Diese Website existiert nur weil wir Werbung mit AdSense ausliefern.
Bitte den AdBlocker daher auf dieser Website ausschalten! Danke.

Samba->LDAP Problem: Kann keine Windows Rechner in Domäne

Alles rund um das Internet, Internet-Anwendungen (E-Mail, Surfen, Cloud usw.) und das Einrichten von Netzwerken einschl. VPN unter Linux

Moderator: Moderatoren

Antworten
atracura
Newbie
Newbie
Beiträge: 2
Registriert: 1. Sep 2005, 13:53

Samba->LDAP Problem: Kann keine Windows Rechner in Domäne

Beitrag von atracura »

Hi,

ich habe ein kleines Problem mit Samba und OpenLDAP:

Meine Daten:
Suse 9.2
Samba 3.0.9-2.3-SUSE
OpenLDAP: slapd 2.2.15

Nun zu meinem Problem:
Ich habe Samba und OpenLDAP wie in der IDELAX Dokumentation eingerichtet. Wenn ich einen Benutzer mit dem smbldap-useradd Script anlege funktioniert alles ganz normal, ich kann mich auch ohne weiteres anmelden.
Wenn ich aber nun einen Rechner in die Domäne einhängen möchte bekomme ich folgende Fehlermeldung in der Rechnerlogdatei:

Code: Alles auswählen

[2005/09/01 13:26:49, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/01 13:26:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:49, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] succeeded
[2005/09/01 13:26:50, 2] smbd/server.c:exit_server(575)
  Closing connections
[2005/09/01 13:26:50, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/01 13:26:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:26:50, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] succeeded
[2005/09/01 13:26:51, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain MYDOMAIN -> S-1-5-21-3304255874-2887972702-1555624387
[2005/09/01 13:26:52, 2] smbd/server.c:exit_server(575)
  Closing connections
[2005/09/01 13:43:32, 2] smbd/server.c:exit_server(575)
  Closing connections
[2005/09/01 13:43:32, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/01 13:43:32, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:32, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] succeeded
[2005/09/01 13:43:33, 2] smbd/server.c:exit_server(575)
  Closing connections
[2005/09/01 13:43:34, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/01 13:43:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No such object)
[2005/09/01 13:43:34, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] succeeded
[2005/09/01 13:43:34, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain MYDOMAIN -> S-1-5-21-3304255874-2887972702-1555624387
[2005/09/01 13:43:36, 2] smbd/server.c:exit_server(575)
  Closing connections
Das komische ist aber, dass es diese Gruppen gibt:
dn: cn=Domain Users,ou=Groups,dc=cologne,dc=mydomain,dc=local
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3304255874-2887972702-1555624387-513
sambaGroupType: 2
displayName: Domain Users
structuralObjectClass: posixGroup
entryUUID: 3c3a55c4-aa64-1029-879f-fa8a7468604f
creatorsName: cn=Manager,dc=cologne,dc=mydomain,dc=local
createTimestamp: 20050826100220Z
memberUid: root
memberUid: benjamin
entryCSN: 20050901101848Z#000003#00#000000
modifiersName: cn=Manager,dc=cologne,dc=mydomain,dc=local
modifyTimestamp: 20050901101848Z
smb.conf:
[global]
workgroup = MYDOMAIN
netbios name = hawking
server string = hawking as Samba-Server

passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=cologne,dc=mydomain,dc=local
ldap suffix = dc=cologne,dc=mydomain,dc=local
ldap group suffix = ou=Groups,dc=cologne,dc=mydomain,dc=local
ldap user suffix = ou=Users,dc=cologne,dc=mydomain,dc=local
ldap machine suffix = ou=Computers,dc=cologne,dc=mydomain,dc=local
ldap idmap suffix = ou=Idmap,dc=cologne,dc=mydomain,dc=local
ldap ssl = no

add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

username map = /etc/samba/smbusers
logon script = %u.BAT
logon drive = Y:
logon path = \\%L\profiles\%U
logon home = \\%L\%U
domain logons = yes
preferred master = yes
domain master = yes
security = user
local master = yes
os level = 65

dos charset = 850
unix charset = ISO-8859-15
display charset = ISO-8859-15

log level = 2
log file = /home/samba/logs/%m.log

wins support = yes

panic action = kill `cat /var/run/samba/smbd.pid`; rm /var/run/samba/smbd.pid ; /etc/init.d/smb start

keepalive = 60
smb ports = 445 139
use sendfile = no
large readwrite = no
idmap backend = ldap:ldap://10.0.1.253
atracura
Newbie
Newbie
Beiträge: 2
Registriert: 1. Sep 2005, 13:53

Lösung

Beitrag von atracura »

Also in meinem Fall lag es daran, dass Samba nicht mit der Computer OU zusammenarbeiten wollte. Nachdem ich die Computer OU in der Samba Config File auf Users geändert hatte, konnte ich auch den Rechner in die Domäne hinzufügen.
stka
Moderator
Moderator
Beiträge: 3351
Registriert: 1. Jun 2004, 13:56
Wohnort: 51°58'34.91"N 7°38'37.47"E
Kontaktdaten:

Beitrag von stka »

Hast du das Groupmapping für die Windows-Hosts erzeugt? Schau mal in die conf Datei der smbldap-tools dort steht welche UID dieses Groupmapping haben muss. Die Host in einer samba domäne müssen eine eigene Gruppen haben, die scheint hier zu fehlen.
Du hörst nicht auf zu laufen weil du alt wirst. Du wirst alt weil du aufhörst zu laufen.
Das neue Buch http://www.kania-online.de/fachbuecher
Antworten