+ Responder ao Tópico



  1. #1

    Thumbs down Ldap + samba 10 x 0 estou jogado a toalha.

    Amigos decidi apelar para vc´s estou tomando uma surra muito grande para fazer funcionar o Ldap + Samba PDC já tentei no Ubuntu-Server 8.04 TLS, Ubuntu-Server 9.04 e Debian 5 em todos eu morro na praia, quando chega na hora de popular sempre acotece erros por exemplo:

    server01:/usr/share/doc/smbldap-tools/examples# smbldap-populate
    Populating LDAP directory for domain ccbsist.net (S-1-5-21-15483983-150619718-2040496312)
    (using builtin directory structure)
    adding new entry: dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 7.
    adding new entry: ou=Usuarios,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 12.
    adding new entry: ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 17.
    adding new entry: ou=Computadores,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 22.
    adding new entry: ou=Idmap,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 27.
    adding new entry: uid=root,ou=Usuarios,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 58.
    adding new entry: uid=nobody,ou=Usuarios,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 89.
    adding new entry: cn=Domain Admins,ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 101.
    adding new entry: cn=Domain Users,ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 112.
    adding new entry: cn=Domain Guests,ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 123.
    adding new entry: cn=Domain Computers,ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 134.
    adding new entry: cn=Administrators,ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 179.
    adding new entry: cn=Account Operators,ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 201.
    adding new entry: cn=Print Operators,ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 212.
    adding new entry: cn=Backup Operators,ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 223.
    adding new entry: cn=Replicators,ou=Grupos,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 234.
    adding new entry: cn=NextFreeUnixId,dc=ccbsist,dc=net
    failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 241.
    Please provide a password for the domain root:
    No such object at /usr/share/perl5/smbldap_tools.pm line 353.
    server01:/usr/share/doc/smbldap-tools/examples#

    Já peguei varios tutoriais a respeito e não consigo ganhar do ldap, alguémque tenha conheceimento poderis por favor ajudar-me.

    Tutoriais que já tentei usa-los
    Samba com LDAP

    InstalacaoLdapSamba < GrupoLinux < TWiki

    Conto com a colaboração de todos.

    Abraço

    Valdir
    msn [email protected]

  2. #2

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    vamo devagar o erro e pq ele esta exigindo autenticação.

    passa pra nos a configuração do slapd.conf e o ldap.conf

    outro detalhe vc fez alterações no smbldap.conf ???



  3. #3

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    Citação Postado originalmente por noir Ver Post
    vamo devagar o erro e pq ele esta exigindo autenticação.

    passa pra nos a configuração do slapd.conf e o ldap.conf

    outro detalhe vc fez alterações no smbldap.conf ???
    blz amigo,comop vc mesmo disse, vamos por parte, segue abaixo as configurações dos arquivos:

    /etc/ldap/slapd.conf


    # Allow LDAPv2 binds
    allow bind_v2

    # Schema and objectClass definitions

    include /etc/ldap/schema/core.schema
    include /etc/ldap/schema/cosine.schema
    include /etc/ldap/schema/nis.schema
    include /etc/ldap/schema/inetorgperson.schema
    include /etc/ldap/schema/samba.schema
     
    # Where the pid file is put. The init.d script
    # will not stop the server if you change this.

    pidfile /var/run/slapd/slapd.pid

    # List of arguments that were passed to the server
    argsfile /var/run/slapd/slapd.args
    # Read slapd.conf(5) for possible values
    loglevel 256

    # Where the dynamically loaded modules are stored
    modulepath /usr/lib/ldap
    moduleload back_bdb

    # The maximum number of entries that is returned for a search operation
    sizelimit 500
    # The tool-threads parameter sets the actual amount of cpu's that is used
    # for indexing.
    tool-threads 1

