, the guest acoutn is used by samba for first
connection.
-----------------------------------
Stéphane PURNELLE stephane.purnelle at corman.be
Service Informatique Corman S.A. Tel : 00 32 087/342467
samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
10/06/2005 16:20:56 :
> I have tried to create a samba domain with a ldap backend.
>
> This is how my ldap structure looks like.
>
> # example.com
> dn: dc=example,dc=com
> objectClass: dcObject
> objectClass: organization
> o: example
> dc: example
>
> # groups, example.com
> dn: ou=groups,dc=example,dc=com
> objectClass: organizationalUnit
> ou: groups
>
> # Domain Admins, groups, example.com
> dn: cn=Domain Admins,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 512
> cn: Domain Admins
> memberUid: root
> description: Netbios Domain Administrators
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-512
> sambaGroupType: 2
> displayName: Domain Admins
>
> # Domain Users, groups, example.com
> dn: cn=Domain Users,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 513
> cn: Domain Users
> description: Netbios Domain Users
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-513
> sambaGroupType: 2
> displayName: Domain Users
>
> # Domain Guests, groups, example.com
> dn: cn=Domain Guests,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 514
> cn: Domain Guests
> description: Netbios Domain Guests Users
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-514
> sambaGroupType: 2
> displayName: Domain Guests
>
> # computers, example.com
> dn: ou=computers,dc=example,dc=com
> objectClass: organizationalUnit
> ou: computers
>
> # PDC, example.com
> dn: sambaDomainName=PDC,dc=example,dc=com
> objectClass: sambaDomain
> sambaDomainName: PDC
> sambaNextGroupRid: 90000
> sambaNextUserRid: 90000
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987
> sambaNextRid: 90000
>
> # people, example.com
> dn: ou=people,dc=example,dc=com
> objectClass: organizationalUnit
> ou: people
>
> # root, people, example.com
> dn: uid=root,ou=people,dc=example,dc=com
> uid: root
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-500
> sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-512
> displayName: root
> sambaAcctFlags: [U ]
> objectClass: account
> objectClass: sambaSamAccount
> sambaPwdMustChange: 2147483647
> sambaLMPassword: 63D2114DE42F744B30A84C4AFE5AFFFF
> sambaNTPassword: 5460FB29D247C383F63E1E3A417FC39B
> sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdCanChange: 1118395221
> sambaPwdLastSet: 1118395221
>
> # win2k$, Computers, example.com
> dn: uid=win2k$,ou=Computers,dc=example,dc=com
> uid: win2k$
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3022
> sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-1201
> objectClass: sambaSamAccount
> objectClass: account
> displayName: win2k$
> sambaPwdMustChange: 2147483647
> sambaAcctFlags: [W ]
> sambaPwdCanChange: 1118395893
> sambaNTPassword: 5C70F10A2EAD0B4FE5588114C98ED1ED
> sambaPwdLastSet: 1118395893
>
> # Martin Hallgren, people, example.com
> dn: cn=Martin Hallgren,ou=people,dc=example,dc=com
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: posixAccount
> objectClass: top
> objectClass: krb5Principal
> objectClass: krb5KDCEntry
> objectClass: sambaSamAccount
> krb5PrincipalName: martin at EXAMPLE.COM
> krb5KeyVersionNumber: 1
> krb5MaxLife: 86400
> krb5MaxRenew: 604800
> krb5KDCFlags: 126
> cn: Martin Hallgren
> givenName: Martin
> mail: martin at example.com
> sn: Hallgren
> uid: martin
> uidNumber: 1050
> gidNumber: 100
> homeDirectory: /home/martin
> loginShell: /bin/bash
> sambaAcctFlags: [U ]
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3250
> sambaPwdCanChange: 1118395383
> sambaPwdMustChange: 2147483647
> sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
> sambaNTPassword: 0CB6948805F797BF2A82807973B89537
> sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdLastSet: 1118395383
>
> # nobody, people, example.com
> dn: uid=nobody,ou=people,dc=example,dc=com
> objectClass: account
> objectClass: sambaSamAccount
> objectClass: posixAccount
> uid:: bm9ib2R5ICAgICAgICAgICAgICAgICA=
> sambaPwdLastSet: 0
> sambaLogonTime: 2147483647
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 2147483647
> sambaPwdMustChange: 2147483648
> displayName: Nobody
> cn: Nobody
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-501
> sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-514
> gecos:: Tm9ib2R5IG9yIEd1ZXN0ICAgICAgIA==
> homeDirectory:: L2Rldi9udWxsICAgICAgICAgICAgIA==
> loginShell:: L2Rldi9udWxsICAgICA=
> uidNumber: 65534
> gidNumber: 65534
> sambaAcctFlags: [UX ]
>
> # Morgan Hallgren, people, example.com
> dn: cn=Morgan Hallgren,ou=people,dc=example,dc=com
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: posixAccount
> objectClass: top
> objectClass: krb5Principal
> objectClass: krb5KDCEntry
> objectClass: sambaSamAccount
> krb5PrincipalName: morgan at EXAMPLE.COM
> krb5KeyVersionNumber: 1
> krb5MaxLife: 86400
> krb5MaxRenew: 604800
> krb5KDCFlags: 126
> cn: Morgan Hallgren
> givenName: Morgan
> mail: morgan at example.com
> sn: Hallgren
> uid: moja
> uidNumber: 1000
> gidNumber: 100
> homeDirectory: /home/morgan
> loginShell: /bin/bash
> sambaAcctFlags: [U ]
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3000
> sambaPwdMustChange: 2147483647
> sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdCanChange: 1118412748
> sambaLMPassword: 44EFCE164AB921CAAAD3B435B51404EE
> sambaNTPassword: 32ED87BDB5FDC5E9CBA88547376818D4
> sambaPwdLastSet: 1118412748
