Vorweg :
Hatte Samba vor laengerer Zeit schon installiert und konnte / kann damit auch von den Linux-Clients bzw. den WinP-Clients darauf zugreifen.
Jetzt habe ich einen LDAP-Server installiert. Er laeuft - ich kann jederzeit mit GQ und z.B. KDE-Adress darauf zugreifen.
Habe nun meine smb.conf dahingehend erweitert, dass Samba nun via LDAP seine Benutzer/User ermitteln soll; anschliesend den Server (und auch mal den Rechner selbst) neu gestartet :
Ab sofort koennen weder Linux- noch Win-Clients darauf mehr zugreifen.
Auf den Linux-Clients erscheint die Fehlermeldung 'Zeitueberschreitung auf dem Server ...', auf den Win-"Kisten" grundsaetzlich " Auf ... kann nicht zugegriffen werden. Sie haben evtl. keine Berechtigung ....".
Habe den Loglevel in der smb.conf hochgsetzt, aber aus den log-Files kann ich keine Probleme erkennen.
Anliegend mal meine smb.conf :
Wenn ich
Habe das Gefuehl, dass nicht mal mehr die Benutzerpruefung stattfindet, denn wenn ich
eingebe, dann erhalte ich
Und das erscheint mir ziemlich richtig.
Auch der Befehl
gibt das wohl 'her' :
Hier ist mir allerdings aufgefallen, dass beim user 'Bettina'
Gibt es vielleicht irgendein Domain-Problem bei mir ?
Wo koennte sonst noch das Problem liegen /
Bin fuer jede Tipps dankbar ...
Hatte Samba vor laengerer Zeit schon installiert und konnte / kann damit auch von den Linux-Clients bzw. den WinP-Clients darauf zugreifen.
Jetzt habe ich einen LDAP-Server installiert. Er laeuft - ich kann jederzeit mit GQ und z.B. KDE-Adress darauf zugreifen.
Habe nun meine smb.conf dahingehend erweitert, dass Samba nun via LDAP seine Benutzer/User ermitteln soll; anschliesend den Server (und auch mal den Rechner selbst) neu gestartet :
Ab sofort koennen weder Linux- noch Win-Clients darauf mehr zugreifen.
Auf den Linux-Clients erscheint die Fehlermeldung 'Zeitueberschreitung auf dem Server ...', auf den Win-"Kisten" grundsaetzlich " Auf ... kann nicht zugegriffen werden. Sie haben evtl. keine Berechtigung ....".
Habe den Loglevel in der smb.conf hochgsetzt, aber aus den log-Files kann ich keine Probleme erkennen.
Anliegend mal meine smb.conf :
[global]
ldap ssl = no
idmap gid = 10000-20000
time server = yes
winbind uid = 10000-20000
cups options = raw
idmap uid = 10000-20000
workgroup = HOME
os level = 20
debug level = 1
server signing = Auto
auto services = hp 6p
printcap name = cups
security = user
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ -t 60 -i "%uid"
getwd cache = yes
log level = 10
restrict anonymous = no
include = /etc/samba/dhcp.conf
socket options = SO_KEEPALIVE TCP_NODELAY
logon drive = P:
guest ok = yes
null passwords = yes
map to guest = Bad User
domain master = No
username map = /etc/samba/user.map
encrypt passwords = yes
keepalive = 100
wins proxy = yes
wins support = true
case sensitive = No
max protocol = NT
server string = Asterix
winbind gid = 10000-20000
unix password sync = yes
logon path = \\%L\profiles\.msprofile
acl compatibility = winnt
directory mask = 0777
domain logons = No
ldap passwd sync = Yes
ldap admin dn = cn=admin,dc=MyDomain,dc=de
ldap user suffix = ou=users
passdb backend = ldapsam:ldap://localhost
ldap machine suffix = ou=computers
ldap group suffix = ou=groups
ldap suffix = dc=MyDomain,dc=de
# logon home = \\%L\%U\.9xprofile
# add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
# log file = /var/log/samba/log.smbd.%m
# msdfs proxy = no
Wenn ich
rausnehme und Samba neu starte kann ich ohne Weiteres sofort wieder zugreifen.ldap passwd sync = Yes
ldap admin dn = cn=admin,dc=MyDomain,dc=de
ldap user suffix = ou=users
passdb backend = ldapsam:ldap://localhost
ldap machine suffix = ou=computers
ldap group suffix = ou=groups
ldap suffix = dc=MyDomain,dc=de
Habe das Gefuehl, dass nicht mal mehr die Benutzerpruefung stattfindet, denn wenn ich
pdbedit passdb backend = ldapsam:ldap://localhost -u bettina
eingebe, dann erhalte ich
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
doing parameter restrict anonymous = no
doing parameter include = /etc/samba/dhcp.conf
params.cm_process() - Processing configuration file "/etc/samba/dhcp.conf"
doing parameter socket options = SO_KEEPALIVE TCP_NODELAY
doing parameter logon drive = P:
doing parameter guest ok = yes
doing parameter null passwords = yes
doing parameter map to guest = Bad User
doing parameter domain master = No
doing parameter username map = /etc/samba/user.map
doing parameter encrypt passwords = yes
doing parameter keepalive = 100
doing parameter wins proxy = yes
doing parameter wins support = true
doing parameter case sensitive = No
doing parameter max protocol = NT
doing parameter server string = Asterix
doing parameter winbind gid = 10000-20000
doing parameter unix password sync = yes
doing parameter logon path = \\%L\profiles\.msprofile
doing parameter acl compatibility = winnt
doing parameter directory mask = 0777
doing parameter domain logons = No
doing parameter ldap passwd sync = Yes
doing parameter ldap admin dn = cn=admin,dc=MyDomain,dc=de
doing parameter ldap user suffix = ou=users
doing parameter passdb backend = ldapsam:ldap://localhost
doing parameter ldap machine suffix = ou=computers
doing parameter ldap group suffix = ou=groups
doing parameter ldap suffix = dc=MyDomain,dc=de
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Finding user hp
Trying _Get_Pwnam(), username as lowercase is hp
Trying _Get_Pwnam(), username as uppercase is HP
Checking combinations of 0 uppercase letters in hp
Get_Pwnam_internals didn't find user [hp]!
