免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 2062 | 回复: 0

[ldap] 当我sudo smbldap-groupadd -a u3时出错 [复制链接]

论坛徽章:
0
发表于 2016-11-15 02:55 |显示全部楼层
安装命令:

sudo apt-get install samba slapd ldap-utils

OS: Ubuntu 14.04

当我

sudo smbldap-groupadd -a u1

时出错:

Failed to find sambaDomain object to get sambaAlgorithmicRidBase

当我

sudo smbldap-useradd -a -g 1005 u1

时出错:

Error: SID not set for unix group 1005
check if your unix group is mapped to an NT group


我执行smbldap-populate是成功的

[size=200%]smb.conf:

  1. [global]
  2.    workgroup = DOMSMB
  3.    netbios name = PDC-SRV

  4.    deadtime = 10

  5.    log level = 1
  6.    log file = /var/log/samba/log.%m
  7.    max log size = 5000
  8.    debug pid = yes
  9.    debug uid = yes
  10.    syslog = 0
  11.    utmp = yes

  12.    security = user
  13.    domain logons = yes
  14.    os level = 64
  15.    logon path =
  16.    logon home =
  17.    logon drive =
  18.    logon script =

  19.    passdb backend = ldapsam:"ldap://ldap.example.com/"
  20.    ldap ssl = start tls
  21.    ldap admin dn = cn=Manager,dc=example,dc=com
  22.    ldap delete dn = no

  23.    ## Sync UNIX password with Samba password
  24.    ## Method 1:
  25.    ldap password sync = yes
  26.    ## Method 2:
  27.    ;ldap password sync = no
  28.    ;unix password sync = yes
  29.    ;passwd program = /usr/sbin/smbldap-passwd -u '%u'
  30.    ;passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

  31.    ldap suffix = dc=example,dc=com
  32.    ldap user suffix = ou=Users
  33.    ldap group suffix = ou=Groups
  34.    ldap machine suffix = ou=Computers
  35.    ldap idmap suffix = ou=Idmap

  36.    add user script = /usr/sbin/smbldap-useradd -m '%u' -t 1
  37.    rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
  38.    delete user script = /usr/sbin/smbldap-userdel '%u'
  39.    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
  40.    add group script = /usr/sbin/smbldap-groupadd -p '%g'
  41.    delete group script = /usr/sbin/smbldap-groupdel '%g'
  42.    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
  43.    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
  44.    add machine script = /usr/sbin/smbldap-useradd -w '%u' -t 1

  45.    server role = classic primary domain controller
  46.    domain master = yes

  47. [NETLOGON]
  48.    path = /var/lib/samba/netlogon
  49.    browseable = no
  50.    share modes = no

  51. [PROFILES]
  52.    path = /var/lib/samba/profiles
  53.    browseable = no
  54.    writeable = yes
  55.    create mask = 0611
  56.    directory mask = 0700
  57.    profile acls = yes
  58.    csc policy = disable
  59.    map system = yes
  60.    map hidden = yes

  61. [share]
  62.    comment = share
  63.    path = /home/xxx/data/share
  64.    valid users = xxx
  65.    write list = xxx
  66.    force user = xxx
  67.    create mask = 0754
  68.    sync always = Yes
  69. ;   hide dot files = yes
  70. ;   writeable = no
  71. ;   browseable = yes
复制代码

[size=200%]smbldap.conf:
  1. # $Id: smbldap.conf 139 2012-08-07 11:11:37Z fumiyas $
  2. #
  3. # smbldap-tools.conf : Q & D configuration file for smbldap-tools

  4. #  This code was developped by IDEALX (http://IDEALX.org/) and
  5. #  contributors (their names can be found in the CONTRIBUTORS file).
  6. #
  7. #                 Copyright (C) 2001-2002 IDEALX
  8. #
  9. #  This program is free software; you can redistribute it and/or
  10. #  modify it under the terms of the GNU General Public License
  11. #  as published by the Free Software Foundation; either version 2
  12. #  of the License, or (at your option) any later version.
  13. #
  14. #  This program is distributed in the hope that it will be useful,
  15. #  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17. #  GNU General Public License for more details.
  18. #
  19. #  You should have received a copy of the GNU General Public License
  20. #  along with this program; if not, write to the Free Software
  21. #  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
  22. #  USA.

