LINUX.ORG.RU
ФорумAdmin

Sambe+Ldap


0

0

Доброго времени суток.

Руководствуясь вот этой статьей http://argo-uln.blogspot.com/2006/08/samba-3-pdc-ldap-freebsd-61.html настроил сабж. Устественно внеся небольшие изменения т.к. поднимал все под debian 4. Изменения касались путей и slapd работает не с ldbm а с dbd. Дошел до места в статье "Для добавления админских привилегий в домене группе Domain Admins:", при это и slapd и smbd и nmbd работали. Перезагрузил комп все поднялось, но в систему не пускает не под одним логино!

Мне кажется проблема вот в этом "файл smbldap.conf ... # Если ставлю hash_encrypt="SSHA" то unix пользователя не пускает hash_encrypt="CRYPT" crypt_salt_format="%s""

Пробовал загружаться с ubuntu liveCD и править конфиги, но что конкретно менять я не заню. По этому и прошу помоши у Вас господа.

Заранее спасибо.

Ответ на: Re: Sambe+Ldap от Morphine

Re: Sambe+Ldap

Вот кусок syslog:

May 17 21:49:22 main named[2160]: running

May 17 21:49:22 main slapd[2188]: @(#) $OpenLDAP: slapd 2.3.30 (Mar 9 2007 05:43:02) $ ^Iroot@windlord:/tmp/buildd/openldap2.3-2.3.30/debian/build/servers/slapd May 17 21:49:22 main slapd[2188]: /etc/ldap/slapd.conf: line 31: warning: no by clause(s) specified in access line (ignored).

May 17 21:49:22 main slapd[2188]: /etc/ldap/slapd.conf: line 36: warning: no by clause(s) specified in access line (ignored).

May 17 21:49:22 main slapd[2188]: /etc/ldap/slapd.conf: line 39: warning: no by clause(s) specified in access line (ignored).

May 17 21:49:22 main slapd[2188]: /etc/ldap/slapd.conf: line 43: warning: no by clause(s) specified in access line (ignored).

May 17 21:49:22 main slapd[2188]: /etc/ldap/slapd.conf: line 47: warning: no by clause(s) specified in access line (ignored).

May 17 21:49:22 main slapd[2188]: /etc/ldap/slapd.conf: line 50: warning: no by clause(s) specified in access line (ignored).

May 17 21:49:22 main slapd[2188]: /etc/ldap/slapd.conf: line 53: warning: no by clause(s) specified in access line (ignored).

May 17 21:49:22 main slapd[2188]: /etc/ldap/slapd.conf: line 56: warning: no by clause(s) specified in access line (ignored).

May 17 21:49:22 main slapd[2188]: /etc/ldap/slapd.conf: line 59: warning: no by clause(s) specified in access line (ignored).

May 17 21:49:23 main slapd[2189]: slapd starting

May 17 21:49:23 main kernel: skge eth1: Link is up at 10 Mbps, half duplex, flow control none

May 17 21:49:23 main kernel: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready

May 17 21:49:23 main kernel: ACPI: Power Button (FF) [PWRF]

May 17 21:49:23 main kernel: ACPI: Power Button (CM) [PWRB]

May 17 21:49:23 main kernel: ACPI: Sleep Button (CM) [SLPB]

May 17 21:49:26 main slapd[2189]: conn=0 fd=11 ACCEPT from IP=127.0.0.1:42192 (IP=0.0.0.0:389)

May 17 21:49:26 main slapd[2189]: conn=0 op=0 BIND dn="cn=morphine,dc=push,dc=msservic,dc=ru" method=128

May 17 21:49:26 main slapd[2189]: conn=0 op=0 BIND dn="cn=morphine,dc=push,dc=msservic,dc=ru" mech=SIMPLE ssf=0

May 17 21:49:26 main slapd[2189]: conn=0 op=0 RESULT tag=97 err=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"

May 17 21:49:26 main slapd[2189]: conn=0 op=1 SRCH attr=supportedControl

May 17 21:49:26 main slapd[2189]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=2 SRCH base="dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=push))"

May 17 21:49:26 main slapd[2189]: conn=0 op=2 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass

May 17 21:49:26 main slapd[2189]: conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=3 SRCH base="dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(uid=root)(objectClass=sambaSamAccount))"

May 17 21:49:26 main slapd[2189]: conn=0 op=3 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber

May 17 21:49:26 main slapd[2189]: conn=0 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=4 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"

May 17 21:49:26 main slapd[2189]: conn=0 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

May 17 21:49:26 main slapd[2189]: conn=0 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=5 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))"

May 17 21:49:26 main slapd[2189]: conn=0 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

May 17 21:49:26 main slapd[2189]: conn=0 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=6 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"

May 17 21:49:26 main slapd[2189]: conn=0 op=6 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Morphine ()
Ответ на: Re: Sambe+Ldap от Morphine

Re: Sambe+Ldap

-----------------------------------------------------------
May 17 21:49:26 main slapd[2189]: conn=0 op=3 SRCH base="dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(uid=root)(objectClass=sambaSamAccount))"

May 17 21:49:26 main slapd[2189]: conn=0 op=3 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber

May 17 21:49:26 main slapd[2189]: conn=0 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
-----------------------------------------------------
Вы рутом пытаетесь зайти? у вас в ldap'е нет такого пользователя. :)

zgen ★★★★★ ()
Ответ на: Re: Sambe+Ldap от Morphine

Re: Sambe+Ldap

May 17 21:49:26 main slapd[2189]: conn=0 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=7 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(|(objectClass=sambaGroupMapping)(sambaGroupType=4))(|(sambaS IDList=s-1-22-1-0)(sambaSIDList=s-1-5-32-544)(sambaSIDList=s-1-1-0)(sambaSIDList =s-1-5-2)(sambaSIDList=s-1-5-11)))" May 17 21:49:26 main slapd[2189]: conn=0 op=7 SRCH attr=sambaSID

May 17 21:49:26 main slapd[2189]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18)

May 17 21:49:26 main slapd[2189]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)

May 17 21:49:26 main last message repeated 4 times

May 17 21:49:26 main slapd[2189]: conn=0 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=8 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(|(objectClass=sambaGroupMapping)(sambaGroupType=4))(|(sambaS IDList=s-1-22-1-0)(sambaSIDList=s-1-5-32-544)(sambaSIDList=s-1-1-0)(sambaSIDList =s-1-5-2)(sambaSIDList=s-1-5-11)))" May 17 21:49:26 main slapd[2189]: conn=0 op=8 SRCH attr=sambaSID

May 17 21:49:26 main slapd[2189]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18)

May 17 21:49:26 main slapd[2189]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)

May 17 21:49:26 main last message repeated 4 times

May 17 21:49:26 main slapd[2189]: conn=0 op=8 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=9 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"

May 17 21:49:26 main slapd[2189]: conn=0 op=9 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

May 17 21:49:26 main slapd[2189]: conn=0 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=10 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"

May 17 21:49:26 main slapd[2189]: conn=0 op=10 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

May 17 21:49:26 main slapd[2189]: conn=0 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=11 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(|(objectClass=sambaGroupMapping)(sambaGroupType=4))(|(sambaS IDList=s-1-5-21-3409336451-1238685194-4158727917-501)(sambaSIDList=s-1-22-2-6553 4)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))" ; May 17 21:49:26 main slapd[2189]: conn=0 op=11 SRCH attr=sambaSID

May 17 21:49:26 main slapd[2189]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18)

May 17 21:49:26 main slapd[2189]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)

May 17 21:49:26 main last message repeated 4 times

May 17 21:49:26 main slapd[2189]: conn=0 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=12 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(|(objectClass=sambaGroupMapping)(sambaGroupType=4))(|(sambaS IDList=s-1-5-21-3409336451-1238685194-4158727917-501)(sambaSIDList=s-1-22-2-6553 4)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))" ; May 17 21:49:26 main slapd[2189]: conn=0 op=12 SRCH attr=sambaSID

May 17 21:49:26 main slapd[2189]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18)

May 17 21:49:26 main slapd[2189]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18)

May 17 21:49:26 main last message repeated 4 times

May 17 21:49:26 main slapd[2189]: conn=0 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=13 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))"

May 17 21:49:26 main slapd[2189]: conn=0 op=13 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

May 17 21:49:26 main slapd[2189]: conn=0 op=13 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=14 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))"

May 17 21:49:26 main slapd[2189]: conn=0 op=14 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

May 17 21:49:26 main slapd[2189]: conn=0 op=14 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main slapd[2189]: conn=0 op=15 SRCH base="ou=Groups,dc=push,dc=msservic,dc=ru" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-546))"

May 17 21:49:26 main slapd[2189]: conn=0 op=15 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

May 17 21:49:26 main slapd[2189]: conn=0 op=15 SEARCH RESULT tag=101 err=0 nentries=0 text=

May 17 21:49:26 main /usr/sbin/cron[2309]: (CRON) INFO (pidfile fd = 3)

May 17 21:49:26 main /usr/sbin/cron[2311]: (CRON) STARTUP (fork ok)

May 17 21:49:26 main /usr/sbin/cron[2311]: (CRON) INFO (Running @reboot jobs)

May 17 21:49:33 main kernel: eth1: no IPv6 routers present

May 17 22:09:22 main -- MARK --

May 17 22:17:01 main CRON[2437]: PAM unable to dlopen(/lib/security/pam_opie.so)

May 17 22:17:01 main CRON[2437]: PAM [dlerror: /lib/security/pam_opie.so: cannot open shared object file: No such file or directory]

May 17 22:17:01 main CRON[2437]: PAM adding faulty module: /lib/security/pam_opie.so

May 17 22:17:01 main CRON[2437]: PAM unable to dlopen(/lib/security/pam_opieaccess.so)

May 17 22:17:01 main CRON[2437]: PAM [dlerror: /lib/security/pam_opieaccess.so: cannot open shared object file: No such file or directory]

May 17 22:17:01 main CRON[2437]: PAM adding faulty module: /lib/security/pam_opieaccess.so

May 17 22:17:01 main CRON[2437]: PAM unable to dlopen(/lib/security/pam_login_access.so)

May 17 22:17:01 main CRON[2437]: PAM [dlerror: /lib/security/pam_login_access.so: cannot open shared object file: No such file or directory]

May 17 22:17:01 main CRON[2437]: PAM adding faulty module: /lib/security/pam_login_access.so

May 17 22:17:01 main CRON[2437]: Module is unknown

May 17 22:29:22 main -- MARK --

May 17 22:49:22 main -- MARK --

May 17 23:09:22 main -- MARK --

May 17 23:17:01 main CRON[2617]: PAM unable to dlopen(/lib/security/pam_opie.so)

May 17 23:17:01 main CRON[2617]: PAM [dlerror: /lib/security/pam_opie.so: cannot open shared object file: No such file or directory]

May 17 23:17:01 main CRON[2617]: PAM adding faulty module: /lib/security/pam_opie.so

May 17 23:17:01 main CRON[2617]: PAM unable to dlopen(/lib/security/pam_opieaccess.so)

May 17 23:17:01 main CRON[2617]: PAM [dlerror: /lib/security/pam_opieaccess.so: cannot open shared object file: No such file or directory]

May 17 23:17:01 main CRON[2617]: PAM adding faulty module: /lib/security/pam_opieaccess.so

May 17 23:17:01 main CRON[2617]: PAM unable to dlopen(/lib/security/pam_login_access.so)

May 17 23:17:01 main CRON[2617]: PAM [dlerror: /lib/security/pam_login_access.so: cannot open shared object file: No such file or directory]

May 17 23:17:01 main CRON[2617]: PAM adding faulty module: /lib/security/pam_login_access.so

May 17 23:17:01 main CRON[2617]: Module is unknown

May 17 23:29:23 main -- MARK --

May 17 23:49:23 main -- MARK --

Morphine ()
Ответ на: Re: Sambe+Ldap от zgen

Re: Sambe+Ldap

Я пвтался зайти под разными пользователями и под root, и под morphine (системный пользователь, которога я указывал в конфигах заместо Maneger(в статье)), и под пользователем Administrator (Создан в ходе настройки сервисов), и даже под пользователем testuser1. Не пускает не под одним из них.

Может быть проблемма всетаки в шифровании?

Могу выложить мои конфиги если надо.

Morphine ()
Ответ на: Re: Sambe+Ldap от Morphine

Re: Sambe+Ldap

А еще PAM не может найти 3 файло:

/lib/security/pam_opie.so

/lib/security/pam_opieaccess.so

/lib/security/pam_login_access.so

Может проблема в этом? Если да, то как их найти и установить. (На диске их нет нигде).

Morphine ()
Ответ на: Re: Sambe+Ldap от zgen

Re: Sambe+Ldap

да завел 2-х. Administrator и testuser1.

На сколько я понимаю pam отвечает как раз за аунтификацию в системе с использованием ldap. А у пам не хватает файлов.

Morphine ()
Ответ на: Re: Sambe+Ldap от Morphine

Re: Sambe+Ldap

за авторизацию пользователей через ldap отвечает libnss который вы даже не потрудились поставить и настроить.

zgen ★★★★★ ()
Ответ на: Re: Sambe+Ldap от Morphine

Re: Sambe+Ldap

Я ставил slapd, samba, libnss_ldap, libpam_ldap...

Morphine ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.