boospy
Guru
Joined: 07 Feb 2010
Posts: 310
Location: Austria
|
 Posted: Fri May 18, 2012 8:51 pm Post subject: [gelöst] LDAP Samba als PDC fehler beim anlegen der Domäne |
 |
|
Hallo Leute
Habe hier einen LDAPserver in Betrieb. Jetzt soll ein auch Samba als PDC dazukommen. Ich hab hierfür smbldaptools vewendet. Habe sämtlichen Werte in die smb.conf und in die smbldap.conf, smbldap_bind.conf eingetragen. Die Domän ID kann ich auf der Konsole auslesen. Aber wenn ich mit den smbldaptools die Domäne anlegen lassen möchte, kommt folgende Meldung:
| Code: | entry dc=tuxi,dc=cc already exist.
entry ou=users,ou=people,dc=tuxi,dc=cc already exist.
entry ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
entry ou=machines,dc=tuxi,dc=cc already exist.
entry ou=Idmap,dc=tuxi,dc=cc already exist.
entry uid=root,ou=users,ou=people,dc=tuxi,dc=cc already exist.
entry uid=nobody,ou=users,ou=people,dc=tuxi,dc=cc already exist.
entry cn=Domain Admins,ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
entry cn=Domain Users,ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
entry cn=Domain Guests,ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
entry cn=Domain Computers,ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
entry cn=Administrators,ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
entry cn=Account Operators,ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
entry cn=Print Operators,ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
entry cn=Backup Operators,ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
entry cn=Replicators,ou=windowsusergroups,ou=group,dc=tuxi,dc=cc already exist.
adding new entry: ou=sambadomaene=OSIT.CC,dc=tuxi,dc=cc
failed to add entry: attribute 'sambaNextRid' not allowed at /usr/sbin/smbldap-populate line 499, <GEN1> line 241.
Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password: |
Bis auf die Domäne wird alles angelegt. Es muss hier irgendein Berrechtigungsproblem vorliegen, denn auch hier kommt der Fehler:
| Code: | smbclient -L localhost
Enter root's password:
session setup failed: NT_STATUS_LOGON_FAILURE |
oder
oder
| Code: | net rpc info
Enter root's password:
Could not connect to server ITMGMT
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE |
Ich hab natürlich mit "smbpasswd -w geheim" das LDAP-Passwort übertragen. Irgendwo hats da was...
Hier ist noch meine smb.conf
| Code: | [global]
workgroup = tuxi.cc
server string = Samba PDC
netbios name = itmgmt
security = user
encrypt passwords = yes
load printers = yes
max log size = 50
passdb backend = ldapsam:ldap://itmgmt.tuxi.cc
ldap admin dn = cn=Manager,dc=tuxi,dc=cc
ldap passwd sync = yes
ldap machine suffix = ou=machines,dc=tuxi,dc=cc
ldap User suffix = ou=users,ou=people,dc=tuxi,dc=cc
ldap Group Suffix = ou=windowsusergroups,ou=group,dc=tuxi,dc=cc
ldap ssl = off
idmap backend = ldap:ldap://itmgmt.tuxi.cc
idmap uid = 10000-20000
idmap gid = 30000-40000
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
delete user script = /usr/sbin/smbldap-userdel "%u" -r "%u"
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
dns proxy = no
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
browseable = no
write list = root
[profiles]
path = /var/lib/samba/profiles
writable = yes
browsable = no
create mode = 0644
directory mode = 0755
guest ok = yes
[homes]
path = /home/%U
browseable = no
valid users = %S
read only = no
create mask = 0664
directory mask = 0775
[public]
comment = Public Stuff
path = /home/public
public = yes
read only = yes
browseable = yes
write list = @users
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes |
Ich natürlich versucht die Domäne im LDAPACCOUNTMANAGER anzulegen. Das hat ja auch geklappt. Aber hilft natürlich nicht viel. Wenns nicht richtig kommuniziert. Ich hoffe ihr könnt mir da weiter helfen.
lg
boospy
Last edited by boospy on Mon May 21, 2012 9:24 pm; edited 1 time in total |
|
Deutsches Forum (German)