    #######################################################################
    # Specific Backend Directives for bdb:
    # Backend specific directives apply to this backend until another
    # 'backend' directive occurs
    backend bdb
    database bdb
    suffix "dc=ccbsist,dc=net"

    rootdn "cn=admin,dc=ccbsist,dc=net"
    rootpw "{SSHA}MhedEvUWLHiBVuC0HakWhN/bDl1P+hSB"

    directory "/var/lib/ldap"
    dbconfig set_cachesize 0 2097152 0
    dbconfig set_lk_max_objects 1500
    dbconfig set_lk_max_locks 1500
    dbconfig set_lk_max_lockers 1500

    index objectClass eq
    index uid,uidNumber,gidNumber,memberUid eq
    index cn,mail,surname,givenname eq,subinitial
    index sambaSID eq
    index sambaPrimaryGroupSID eq
    index sambaDomainName eq

    lastmod on

    checkpoint 512 30

    access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
    by dn="cn=admin,dc=ccbsist,dc=net" write
    by anonymous auth
    by self write
    by * none

    access to dn.base="" by * read

    access to *
    by dn="cn=admin,dc=ccbsist,dc=net" write
    by * read


    Segue os demais a baixo:

    Abraços
    Última edição por gamaj1; 28-04-2010 às 23:27.

  4. #4

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    /etc/ldap/ldap.conf

    host 127.0.0.1
    # The distinguished name of the search base.
    base dc=ccbsist,dc=net
    #uri ldap://127.0.0.1/
    #uri ldaps://127.0.0.1/
    #uri ldapi://%2fvar%2frun%2fldapi_sock/
    ldap_version 3
    #binddn cn=proxyuser,dc=padl,dc=com
    #bindpw secret
    #rootbinddn cn=admin,dc=ccbsist,dc=net
    #port 389
    #scope sub
    #scope one
    #scope base
    #timelimit 30
    #bind_timelimit 30
    #bind_policy hard
    #idle_timelimit 3600
    #pam_filter objectclass=account
    #pam_login_attribute uid
    #pam_lookup_policy yes
    #pam_check_host_attr yes
    #pam_check_service_attr yes
    #pam_groupdn cn=PAM,ou=Groups,dc=ccbsist,dc=net
    #pam_member_attribute uniquemember
    #pam_min_uid 0
    #pam_max_uid 0
    #pam_login_attribute userPrincipalName
    #pam_template_login_attribute uid
    #pam_template_login nobody
    #pam_password clear
    #pam_password crypt
    #pam_password clear_remove_old
    #pam_password nds
    #pam_password racf
    #pam_password ad
    #pam_password exop
    #pam_password_prohibit_message Please visit http://internal to change your password.