  23. #  Purpose :
  24. #       . be the configuration file for all smbldap-tools scripts

  25. ##############################################################################
  26. #
  27. # General Configuration
  28. #
  29. ##############################################################################

  30. # Put your own SID. To obtain this number do: "net getlocalsid".
  31. # If not defined, parameter is taking from "net getlocalsid" return
  32. SID="S-1-5-21-705612041-1564776041-3365041612"

  33. # Domain name the Samba server is in charged.
  34. # If not defined, parameter is taking from smb.conf configuration file
  35. # Ex: sambaDomain="IDEALX-NT"
  36. #sambaDomain="DOMSMB"

  37. ##############################################################################
  38. #
  39. # LDAP Configuration
  40. #
  41. ##############################################################################

  42. # Notes: to use to dual ldap servers backend for Samba, you must patch
  43. # Samba with the dual-head patch from IDEALX. If not using this patch
  44. # just use the same server for slaveLDAP and masterLDAP.
  45. # Those two servers declarations can also be used when you have
  46. # . one master LDAP server where all writing operations must be done
  47. # . one slave LDAP server where all reading operations must be done
  48. #   (typically a replication directory)

  49. # Slave LDAP server URI
  50. # Ex: slaveLDAP=ldap://slave.ldap.example.com/
  51. # If not defined, parameter is set to "ldap://127.0.0.1/"
  52. slaveLDAP="ldap://127.0.0.1/"

  53. # Master LDAP server URI: needed for write operations
  54. # Ex: masterLDAP=ldap://master.ldap.example.com/
  55. # If not defined, parameter is set to "ldap://127.0.0.1/"
  56. masterLDAP="ldap://127.0.0.1/"

  57. # Use TLS for LDAP
  58. # If set to 1, this option will use start_tls for connection
  59. # (you must also used the LDAP URI "ldap://...", not "ldaps://...")
  60. # If not defined, parameter is set to "0"
  61. ldapTLS="0"

  62. # How to verify the server's certificate (none, optional or require)
  63. # see "man Net::LDAP" in start_tls section for more details
  64. verify="none"

  65. # CA certificate
  66. # see "man Net::LDAP" in start_tls section for more details
  67. #cafile="/etc/smbldap-tools/ca.pem"
  68. cafile=""

  69. # certificate to use to connect to the ldap server
  70. # see "man Net::LDAP" in start_tls section for more details
  71. #clientcert="/etc/smbldap-tools/smbldap-tools.example.com.pem"
  72. clientcert=""

  73. # key certificate to use to connect to the ldap server
  74. # see "man Net::LDAP" in start_tls section for more details
  75. #clientkey="/etc/smbldap-tools/smbldap-tools.example.com.key"
  76. clientkey=""

  77. # LDAP Suffix
  78. # Ex: suffix=dc=IDEALX,dc=ORG
  79. suffix="dc=du,dc=com"

  80. # Where are stored Users
  81. # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
  82. # Warning: if 'suffix' is not set here, you must set the full dn for usersdn
  83. usersdn="ou=Users,${suffix}"

  84. # Where are stored Computers
  85. # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
  86. # Warning: if 'suffix' is not set here, you must set the full dn for computersdn
  87. computersdn="ou=Computers,${suffix}"

  88. # Where are stored Groups
  89. # Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
  90. # Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
  91. groupsdn="ou=Groups,${suffix}"

  92. # Where are stored Idmap entries (used if samba is a domain member server)
  93. # Ex: idmapdn="ou=Idmap,dc=IDEALX,dc=ORG"
  94. # Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
  95. idmapdn="ou=Idmap,${suffix}"

