samba+openldap
高手指點
俺 在CENT OS下配置samba+openldap 作為PDC伺服器時出錯:
>net getlocalsid 時出現如下錯誤:
lib/smbldap.c:smbldap_connect_system(850)
failed to bind to server with dn=cn=root,dc=hy,dc=com Error:Can't contact LDAP server
lib/smbldap.c:smbldap_search_suffix(1155)
smbldap_search_suffix:problem during the LDAP search:(unknown) (Timed out) SID for domain PDC is : s-15-5-21-3237025-297313532177
我的/etc/ldap.conf 如下:
host 127.0.0.1
base dc=hy,dc=com
rootbinddn cn=root,dc=hy,dc=com
nss_base_passwd ou=Users,dc=hy,dc=com?one
nss_base_passwd ou=Computers,dc=hy,dc=com?one
nss_base_shadow ou=Users,dc=hy,dc=com?one
nss_base_group ou=Groups,dc=hy,dc=com?one
ssl no
pam_password md5
/etc/openldap/ldap.conf 如下:
host 127.0.0.1
base dc=hy,dc=com
/etc/openldap/slapd.conf 如下:
database bdb
suffix "dc=hy,dc=com"
rootdn "cn=root,dc=hy,dc=com"
rootpw
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
運行 service ldap restart 時常
/etc/samba/smb.conf 內容如下:
# Global parameters
workgroup = hyserver
netbios name = PDC
server string = PDC Server
log file = /var/log/samba/log.%m
security = user
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
log level = 3
syslog = 0
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = UTF-8
Unix charset = UTF-8
logon script = logon.bat
logon drive = H:
logon home = \\%L\%u
domain logons = yes
os level = 65
domain master = yes
preferred master = yes
local master = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=root,dc=hy,dc=com
ldap suffix = dc=hy,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = off
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -d /dev/null -g 100 -s /bin/false -M %u
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
############################## Homes parameters ##########################
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
comment = repertoire de %U, %u
browseable = no
writeable = yes
read only = no
force create mode = 0700
create mode = 0700
force directory mode = 0700
directory mode = 700
############################# Netlogone parameters #######################
path = /home/netlogon
browseable = No
read only = yes
write list = root
運行testparm 時正常
就是運行 net getlocalsid 時不行。
《解決方案》
有沒有那位高手指點一二呀
難道沒人懂這個東東嗎?
《解決方案》
跪求高手指點迷津
跪求高手指點迷津
《解決方案》
成功解決
這個問題爾已解決!!!多謝各位!!!!!