>
> # nobody, groups, example.com
> dn: cn=nobody,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 501
> cn: nobody
> memberUid: nobody
> description: Netbios Domain nobody
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-501
> sambaGroupType: 2
> displayName: Domain nobody
>
>
> And smb.conf
>
> netbios name = samba
> workgroup = PDC
> server string = PDC [on Gentoo :: Samba server %v]
>
> hosts allow = 192.168.0.0/24 127.0.0.0/8
> security = user
> encrypt passwords = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> interfaces = lo eth0
> bind interfaces only = yes
>
> local master = yes
> #os level = 65
> os level = 99
> domain master = yes
> preferred master = yes
> enable privileges = yes
> null passwords = no
> hide unreadable = yes
> hide dot files = yes
>
> domain logons = yes
> logon script = login.bat OR %U.bat
> logon path = \\%L\%U\profile
> logon drive = H:
> logon home = \\%L\%U\.9xprofile
> #logon home = \\%L\%u\.win_profile\%m
>
> #logon path =
> #logon home =
>
> wins support = yes
> name resolve order = wins lmhosts hosts bcast
> dns proxy = no
>
> time server = yes
> log file = /var/log/samba/log.%m
> max log size = 50
>
> #smb passwd file = /var/lib/samba/private/smbpasswd
>
> passdb backend = ldapsam:ldap://kerberos.example.com
> ldap ssl = start tls
> ldap suffix = dc=example,dc=com
> ldap user suffix = ou=people,dc=example,dc=com
> ldap group suffix = ou=groups,dc=example,dc=com
> ldap machine suffix = ou=computers,dc=example,dc=com
> # FYI, the password for this user is stored in
> # /etc/samba/secrets.tdb. It is created by running
> # 'smbpasswd -w passwd'
> ldap admin dn = cn=manager,dc=example,dc=com
>
> #add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
>
>
> #syncningen med kerberos lösenorden
> passwd chat debug = yes
> debug level = 100
> #ldap password sync = yes
> #obey pam restrictions = no
> #unix password sync = yes
> #passwd program = /usr/sbin/kadmin -l passwd %u at EXAMPLE.COM
> #passwd chat = "*" %n\r "*" %n\r "*"
>
> unix charset = ISO8859-1
>
> [netlogon]
> path = /var/lib/samba/netlogon
> public = no
> writeable = no
> browseable = no
>
> [profiles]
> path = /home/%u/profile
> browseable = no
> writeable = yes
> default case = lower
> preserve case = no
> short preserve case = no
> case sensitive = no
> hide files = /desktop.ini/ntuser.ini/NTUSER.*/
> create mode = 0600
> directory mode = 0700
>
> [homes]
> path = /home/%U
> browseable = no
> valid users = %S
> writable = yes
> guest ok = no
> inherit permissions = yes
>
> [public]
> comment = Public Stuff
> path = /var/lib/samba/profiles
> public = yes
> writeable = yes
> browseable = yes
> write list = @users
>
> I have joined the computer win2k to the domain and I can log in as the
> user moja. But then I try to open his home dir slapd is searching for
> the nobody user.
>
> Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=1 BIND
> dn="cn=manager,dc=example,dc=com" mech=SIMPLE ssf=0
> Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=1 RESULT tag=97 err=0
> text=
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=2 SRCH
> base="ou=people,dc=example,dc=com" scope=1
> filter="(&(objectClass=posixAccount)(uid=nobody))"
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=2 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=2 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=3 SRCH
> base="ou=people,dc=example,dc=com" scope=1
> filter="(&(objectClass=posixAccount)(uid=nobody))"
> Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=3 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=4 SRCH
> base="ou=Groups,dc=example,dc=com" scope=1
> filter="(&(objectClass=posixGroup)(|(memberUid=nobody)
> (uniqueMember=uid=nobody,ou=people,dc=example,dc=com)))"
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=4 SRCH attr=gidNumber
> Jun 10 15:49:39 st_olof slapd[7003]: <= bdb_equality_candidates:
> (uniqueMember) index_param failed (18)
> Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=5 SRCH
> base="ou=Groups,dc=example,dc=com" scope=1
> filter="(&(objectClass=posixGroup)(uniqueMember=cn=nobody,ou=groups,
> dc=example,dc=com))"
> Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=5 SRCH attr=gidNumber
> Jun 10 15:49:39 st_olof slapd[7004]: <= bdb_equality_candidates:
> (uniqueMember) index_param failed (18)
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=4 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=5 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=6 SRCH
> base="ou=group,dc=example,dc=com" scope=2
> filter="(&(objectClass=posixGroup)(uniqueMember=cn=nobody,ou=groups,
> dc=example,dc=com))"
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=6 SRCH attr=gidNumber
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=6 RESULT tag=101 err=32
> text=
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=7 SRCH
> base="ou=group,dc=example,dc=com" scope=2
> filter="(&(objectClass=posixGroup)(|(memberUid=nobody)
> (uniqueMember=uid=nobody,ou=people,dc=example,dc=com)))"
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=7 SRCH attr=gidNumber
> Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=7 RESULT tag=101 err=32
> text=
> Jun 10 15:49:39 st_olof slapd[7003]: conn=92 op=4 SRCH
> base="ou=groups,dc=example,dc=com,dc=example,dc=com" scope=2
> filter="(&(objectClass=sambaGroupMapping)(gidNumber=501))"
>
> This hangs the system for som secunds. Does anyone know way this
> happends and how to get around it?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list