[CentOS-es] Problemas con Samba + LDAP como PDC

Dominguez, Gaston Matias gdominguez en eling.com.ar
Sab Sep 5 01:27:32 UTC 2009


Ahora actualice mi smb.conf

 

[global]

        workgroup = EISAIII

        server string = Samba Server Version %v on %L

        passdb backend = ldapsam:"ldap://127.0.0.1:389"

        passwd program = /usr/sbin/smbldap-passwd -u "%u"

        passwd chat = "Changing *\nNew password*" %n\n "*Retype new
password*" %n\n"

        syslog = 2

        log file = /var/log/samba/log.%m

        max log size = 1000

        time server = Yes

        add user script = /usr/sbin/smbldap-useradd -m "%u"

        delete user script = /usr/sbin/smbldap-userdel "%u"

        add group script = /usr/sbin/smbldap-groupadd -p "%g"

        delete group script = /usr/sbin/smbldap-groupdel "%g"

        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"

        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"

        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

        add machine script = /usr/sbin/smbldap-useradd -w %u

        logon script = scripts\logon.bat

        logon path = \\%L\Profiles\%U

        logon drive = Z:

        logon home = \\%L\%U

        domain logons = Yes

        os level = 65

        preferred master = Yes

        domain master = Yes

        wins server = 192.168.6.3

        ldap admin dn = cn=Administrador,dc=eisaIII,dc=com

        ldap delete dn = Yes

        ldap group suffix = ou=Group

        ldap idmap suffix = ou=Idmap

        ldap machine suffix = ou=Computers

        ldap passwd sync = Yes

        ldap suffix = dc=eisaIII,dc=com

        ldap user suffix = ou=People

        idmap uid = 10000-20000

        idmap gid = 10000-20000

        admin users = Administrador, "@Domain Admins"

        cups options = raw

 

De todas formas cuando ejecuto un :

 

Tail -f /var/log/messages

 

Sep  4 07:33:27 eisaIII nmbd[2685]: [2009/09/04 07:33:27, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(124)

Sep  4 07:33:27 eisaIII nmbd[2685]:   become_logon_server_success: Samba is
now a logon server for workgroup EISAIII on subnet 192.168.6.233

Sep  4 07:33:31 eisaIII nmbd[2685]: [2009/09/04 07:33:31, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)

Sep  4 07:33:31 eisaIII nmbd[2685]:   *****

Sep  4 07:33:31 eisaIII nmbd[2685]:

Sep  4 07:33:31 eisaIII nmbd[2685]:   Samba server SRVDC01 is now a domain
master browser for workgroup EISAIII on subnet 192.168.6.233

Sep  4 07:33:31 eisaIII nmbd[2685]:

Sep  4 07:33:31 eisaIII nmbd[2685]:   *****

Sep  4 07:33:35 eisaIII smbd[2731]: [2009/09/04 07:33:35, 1]
smbd/chgpasswd.c:change_oem_password(1057)

Sep  4 07:33:35 eisaIII smbd[2731]:   user test1 cannot change password now,
must wait until vie, 04 sep 2009 17:29:06 ART

 

Sigue apareciendo el mismo problema, yo no sé si será algún bug del samba o
tal vez un problema del smbldap-tools.

 

Saludos.

 

De: centos-es-bounces en centos.org [mailto:centos-es-bounces en centos.org] En
nombre de Germán C. Basisty
Enviado el: Viernes, 04 de Septiembre de 2009 09:06 a.m.
Para: centos-es en centos.org
Asunto: Re: [CentOS-es] Problemas con Samba + LDAP como PDC

 

 Fijate los comentarios que te hago en tu smb.conf. Mira esto a ver si te
sirve:

 

[global]

        workgroup = EIPSISTEMAS

        server string = MASTER SERVER

        log file = /var/log/samba/%m.log

        max log size = 50

        security = user

        domain master = yes

        domain logons = yes

        logon script = logon.bat

        logon path = \\MORIBB\Profiles\%U

        local master = yes

        os level = 65

        preferred master = yes

        time server = yes

        admin users = Administrator @"Domain Admins"

        passdb backend = ldapsam:ldap://localhost

        ldap suffix = dc=eipsistemas,dc=com,dc=ar

        ldap user suffix = ou=People

        ldap group suffix = ou=Groups

        ldap machine suffix = ou=Computers

        ldap admin dn = cn=root,dc=eipsistemas,dc=com,dc=ar

        ldap passwd sync = yes

        add machine script = /usr/sbin/smbldap-useradd -w %u

        add user script = /usr/sbin/smbldap-useradd -m "%u"

        ldap delete dn = Yes

        delete user script = /usr/sbin/smbldap-userdel "%u"

        add group script = /usr/sbin/smbldap-groupadd -p "%g"

        delete group script = /usr/sbin/smbldap-groupdel "%g"

        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"

        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"

        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

 

Saludos.-

 

 

Germán C. Basisty

EIP SISTEMAS

Consultor - Tecnología Informática

tel./fax +54 (299) 436 6929

cel. +54 (2942) 15 472 223

german.basisty en eipsistemas.com.ar

http://ww.eipsistemas.com.ar <http://ww.eipsistemas.com.ar/> 

 

 

De: centos-es-bounces en centos.org [mailto:centos-es-bounces en centos.org] En
nombre de Dominguez, Gaston Matias
Enviado el: viernes, 04 de septiembre de 2009 08:50 p.m.
Para: centos-es en centos.org
Asunto: [CentOS-es] Problemas con Samba + LDAP como PDC

 

Estoy teniendo un problemas cuando quiero cambiar las claves de los usuarios
desde la sesión de Windows 

 

Les dejo aquí el smb.conf

 

[root en SRVDC01 ~]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Profiles]"
Processing section "[netlogon]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
workgroup = EISAIII
server string = Samba Server Version %v on %L
smb passwd file = /usr/bin/smbpasswd <- No se si debería ir. Estas usando
LDAP
passdb backend = ldapsam:"ldap://127.0.0.1:389 <ldap://127.0.0.1:389%22> "
username map = /etc/samba/smbusers <- Tampoco. Estas usando LDAP
syslog = 2
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = Z:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins server = 192.168.6.3
ldap admin dn = cn=Administrador,dc=eisaIII,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=eisaIII,dc=com
ldap user suffix = ou=People
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = Administrador, "@Domain Admins"
cups options = raw

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root, maryo
guest ok = Yes
browseable = No

 

Como pueden ver estoy usando los siguientes comandos para la sincronización
de claves pero de da error.

 

# Sincronizacion de cuentas LDAP, NT y LM
# unix password sync = Yes
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"


[2009/09/03 14:05:16, 1] smbd/chgpasswd.c:change_oem_password(1057)
Sep 3 14:05:16 eisaIII smbd[4801]: user test1 cannot change password now,
must wait until vie, 04 sep 2009 17:29:06 ART

Alguien tiene alguna solución para esto.

 

Saludos.

Dominguez Gastón Matías

Informática y Telecomunicaciones

ELECTROINGENIERIA S.A.

División Nuclear

Tel.: 0054-03487-481880

Fax: 0054-03487-481880 Int. 120/121

E-mail: gdominguez en eling.com.ar

Web:  <http://www.eling.com.ar/> www.eling.com.ar

 

------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: http://lists.centos.org/pipermail/centos-es/attachments/20090904/1bfa0591/attachment-0001.html 


Más información sobre la lista de distribución CentOS-es