    # nss_base_passwd ou=People,
    # to append the default base DN but this

    #nss_base_passwd ou=People,dc=ccbsist,dc=net?one
    #nss_base_shadow ou=People,dc=ccbsit,dc=net?one
    #nss_base_group ou=Group,dc=ccbsit,dc=net?one
    #nss_base_hosts ou=Hosts,dc=ccbsist,dc=net?one
    #nss_base_services ou=Services,dc=ccbsist,dc=net?one
    #nss_base_networks ou=Networks,dc=ccbsist,dc=net?one
    #nss_base_protocols ou=Protocols,dc=ccbsist,dc=net?one
    #nss_base_rpc ou=Rpc,dc=ccbsist,dc=net?one
    #nss_base_ethers ou=Ethers,dc=ccbsist,dc=net?one
    #nss_base_netmasks ou=Networks,dc=ccbsist,dc=net?ne
    #nss_base_bootparams ou=Ethers,dc=ccbsist,dc=net?one
    #nss_base_aliases ou=Aliases,dc=ccbsist,dc=net?one
    #nss_base_netgroup ou=Netgroup,dc=ccbsist,dc=net?one
    #nss_map_attribute rfc2307attribute mapped_attribute
    #nss_map_objectclass rfc2307objectclass mapped_objectclass
    #nss_map_attribute uniqueMember member
    # Services for UNIX 3.5 mappings
    #nss_map_objectclass posixAccount User
    #nss_map_objectclass shadowAccount User
    #nss_map_attribute uid msSFU30Name
    #nss_map_attribute uniqueMember msSFU30PosixMember
    #nss_map_attribute userPassword msSFU30Password
    #nss_map_attribute homeDirectory msSFU30HomeDirectory
    #nss_map_attribute homeDirectory msSFUHomeDirectory
    #nss_map_objectclass posixGroup Group
    #pam_login_attribute msSFU30Name
    #pam_filter objectclass=User
    #pam_password ad
    # configure --enable-mssfu-schema is no longer supported.
    # Services for UNIX 2.0 mappings
    #nss_map_objectclass posixAccount User
    #nss_map_objectclass shadowAccount user
    #nss_map_attribute uid msSFUName
    #nss_map_attribute uniqueMember posixMember
    #nss_map_attribute userPassword msSFUPassword
    #nss_map_attribute homeDirectory msSFUHomeDirectory
    #nss_map_attribute shadowLastChange pwdLastSet
    #nss_map_objectclass posixGroup Group
    #nss_map_attribute cn msSFUName
    #pam_login_attribute msSFUName
    #pam_filter objectclass=User
    #pam_password ad
    # RFC 2307 (AD) mappings
    #nss_map_objectclass posixAccount user
    #nss_map_objectclass shadowAccount user
    #nss_map_attribute uid sAMAccountName
    #nss_map_attribute homeDirectory unixHomeDirectory
    #nss_map_attribute shadowLastChange pwdLastSet
    #nss_map_objectclass posixGroup group
    #nss_map_attribute uniqueMember member
    #pam_login_attribute sAMAccountName
    #pam_filter objectclass=User
    #pam_password ad
    #nss_map_attribute userPassword authPassword
    # AIX SecureWay mappings
    #nss_map_objectclass posixAccount aixAccount
    #nss_base_passwd ou=aixaccount,?one
    #nss_map_attribute uid userName
    #nss_map_attribute gidNumber gid
    #nss_map_attribute uidNumber uid
    #nss_map_attribute userPassword passwordChar
    #nss_map_objectclass posixGroup aixAccessGroup
    #nss_base_group ou=aixgroup,?one
    #nss_map_attribute cn groupName
    #nss_map_attribute uniqueMember member
    #pam_login_attribute userName
    #pam_filter objectclass=aixAccount
    #pam_password clear
    #ssl on
    #sslpath /etc/ssl/certs
    #ssl start_tls
    #ssl on
    #tls_checkpeer yes
    #tls_cacertfile /etc/ssl/ca.cert
    #tls_cacertdir /etc/ssl/certs
    #tls_randfile /var/run/egd-pool
    #tls_ciphers TLSv1
    #tls_cert
    #tls_key
    #sasl_secprops maxssf=0
    #krb5_ccname FILE:/etc/.ldapcache
    #pam_sasl_mech DIGEST-MD5

    Segue o ultimo arquivo.
    Última edição por gamaj1; 28-04-2010 às 22:16.



  5. #5

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    /etc/smbldap-tools/smbldap.conf


    ##############################################################################
    #
    # General Configuration
    #
    ##############################################################################
    SID="S-1-5-21-15483983-150619718-2040496312"
    sambaDomain="ccbsist.net"
    ##############################################################################
    #
    # LDAP Configuration
    #
    ##############################################################################
    slaveLDAP="127.0.0.1"
    slavePort="389"
    masterLDAP="127.0.0.1"
    masterPort="389"
    ldapTLS="0"
    verify=""
    cafile=""
    clientcert=""
    clientkey=""
     
    suffix="dc=ccbsist,dc=net"
    usersdn="ou=Usuarios,${suffix}"
    computersdn="ou=Computadores,${suffix}"
    groupsdn="ou=Grupos,${suffix}"
    idmapdn="ou=Idmap,${suffix}"
    sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
    scope="sub"
    hash_encrypt="SSHA"
    crypt_salt_format=""
    ##############################################################################
    #
    # Unix Accounts Configuration
    #
    ##############################################################################
    userLoginShell="/bin/bash"
    userHome="/home/%U"
    userHomeDirectoryMode="700"
    userGecos="System User"
    defaultUserGid="513"
    defaultComputerGid="515"
    skeletonDir="/etc/skel"
    defaultMaxPasswordAge="45"
    ##############################################################################
    #
    # SAMBA Configuration
    #
    ##############################################################################
    userSmbHome="\\server01\%U"
    userProfile="\\server01\%U"
    userHomeDrive="H:"
    #userScript="script.bat"
    #mailDomain="idealx.com"
    ##############################################################################
    #
    # SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
    #
    ##############################################################################
    with_smbpasswd="0"
    smbpasswd="/usr/bin/smbpasswd"
    with_slappasswd="0"
    slappasswd="/usr/sbin/slappasswd"
    # no_banner="1"

    Fim dos arquivos.

  6. #6

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    Fiz alguma alteração e jáaparece a solicitação de autenticação,mas ainda tem erros:

    server01:~# /usr/sbin/smbldap-populate
    Populating LDAP directory for domain ccbsist.net (S-1-5-21-15483983-150619718-2040496312)
    (using builtin directory structure)
    entry dc=ccbsist,dc=net already exist.
    entry ou=Usuarios,dc=ccbsist,dc=net already exist.
    entry ou=Grupos,dc=ccbsist,dc=net already exist.
    entry ou=Computadores,dc=ccbsist,dc=net already exist.
    entry ou=Idmap,dc=ccbsist,dc=net already exist.
    entry uid=root,ou=Usuarios,dc=ccbsist,dc=net already exist.
    entry uid=nobody,ou=Usuarios,dc=ccbsist,dc=net already exist.
    entry cn=Domain Admins,ou=Grupos,dc=ccbsist,dc=net already exist.
    entry cn=Domain Users,ou=Grupos,dc=ccbsist,dc=net already exist.
    entry cn=Domain Guests,ou=Grupos,dc=ccbsist,dc=net already exist.
    entry cn=Domain Computers,ou=Grupos,dc=ccbsist,dc=net already exist.
    entry cn=Administrators,ou=Grupos,dc=ccbsist,dc=net already exist.
    entry cn=Account Operators,ou=Grupos,dc=ccbsist,dc=net already exist.
    entry cn=Print Operators,ou=Grupos,dc=ccbsist,dc=net already exist.
    entry cn=Backup Operators,ou=Grupos,dc=ccbsist,dc=net already exist.
    entry cn=Replicators,ou=Grupos,dc=ccbsist,dc=net already exist.
    adding new entry: cn=NextFreeUnixId,dc=ccbsist,dc=net
    failed to add entry: attribute 'sambaNextRid' not allowed at /usr/sbin/smbldap-populate line 499, <GEN1> line 241.
    Please provide a password for the domain root:
    Changing UNIX and samba passwords for root
    New password:

    o que será agora?



  7. #7

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    kra vamos fazer algumas alterações mais leves. para testarmos no arquivo slapd.conf deixe ele assim:


    include /etc/ldap/schema/core.schema
    include /etc/ldap/schema/cosine.schema
    include /etc/ldap/schema/nis.schema
    include /etc/ldap/schema/inetorgperson.schema
    include /etc/ldap/schema/samba.schema

    argsfile /var/run/slapd/slapd.args

    database bdb
    suffix "o=ccbsist"
    rootdn "cn=admin,o=ccbsist"
    rootpw linux (ou outra senha sem criptografar)
    directory /var/openldap-data (aqui e o caminho onde vc vai salvar a base eu particularmente uso esse)

    index objecClass eq

    depois entre no ldap.conf

    e deixe ele assim:

    HOST 127.0.0.1
    BASE o=ccbsist

    depois disso vamos criar um arquivo chamado ccbsist.ldif com o seguinte conteudo.

    dn: o=ccbsist
    o: ccbsist
    objectClass: top
    objectClass: organization
    objectClass: domainRelatedObject
    associatedDomain: ccbsist.net

    dn: ou=Computadores,o=ccbsist
    ou: Computadores
    objectClass: top
    objectClass: organizationalUnit
    objectClass: domainRelatedObject
    associatedDomain: ccbsist.net

    dn: ou=Usuarios,o=ccbsist
    ou: Usuarios
    objectClass: top
    objectClass: organizationalUnit
    objectClass: domainRelatedObject
    associatedDomain: ccbsist

    dn: ou=Grupos,o=ccbsist
    ou: Grupos
    objectClass: top
    objectClass: organizationalUnit
    objectClass: domainRelatedObject
    associatedDomain: ccbsist.net

    dn: ou=Idmap,o=ccbsist
    objectClass: organizationalUnit
    objectClass: sambaUnixIdPool
    ou: Idmap
    uidNumber: 10000
    gidNumber: 10000

    dn: cn=NextFreeUnixId,ou=Idmap,o=ccbsist
    cn: NextFreeUnixId
    objectClass: inetOrgPerson
    objectClass: sambaUnixIdPool
    uidNumber: 1012
    gidNumber: 1000
    sn: NextFreeUnixId


    um detalhe importante respeite os espaços entre cada bloco de texto sem espaço vai dar erro.

    se vc seguir o padrao que eu uso vc vai ter q criar a pasta /var/openldap-data e tambem mudar o dono dela com os seguintes comandos.

    mkdir /var/openldap-data
    chown ldap.ldap /var/openldap-data -R

    depois inicialize o ldap podemos ver se ele esta no ar com os seguintes comandos.

    ps aux |grep slapd e tambem o netstat -an |grep :389

    depois de confirmado vamos importar o arquivo ldif com o comando ldapadd -x -D cn=admin,o=ccbsist -W -f ccbsist.ldif (agora ele vai te pedir a senha que vc configurou no arquivo slapd.conf), se tudo sair certo ele tem q da uma saida assim

    adding new entry "o=ccbsist"
    adding new entry "ou=Computadores,o=ccbsist"
    adding new entry "ou=Usuarios,o=ccbsist"
    adding new entry "ou=Grupos,o=ccbsist"

    depois da o comando ldapsearch -x e veja a saida completa.

    repare q eu nao usei o populate pra mim ele enche de lixo a base prefiro criar tudo na mão para evitar bagunça e lixo desnecessario.

    qualquer coisa posta ai abraços !!!!

  8. #8

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    Ola amigão, fiz o que vc me pediou, mas quando tentei levanta o ldap deu erro mais descobrir com o comando:

    #slapd -d 16383

    Ficou faltado o adcionar a linha abaixo no slapd.conf

    backend bdb

    Só que quando executo os comandos abaixo nada aparece:

    server01:~# ps aux |grep slapd
    root 28287 0.0 0.0 3140 756 pts/0 R<+ 12:54 0:00 grep slapd
    server01:~#

    server01:~# netstat -an |grep :389
    server01:~#

    Parece que não esta segurando o ldap, mesmo que não apareça erro quando start mas o processo não levanta.

    server01:~# /etc/init.d/slapd restart
    Stopping OpenLDAP: slapd.
    Starting OpenLDAP: slapd.
    server01:~#

    EDITADO: Já resolvido a prte de inicialização do ldap, estava faltando alguns paramentros no arquivos sldap.conf tipo:

    dbconfig set_cachesize 0 2097152 0
    dbconfig set_lk_max_objects 1500
    dbconfig set_lk_max_locks 1500
    dbconfig set_lk_max_lockers 1500

    Prosegui conforme sua dica e veja como ficou:

    server01:/etc/ldap# ldapadd -x -D cn=admin,o=ccbsist -W -f ccbsist.ldif
    Enter LDAP Password:
    adding new entry "o=ccbsist"
    adding new entry "ou=Computadores,o=ccbsist"
    adding new entry "ou=Usuarios,o=ccbsist"
    adding new entry "ou=Grupos,o=ccbsist"
    adding new entry "ou=Idmap,o=ccbsist"
    adding new entry "cn=NextFreeUnixId,ou=Idmap,o=ccbsis t"
    ldap_add: Server is unwilling to perform (53)
    additional info: no global superior knowledge
    server01:/etc/ldap#

    server01:/etc/ldap# ldapsearch -x
    # extended LDIF
    #
    # LDAPv3
    # base <o=ccbsist> (default) with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #
    # ccbsist
    dn: o=ccbsist
    o: ccbsist
    objectClass: top
    objectClass: organization
    objectClass: domainRelatedObject
    associatedDomain: ccbsist.net

    # Computadores, ccbsist
    dn: ou=Computadores,o=ccbsist
    ou: Computadores
    objectClass: top
    objectClass: organizationalUnit
    objectClass: domainRelatedObject
    associatedDomain: ccbsist.net

    # Usuarios, ccbsist
    dn: ou=Usuarios,o=ccbsist
    ou: Usuarios
    objectClass: top
    objectClass: organizationalUnit
    objectClass: domainRelatedObject
    associatedDomain: ccbsist

    # Grupos, ccbsist
    dn: ou=Grupos,o=ccbsist
    ou: Grupos
    objectClass: top
    objectClass: organizationalUnit
    objectClass: domainRelatedObject
    associatedDomain: ccbsist.net

    # Idmap, ccbsist
    dn: ou=Idmap,o=ccbsist
    objectClass: organizationalUnit
    objectClass: sambaUnixIdPool
    ou: Idmap
    uidNumber: 10000
    gidNumber: 10000

    # search result
    search: 2
    result: 0 Success

    # numResponses: 6
    # numEntries: 5
    server01:/etc/ldap#

    Mas só com esse conteudo no /etc/ldap/slapd.conf é suficiente para funciona com o Samba PDC, não terá que implentar mais nada no arquivo /etc/ldap/slapd.conf ?

    Como ficaria esta parte:

    # Indexing options for database #1
    index objectClass eq
    index uid,uidNumber,gidNumber,memberUid eq
    index cn,mail,surname,givenname eq,subinitial
    index sambaSID eq
    index sambaPrimaryGroupSID eq
    index sambaDomainName eq

    access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
    by dn="cn=admin,dc=ccbsist,dc=net" write
    by anonymous auth
    by self write
    by * none

    access to dn.base="" by * read

    access to *
    by dn="cn=admin,dc=ccbsist,dc=net" write
    by * read


    Mais um duivida como vou indexar usando o coando abaixo aparece isso, é normal?

    server01:/etc/ldap# slapindex -v
    WARNING!
    Runnig as root!
    There's a fair chance slapd will fail to start.
    Check file permissions!
    indexing id=00000001
    indexing id=00000002
    indexing id=00000003
    indexing id=00000004
    indexing id=00000005
    server01:/etc/ldap#

    Abraço
    Última edição por gamaj1; 29-04-2010 às 17:18.



  9. #9

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    sim agora a sua base ldap jah esta configurada e funcionando agora vc tem q configurar o samba para acessar o ldap qualquer coisa posta ai que eu te ajudo a resolver os problemas que aparecem.

    eu uso o centos 5.4 pra fazer isso no debian ubunto e similares eu nao montei o samba+ldap

  10. #10

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    como eu faço para deletar a base que foi criada eu tente com o comando abaixo, mas não estou conseguindo, pois preciso recriar a base, já que digitei alguma coisas errado.

    server01:~# ldapdelete -v -x -D "cn=admin,o=ccbsist" -W -f /etc/ldap/deletado.ldif
    ldap_initialize( <DEFAULT> )
    Enter LDAP Password:
    deleting entry "cn=ccbsist"
    ldap_delete: Server is unwilling to perform (53)
    additional info: no global superior knowledge
    server01:~#

    o arquivo delete.ldif tem só uma linha assim:

    cn=ccbsist


    Mas está dando erro, vc saber como delatar a base?

    Outra coisa. visto que vc esta usando nos arquivos do /etc/ldap/slapd.conf

    suffix "o=ccbsist"
    rootdn "cn=admin,o=ccbsist"

    No samba e no /etc/smbldap-tools/smbldap.conf como ficaria os arquivos?

    exemplo do samba

    passdb backend = ldapsam:ldap://127.0.0.1
    ldap passwd sync = yes
    ldap delete dn = Yes
    # Especifique o seu domínio
    ldap admin dn = cn=admin,o=ccbsist
    ldap suffix = o=ccbsist
    ldap machine suffix = ou=Computadores
    ldap user suffix = ou=Usuarios
    ldap group suffix = ou=Grupos
    ldap idmap suffix = ou=Idmap

    Já que todos so arquivos aqui eu tinha deixado conforme abaixo.

    dc=ccbsist,dc=net

    E vc esta usando desta forma o=ccbsist qual é a diferença?

    Amigo vc esta ajudando muito, vc tem msn ou skype?

    Abraço



  11. #11

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    e soh entrar onde vc crio a base e deletar ela.

    ex: se vc criou em /var/openldap-data

    entre na pasta e digite rm -rf * "MAS LEMBRE-SE DENTRO DA PASTA !!!!!"

    PARA SABER EM QUAL PASTA VC ESTA UTILIZE O COMANDO PWD.

    o comando rm -rf * vai deletar tudo que esta na pasta. para saber o caminho e soh olhar no arquivo slapd.conf abraços !!!!

  12. #12

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    Esta faltando pouco para tudo funcionar, aa não migrei a base do samba pdc do servidor antigo para este novo servidor, então tentei fazer um testep criando um usuario tanto pelo phpldapadmin e pela linha de comando.

    Pelo phpldapadmin não está criando o usuario, mas também não informa nenhum erro.
    Já pela linha de comado executadno o comando abaixo acontece este erro:

    server01:~# smbldap-useradd -g 513 -m -a -P -c "Valdir" jgama

    error looking for next uid in cn=NextFreeUnixId,dc=opcaolinux,dc=net:No such object at /usr/share/perl5/smbldap_tools.pm line 1071.

    O que falata para resoler esta encrenca, segue abaixo a lista do banco.

    server01:/var/log# ldapsearch -x
    # extended LDIF
    #
    # LDAPv3
    # base <dc=opcaolinux,dc=net> (default) with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #
    # opcaolinux.net
    dn: dc=opcaolinux,dc=net
    dc: opcaolinux
    objectClass: top
    objectClass: domain
    # Computadores, opcaolinux.net
    dn: ou=Computadores,dc=opcaolinux,dc=net
    ou: Computadores
    objectClass: top
    objectClass: organizationalUnit
    # Usuarios, opcaolinux.net
    dn: ou=Usuarios,dc=opcaolinux,dc=net
    ou: Usuarios
    objectClass: top
    objectClass: organizationalUnit
    # Grupos, opcaolinux.net
    dn: ou=Grupos,dc=opcaolinux,dc=net
    ou: Grupos
    objectClass: top
    objectClass: organizationalUnit
    # Idmap, opcaolinux.net
    dn: ou=Idmap,dc=opcaolinux,dc=net
    objectClass: organizationalUnit
    objectClass: sambaUnixIdPool
    ou: Idmap
    uidNumber: 10000
    gidNumber: 10000
    # NextFreeUnixId, Idmap, opcaolinux.net
    dn: cn=NextFreeUnixId,ou=Idmap,dc=opcaolinux,dc=net
    cn: NextFreeUnixId
    objectClass: inetOrgPerson
    objectClass: sambaUnixIdPool
    uidNumber: 1012
    gidNumber: 1000
    sn: NextFreeUnixId

