[CentOS-es] Problemas con Samba + LDAP como PDC
Dominguez, Gaston Matias
gdominguez en eling.com.ar
Sab Sep 5 01:27:32 UTC 2009
Ahora actualice mi smb.conf
[global]
workgroup = EISAIII
server string = Samba Server Version %v on %L
passdb backend = ldapsam:"ldap://127.0.0.1:389"
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new
password*" %n\n"
syslog = 2
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = Z:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins server = 192.168.6.3
ldap admin dn = cn=Administrador,dc=eisaIII,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=eisaIII,dc=com
ldap user suffix = ou=People
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = Administrador, "@Domain Admins"
cups options = raw
De todas formas cuando ejecuto un :
Tail -f /var/log/messages
Sep 4 07:33:27 eisaIII nmbd[2685]: [2009/09/04 07:33:27, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
Sep 4 07:33:27 eisaIII nmbd[2685]: become_logon_server_success: Samba is
now a logon server for workgroup EISAIII on subnet 192.168.6.233
Sep 4 07:33:31 eisaIII nmbd[2685]: [2009/09/04 07:33:31, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
Sep 4 07:33:31 eisaIII nmbd[2685]: *****
Sep 4 07:33:31 eisaIII nmbd[2685]:
Sep 4 07:33:31 eisaIII nmbd[2685]: Samba server SRVDC01 is now a domain
master browser for workgroup EISAIII on subnet 192.168.6.233
Sep 4 07:33:31 eisaIII nmbd[2685]:
Sep 4 07:33:31 eisaIII nmbd[2685]: *****
Sep 4 07:33:35 eisaIII smbd[2731]: [2009/09/04 07:33:35, 1]
smbd/chgpasswd.c:change_oem_password(1057)
Sep 4 07:33:35 eisaIII smbd[2731]: user test1 cannot change password now,
must wait until vie, 04 sep 2009 17:29:06 ART
Sigue apareciendo el mismo problema, yo no sé si será algún bug del samba o
tal vez un problema del smbldap-tools.
Saludos.
De: centos-es-bounces en centos.org [mailto:centos-es-bounces en centos.org] En
nombre de Germán C. Basisty
Enviado el: Viernes, 04 de Septiembre de 2009 09:06 a.m.
Para: centos-es en centos.org
Asunto: Re: [CentOS-es] Problemas con Samba + LDAP como PDC
Fijate los comentarios que te hago en tu smb.conf. Mira esto a ver si te
sirve:
[global]
workgroup = EIPSISTEMAS
server string = MASTER SERVER
log file = /var/log/samba/%m.log
max log size = 50
security = user
domain master = yes
domain logons = yes
logon script = logon.bat
logon path = \\MORIBB\Profiles\%U
local master = yes
os level = 65
preferred master = yes
time server = yes
admin users = Administrator @"Domain Admins"
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=eipsistemas,dc=com,dc=ar
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap admin dn = cn=root,dc=eipsistemas,dc=com,dc=ar
ldap passwd sync = yes
add machine script = /usr/sbin/smbldap-useradd -w %u
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
Saludos.-
Germán C. Basisty
EIP SISTEMAS
Consultor - Tecnología Informática
tel./fax +54 (299) 436 6929
cel. +54 (2942) 15 472 223
german.basisty en eipsistemas.com.ar
http://ww.eipsistemas.com.ar <http://ww.eipsistemas.com.ar/>
De: centos-es-bounces en centos.org [mailto:centos-es-bounces en centos.org] En
nombre de Dominguez, Gaston Matias
Enviado el: viernes, 04 de septiembre de 2009 08:50 p.m.
Para: centos-es en centos.org
Asunto: [CentOS-es] Problemas con Samba + LDAP como PDC
Estoy teniendo un problemas cuando quiero cambiar las claves de los usuarios
desde la sesión de Windows
Les dejo aquí el smb.conf
[root en SRVDC01 ~]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Profiles]"
Processing section "[netlogon]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
workgroup = EISAIII
server string = Samba Server Version %v on %L
smb passwd file = /usr/bin/smbpasswd <- No se si debería ir. Estas usando
LDAP
passdb backend = ldapsam:"ldap://127.0.0.1:389 <ldap://127.0.0.1:389%22> "
username map = /etc/samba/smbusers <- Tampoco. Estas usando LDAP
syslog = 2
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = Z:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins server = 192.168.6.3
ldap admin dn = cn=Administrador,dc=eisaIII,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=eisaIII,dc=com
ldap user suffix = ou=People
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = Administrador, "@Domain Admins"
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root, maryo
guest ok = Yes
browseable = No
Como pueden ver estoy usando los siguientes comandos para la sincronización
de claves pero de da error.
# Sincronizacion de cuentas LDAP, NT y LM
# unix password sync = Yes
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
[2009/09/03 14:05:16, 1] smbd/chgpasswd.c:change_oem_password(1057)
Sep 3 14:05:16 eisaIII smbd[4801]: user test1 cannot change password now,
must wait until vie, 04 sep 2009 17:29:06 ART
Alguien tiene alguna solución para esto.
Saludos.
Dominguez Gastón Matías
Informática y Telecomunicaciones
ELECTROINGENIERIA S.A.
División Nuclear
Tel.: 0054-03487-481880
Fax: 0054-03487-481880 Int. 120/121
E-mail: gdominguez en eling.com.ar
Web: <http://www.eling.com.ar/> www.eling.com.ar
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: http://lists.centos.org/pipermail/centos-es/attachments/20090904/1bfa0591/attachment-0001.html
Más información sobre la lista de distribución CentOS-es