lp_servicenumber: couldn't find hp
Finding user 6p
Trying _Get_Pwnam(), username as lowercase is 6p
Trying _Get_Pwnam(), username as uppercase is 6P
Checking combinations of 0 uppercase letters in 6p
Get_Pwnam_internals didn't find user [6p]!
lp_servicenumber: couldn't find 6p
set_server_role: role = ROLE_STANDALONE
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ASTERIX))]
smbldap_search_ext: base => [dc=MyDomain,dc=de], filter => [(&(objectClass=sambaDomain)(sambaDomainName=ASTERIX))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as "cn=admin,dc=MyDomain,dc=de"
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
The LDAP server is succesfully connected
pdb backend ldapsam:ldap://localhost has a valid init
Netbios name list:-
my_netbios_names[0]="ASTERIX"
Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ASTERIX))]
smbldap_search_ext: base => [dc=MyDomain,dc=de], filter => [(&(objectClass=sambaDomain)(sambaDomainName=ASTERIX))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as "cn=admin,dc=MyDomain,dc=de"
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
The LDAP server is succesfully connected
pdb backend ldapsam:ldap://localhost has a valid init
smbldap_search_ext: base => [dc=MyDomain,dc=de], filter => [(&(uid=bettina)(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: bettina
pdb_set_username: setting username bettina, was
pdb_set_domain: setting domain ASTERIX, was
pdb_set_nt_username: setting nt username bettina, was
pdb_set_user_sid_from_string: setting user sid S-1-5-21-1666760061-3954025905-2425877074-1002
pdb_set_user_sid: setting user sid S-1-5-21-1666760061-3954025905-2425877074-1002
smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>]
smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>]
smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>]
pdb_set_full_name: setting full name Bettina Otto, was
smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>]
pdb_set_dir_drive: setting dir drive P:, was NULL
smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>]
Home server: asterix
pdb_set_homedir: setting home dir \\asterix\bettina, was
smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>]
pdb_set_logon_script: setting logon script , was
smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>]
pdb_set_profile_path: setting profile path \\asterix\profiles\.msprofile, was
smbldap_get_single_attribute: [description] = [<does not exist>]
smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>]
smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>]
grant_privilege: S-1-1-0
original privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-548
original privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-549
original privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-550
original privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-551
original privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV 0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-544
original privilege mask:
SE_PRIV 0xff0 0x0 0x0 0x0
new privilege mask:
SE_PRIV 0xff0 0x0 0x0 0x0
account_policy_get: name: password history, val: 0
smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>]
smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>]
smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>]
Opening cache file at /var/lib/samba/login_cache.tdb
Looking up login cache for user bettina
No cache entry found
No cache entry, bad count = 0, bad time = 0
bettina:1001:Bettina Otto
Und das erscheint mir ziemlich richtig.
Auch der Befehl
ldapsmb -L -u
gibt das wohl 'her' :
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/bash
daemon:x:2:2aemon:/sbin:/bin/bash
lp:x:4:7rinting daemon:/var/spool/lpd:/bin/bash
mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
news:x:9:13:News system:/etc/news:/bin/bash
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
games:x:12:100:Games account:/var/games:/bin/bash
man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash
wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
named:x:44:44:Name server daemon:/var/lib/named:/bin/false
postfix:x:51:51ostfix Daemon:/var/spool/postfix:/bin/false
mysql:x:60:105:MySQL database admin:/var/lib/mysql:/bin/bash
vscan:x:65:103:Vscan account:/var/spool/amavis:/bin/false
sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false
ntp:x:74:65534:NTP daemon:/var/lib/ntp:/bin/false
ldap:x:76:70:User for OpenLDAP:/var/lib/ldap:/bin/bash
mdnsd:x:78:65534:mDNSResponder runtime user:/var/lib/mdnsd:/bin/false
messagebus:x:100:101:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:101:102:User for haldaemon:/var/run/hal:/bin/false
tomcat:x:102:104:Tomcat:/usr/share/tomcat5:/bin/sh
nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
bettina:x:1001:100:Bettina de:/MyDomain/bettina:/bin/sh
test:x:1006:100::/home/test:/bin/bash
Hier ist mir allerdings aufgefallen, dass beim user 'Bettina'
dagegen beim user 'test'/e-schuett/sascha:/bin/sh
eingetragen ist./home/test:/bin/bash
Gibt es vielleicht irgendein Domain-Problem bei mir ?
Wo koennte sonst noch das Problem liegen /
Bin fuer jede Tipps dankbar ...