  96. # Where to store next uidNumber and gidNumber available for new users and groups
  97. # If not defined, entries are stored in sambaDomainName object.
  98. # Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
  99. # Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
  100. sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

  101. # Default scope Used
  102. scope="sub"

  103. # Unix password hash scheme (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
  104. # If set to "exop", use LDAPv3 Password Modify (RFC 3062) extended operation.
  105. password_hash="SSHA"

  106. # if password_hash is set to CRYPT, you may set a salt format.
  107. # default is "%s", but many systems will generate MD5 hashed
  108. # passwords if you use "$1$%.8s". This parameter is optional!
  109. password_crypt_salt_format="%s"

  110. ##############################################################################
  111. #
  112. # Unix Accounts Configuration
  113. #
  114. ##############################################################################

  115. # Login defs
  116. # Default Login Shell
  117. # Ex: userLoginShell="/bin/bash"
  118. userLoginShell="/bin/bash"

  119. # Home directory
  120. # Ex: userHome="/home/%U"
  121. userHome="/home/%U"

  122. # Default mode used for user homeDirectory
  123. userHomeDirectoryMode="700"

  124. # Gecos
  125. userGecos="System User"

  126. # Default User (POSIX and Samba) GID
  127. defaultUserGid="513"

  128. # Default Computer (Samba) GID
  129. defaultComputerGid="515"

  130. # Skel dir
  131. skeletonDir="/etc/skel"

  132. # Treat shadowAccount object or not
  133. shadowAccount="1"

  134. # Default password validation time (time in days) Comment the next line if
  135. # you don't want password to be enable for defaultMaxPasswordAge days (be
  136. # careful to the sambaPwdMustChange attribute's value)
  137. defaultMaxPasswordAge="45"

  138. ##############################################################################
  139. #
  140. # SAMBA Configuration
  141. #
  142. ##############################################################################

  143. # The UNC path to home drives location (%U username substitution)
  144. # Just set it to a null string if you want to use the smb.conf 'logon home'
  145. # directive and/or disable roaming profiles
  146. # Ex: userSmbHome="\\PDC-SMB3\%U"
  147. userSmbHome="\\PDC-SRV\%U"

  148. # The UNC path to profiles locations (%U username substitution)
  149. # Just set it to a null string if you want to use the smb.conf 'logon path'
  150. # directive and/or disable roaming profiles
  151. # Ex: userProfile="\\PDC-SMB3\profiles\%U"
  152. userProfile="\\PDC-SRV\profiles\%U"

  153. # The default Home Drive Letter mapping
  154. # (will be automatically mapped at logon time if home directory exist)
  155. # Ex: userHomeDrive="H:"
  156. userHomeDrive="H:"

  157. # The default user netlogon script name (%U username substitution)
  158. # if not used, will be automatically username.cmd
  159. # make sure script file is edited under dos
  160. # Ex: userScript="startup.cmd" # make sure script file is edited under dos
  161. userScript="logon.bat"

  162. # Domain appended to the users "mail"-attribute
  163. # when smbldap-useradd -M is used
  164. # Ex: mailDomain="idealx.com"
  165. mailDomain="example.com"

  166. ##############################################################################
  167. #
  168. # SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
  169. #
  170. ##############################################################################

  171. # Allows not to use smbpasswd (if with_smbpasswd="0" in smbldap.conf) but
  172. # prefer Crypt::SmbHash library
  173. with_smbpasswd="0"
  174. smbpasswd="/usr/bin/smbpasswd"

  175. # Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
  176. # but prefer Crypt:: libraries
  177. with_slappasswd="0"
  178. slappasswd="/usr/sbin/slappasswd"

  179. # comment out the following line to get rid of the default banner
  180. # no_banner="1"
复制代码

[size=200%]谢谢帮助!

您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP