smbldap-populate line 500.

0

1

Ubuntu 12.04 Server.

Помогите связать самбу и лдап. LDAP уже установлен, управлять им удаётся. Дело за самбой. Настраиваю по инструкции: http://forum.ubuntu.ru/index.php?topic=45970.0 (начиная с пункта «Установка SAMBA»)

/etc/samba/smbd.conf

[global]
   workgroup = MYFIRM
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user
   encrypt passwords = true
   passdb backend = ldapsam:ldap://localhost/
   obey pam restrictions = no
   ldap admin dn = cn=admin,dc=myfirm,dc=local
   ldap suffix = dc=myfirm,dc=local
   ldap group suffix = ou=Groups
   ldap user suffix = ou=People
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Users
   ldap passwd sync = Yes
   passwd program = /usr/sbin/smbldap-passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   ldap delete dn = Yes
   delete user script = /usr/sbin/smbldap-userdel "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   domain logons = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   map to guest = bad user
   logon path =
   socket options = TCP_NODELAY
   usershare allow guests = yes
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

/etc/ldap/ldap.conf:

TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/misc.schema

access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword

/etc/smbldap-tools/smbldap.conf:

SID="S-1-5-21-260130283-2911224480-2891038847"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
ldapSSL="0"
verify="require"
suffix="dc=myfirm,dc=local"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
password_hash="SSHA"
password_crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/ldapusers/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
shadowAccount="1"
defaultMaxPasswordAge="45"
userSmbHome=
userProfile=
userHomeDrive=
userScript=
mailDomain="myfirm.ru"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

/etc/smbldap-tools/smbldap_bind.conf:

slaveDN="cn=admin,dc=myfirm,dc=local"
slavePw="qwerty"
masterDN="cn=admin,dc=myfirm,dc=local"
masterPw="qwerty"

Проблемы такие:

- при генерации SID вылезают ошибки:

Failed to issue the StartTLS instruction: Protocol error
Failed to issue the StartTLS instruction: Protocol error
Failed to issue the StartTLS instruction: Protocol error
smbldap_search_domain_info: Adding domain info for MYFIRM failed with NT_STATUS_UNSUCCESSFUL
SID for domain SUPERSERVER is: S-1-5-21-260130283-2911224480-2891038847

- ступор при выполнении populate:

smbldap-populate -u 30000 -g 30000
Use of qw(...) as parentheses is deprecated at /usr/share/perl5/smbldap_tools.pm line 1423, <DATA> line 522.
Populating LDAP directory for domain MYFIRM (S-1-5-21-260130283-2911224480-2891038847)
(using builtin directory structure)

entry dc=myfirm,dc=local already exist. 
adding new entry: ou=Users,dc=myfirm,dc=local
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 500.
entry ou=Groups,dc=myfirm,dc=local already exist. 
adding new entry: ou=Computers,dc=myfirm,dc=local
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 500.
adding new entry: ou=Idmap,dc=myfirm,dc=local
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 500.
failed to search entry: invalid DN at /usr/sbin/smbldap-populate line 480.

В /var/log/syslog:

superserver slapd[3379]: conn=1088 op=9 do_search: invalid dn: "sambaDomainName=MYFIRM,dc=myfirm,dc=local"

Нутром чую, что зацепка, но не могу понять, о чём оно мне говорит.

В тот же лог периодически выплёвывается:

superserver slapd[3379]: conn=1084 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"

Хотя, ето больше на warning похоже, чем на error.

Ссылка

Похожие темы