    # OPCAOLINUX, opcaolinux.net
    dn: sambaDomainName=OPCAOLINUX,dc=opcaolinux,dc=net
    sambaDomainName: OPCAOLINUX
    sambaSID: S-1-5-21-1233176227-1070154398-954415409
    sambaAlgorithmicRidBase: 1000
    objectClass: sambaDomain
    sambaNextUserRid: 1000
    sambaMinPwdLength: 5
    sambaPwdHistoryLength: 0
    sambaLogonToChgPwd: 0
    sambaMaxPwdAge: -1
    sambaMinPwdAge: 0
    sambaLockoutDuration: 30
    sambaLockoutObservationWindow: 30
    sambaLockoutThreshold: 0
    sambaForceLogoff: -1
    sambaRefuseMachinePwdChange: 0
    # search result
    search: 2
    result: 0 Success
    # numResponses: 8
    # numEntries: 7
    server01:/var/log# q!

    Abraço
    Última edição por gamaj1; 08-05-2010 às 12:49.



  13. #13
    Não Registrado(s)
    Visitante

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    Citação Postado originalmente por gamaj1 Ver Post
    Esta faltando pouco para tudo funcionar, aa não migrei a base do samba pdc do servidor antigo para este novo servidor, então tentei fazer um testep criando um usuario tanto pelo phpldapadmin e pela linha de comando.

    Pelo phpldapadmin não está criando o usuario, mas também não informa nenhum erro.
    Já pela linha de comado executadno o comando abaixo acontece este erro:

    ...
    ...
    server01:/var/log# q!

    Abraço
    Caro Colega ,
    qual sistema esta usando ? debian, ubuntu, Centos, recomendo Debian ou Centos.

    Debian
    Instalando Samba com LDAP - guggo | Google Groups

    Centos estou terminado uns aqui, ja algum tempo,, logo posso postar tb.

    ate+ e boa sorte

    Alex Silva

  14. #14

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    vixi meu rei desculpe pela demora na resposta. pra te ser sincero passei um tempo fora do mundo virtual.

    bom vc configurou o samba com o ldap sobre a criação de usuario eu realmente so consigo criar via linha de comando eu costumo usar o ldap account manager por ser simples o processo de mudar de grupo etc...

    sobre o erro vc reparou que tem um espaço sinistro ?uid in cn=NextFreeUnixId,dc=opcaolinu x,dc=n
    acredito que o erro esteja ai da uma olhada na configuração do seu smbldap-tools.



  15. #15

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    Amigo,

    Provavelmente não existe nada de errado com sua instalação, tive inúmeros problemas com versões recentes do OpenLDAP e apanhei até encontrar a solução.

    Execute o seguinte comando e verifique a saída:

    # ps aux | grep slapd

    Deverá constar a linha de inicialização do OpenLDAP, observe a sintaxe:
    ... -F "diretório de configuração" ou
    ... -f "arquivo de configuração"

    acontece que as versões mais recentes do ldap carregam suas bases lendo uma estrutura de diretórios e no meu caso minhas configurações estavam no arquivo slapd.conf. Experimente renomear ou remover o diretório de configuração, reiniciar o serviço do ldap e popular novamente a base.

  16. #16

    Padrão Re: Ldap + samba 10 x 0 estou jogado a toalha.

    Cara tenta colocar a senha do admin do samba no secrets.tdb, ai depois disso vc tenta popular novamente o ldap!!

    smbpasswd -w senha

    espero ter ajudado!!!