Samba autenticando em base ldap

[gilmarcabral]

Olá a todos.
Talvez alguem possa me dar uma dica do que pode ser pq nao estou coseguindo fazer o samba do meu servidor de dados autenticar no servidor ldap que esta em servidor separado.

Meu ambiente esta da seguinte maneira:
Tenho um servidor rodando o ldap + samba mas eu possuo um outro servidor samba que presiso que este samba pegue os usuarios que estao cadastrado na base ldap do servidor ldap + samba como pdc.
Abaixo segue o smb.conf que estou usando este servidor de samba arquivo.

[global]

workgroup = agrovale

server string = cagaita.agrovale.com.br

security = user

log file = /var/log/samba/%m.log

max log size = 50

passdb backend = ldapsam:ldap://192.168.1.2/

local master = no

os level = 33

domain master = yes

preferred master = yes

domain logons = yes

wins support = no

wins server = 192.168.1.10

ldap admin dn = cn=manager,dc=agrovale,dc=com

ldap suffix = dc=agrovale,dc=com

ldap machine suffix = ou=Hosts

ldap user suffix = ou=Pessoas

ldap group suffix = ou=Grupos

add machine script = /usr/sbin/useradd -n -r -g machines -c "Samba machine" -d /dev/null -s /bin/false %u

unix charset = iso-8859-1

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431

ldap passwd sync = no

ldap ssl = off

ldap delete dn = no

time server = yes

#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /home/profiles
browseable = no
guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes

# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no


Abaixo segue o log que esta sendo gerado pelo samba do servidor de arquivos quando ele tenta autenticar no servidor ldap + samba como pdc:

[2007/10/26 17:20:54, 0] lib/smbldap.c:smbldap_connect_system(81 2)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2007/10/26 17:20:54, 1] lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 9 try!
[2007/10/26 17:20:55, 0] lib/smbldap.c:fetch_ldap_pw(312)
fetch_ldap_pw: neither ldap secret retrieved!
[2007/10/26 17:20:55, 0] lib/smbldap.c:smbldap_connect_system(81 2)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2007/10/26 17:20:55, 1] lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 10 try!
[2007/10/26 17:20:56, 0] lib/smbldap.c:fetch_ldap_pw(312)
fetch_ldap_pw: neither ldap secret retrieved!
[2007/10/26 17:20:56, 0] lib/smbldap.c:smbldap_connect_system(81 2)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2007/10/26 17:20:56, 1] lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 11 try!
[2007/10/26 17:20:57, 0] lib/smbldap.c:fetch_ldap_pw(312)
fetch_ldap_pw: neither ldap secret retrieved!
[2007/10/26 17:20:57, 0] lib/smbldap.c:smbldap_connect_system(81 2)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2007/10/26 17:20:57, 1] lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 12 try!
[2007/10/26 17:20:58, 0] lib/smbldap.c:fetch_ldap_pw(312)
fetch_ldap_pw: neither ldap secret retrieved!
[2007/10/26 17:20:58, 0] lib/smbldap.c:smbldap_connect_system(81 2)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2007/10/26 17:20:58, 1] lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 13 try!
[2007/10/26 17:20:59, 0] lib/smbldap.c:fetch_ldap_pw(312)
fetch_ldap_pw: neither ldap secret retrieved!
[2007/10/26 17:20:59, 0] lib/smbldap.c:smbldap_connect_system(81 2)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2007/10/26 17:20:59, 1] lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 14 try!
[2007/10/26 17:21:00, 0] lib/smbldap.c:fetch_ldap_pw(312)
fetch_ldap_pw: neither ldap secret retrieved!
[2007/10/26 17:21:00, 0] lib/smbldap.c:smbldap_connect_system(81 2)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2007/10/26 17:21:00, 1] lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 15 try!
[2007/10/26 17:21:01, 0] lib/smbldap.c:fetch_ldap_pw(312)
fetch_ldap_pw: neither ldap secret retrieved!
[2007/10/26 17:21:01, 0] lib/smbldap.c:smbldap_connect_system(81 2)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2007/10/26 17:21:01, 1] lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 16 try!
[2007/10/26 17:21:02, 0] lib/smbldap.c:fetch_ldap_pw(312)
fetch_ldap_pw: neither ldap secret retrieved!
[2007/10/26 17:21:02, 0] lib/smbldap.c:smbldap_connect_system(81 2)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2007/10/26 17:21:02, 0] passdb/pdb_ldap.c:ldapsam_search_one_group (1982)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out)


Desde ja agradeço

[andunno]

gilmarcabral,

Apague o arquivo /etc/samba/secrets.tdb e em seguida digite o seguinte comando:

# smbpasswd -w <senha_admin_ldap>

Acredito que isso deve resolver seu problema.