论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2012-03-27 17:26 |只看该作者 |倒序浏览

本帖最后由 TOLLY 于 2012-03-27 17:30 编辑

之前服务器是R8.2+Samba3.5+LDAP的，后来换了新服务器就重新安装了个R9.0+Samba3.6.3+LDAP。
问题就来了，因为升级到3.6后，idmap有重大变更，我重写了idmap部分的配置，但还是不成功。
故障现象为XP的client不能登录，可以访问共享目录，但原来可以读写的目录变为只读。
如果降级为3.5，用回原来的配置文件，一切正常...

在网上爬了一天了，没搜索到有用的信息，真是晕菜了。。。

以下为log.nmbd的出错提示：

[2012/03/27 17:10:21, 0] lib/charcnv.c:543(convert_string_talloc)
Conversion error: Illegal multibyte sequence()
[2012/03/27 17:10:21, 1] ../librpc/ndr/ndr.c:414(ndr_pull_error)
ndr_pull_error(5): Bad character conversion with flags 0x400042
[2012/03/27 17:10:21, 1] nmbd/nmbd_processlogon.c:353(process_logon_packet)
process_logon_packet: Failed to pull logon packet

复制代码

以下为smb.conf的配置

[global]
dos charset = cp936
unix charset = cp936
display charset = cp936
workgroup = XXX
server string = XXX's Server
interfaces = em0, lo0
bind interfaces only = Yes
passdb backend = ldapsam:ldap://127.0.0.1
pam password change = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
client use spnego principal = Yes
send spnego principal = Yes
syslog = 0
log file = /var/log/samba/%m
max log size = 200
smb ports = 139
min receivefile size = 16384
name resolve order = lmhosts bcast host
time server = Yes
deadtime = 120
load printers = No
printcap name = /etc/printcap
disable spoolss = Yes
add user script = /usr/local/sbin/smbldap-useradd -m %u
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd -p %g
delete group script = /usr/local/sbin/smbldap-groupdel %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
add machine script = /usr/local/sbin/smbldap-useradd -w %m
logon script = logon.bat
logon path = \\%L\Profiles\%U
logon drive = U:
logon home = \\%L\home\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=Manager,dc=xxx,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=xxx,dc=com
ldap ssl = no
ldap user suffix = ou=People
remote announce = 192.168.11.255/ASA
socket address = 192.168.11.8
#//以下为升级到3.6添加部分
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config XXX : range = 10000-500000
idmap config XXX : ldap_url = ldap://127.0.0.1
idmap config XXX : ldap_user_dn = cn=Manager,dc=xxx,dc=com
idmap config XXX : ldap_base_dn = ou=Idmap,dc=xxx,dc=com
idmap config XXX : default = yes
idmap config XXX : readonly = no
idmap config XXX : backend = ldap
ldapsam:editposix = yes
ldapsam:trusted = yes
idmap config * : backend = ldap
#//以上为升级到3.6添加部分
#//以下为3.5版本的相应idmap部分
# idmap backend = ldap:ldap://127.0.0.1
# idmap uid = 10000-500000
# idmap gid = 10000-500000
#//以上为3.5版本的相应idmap部分
hosts allow = 192.168.11., 127.
aio read size = 16384
aio write size = 16384
aio write behind = /*.tmp/*.bak/*.psd/*.ac$/
ea support = Yes
map acl inherit = Yes
use sendfile = Yes
map archive = No
map readonly = no
store dos attributes = Yes
[netlogon]
comment = Network Logon Service
path = /pub/netlogon
write list = root
read only = No
create mask = 0444
guest ok = Yes
browseable = No
locking = No
root preexec = /usr/home/root/sh/mkhome.sh
[Profiles]
comment = Network Profiles Service
path = /pub/Profiles
read only = No
create mask = 0600
directory mask = 0700
profile acls = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
browseable = No
#以下省略....

复制代码

文库|博客

返回列表

Chinaunix › 论坛 › 操作系统 › BSD › 求助关于Samba3.6.3作PDC,Winxp不能正常登录的问题

[FreeBSD] 求助关于Samba3.6.3作PDC,Winxp不能正常登录的问题 [复制链接]