Ich versuche, einen Samba-Server einzurichten, der von einem Remote-LDAP-Server authentifiziert wird, und habe einige Probleme, für deren Lösung ich keine Lösung weiß.
Ich konnte einen getent passwdSamba-Server unter einrichten und konnte alle Benutzer unter sehen ldapserver, aber als ich versuchte, auf meine Windows-Box zuzugreifen, \\SAMBASERVERerschien Folgendes unter /var/log/samba/log.mywindowsbox:
<...snip...>
[2012/10/19 13:05:22.449684, 2] smbd/sesssetup.c:1413(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2012/10/19 13:05:22.449692, 3] smbd/sesssetup.c:1212(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2012/10/19 13:05:22.449701, 3] smbd/sesssetup.c:1254(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/10/19 13:05:22.449717, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[lucas] domain=[BUSINESS] workstation=[MYWINDOWSBOX] len1=24 len2=24
[2012/10/19 13:05:22.449747, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [BUSINESS]\[lucas]@[MYWINDOWSBOX] with the new password interface
[2012/10/19 13:05:22.449759, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [SAMBASERVER]\[lucas]@[MYWINDOWSBOX]
[2012/10/19 13:05:22.449773, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/10/19 13:05:22.449783, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/10/19 13:05:22.449791, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/10/19 13:05:22.449922, 2] lib/smbldap.c:950(smbldap_open_connection)
smbldap_open_connection: connection opened
[2012/10/19 13:05:23.001517, 3] lib/smbldap.c:1166(smbldap_connect_system)
ldap_connect_system: successful connection to the LDAP server
[2012/10/19 13:05:23.007713, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/10/19 13:05:23.007733, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn't find user 'lucas' in passdb.
[2012/10/19 13:05:23.007743, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [lucas] -> [lucas] FAILED with error NT_STATUS_NO_SUCH_USER
[2012/10/19 13:05:23.007760, 3] smbd/error.c:80(error_packet_set)
error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2012/10/19 13:05:23.010469, 3] smbd/process.c:1489(process_smb)
Transaction 3 of length 142 (0 toread)
<...snip...>
/etc/samba/smb.confDatei folgt:
[global]
dos charset = 850
unix charset = LOCALE
workgroup = BUSINESS
netbios name = SAMBASERVER
bind interfaces only = true
interfaces = lo eth0 eth1
smb ports = 139
hosts deny = All
hosts allow = 192.168.78. 192.168.255. 127.0.0.1 10.149.122. 192.168.0.
name resolve order = wins bcast hosts
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
domain logons = No
wins support = Yes
wins proxy = No
client ntlmv2 auth = Yes
lanman auth = Yes
ntlm auth = Yes
dns proxy = Yes
time server = Yes
security = user
encrypt passwords = Yes
obey pam restrictions = Yes
ldap password sync = Yes
unix password sync = Yes
passdb backend = ldapsam:"ldap://192.168.78.206"
ldap ssl = off
ldap admin dn = uid=root,ou=Users,dc=business,dc=intranet
ldap suffix =
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -W -t5 "%u"
idmap backend = ldap:"ldap://192.168.78.206"
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
load printers = No
printcap name = /dev/null
map acl inherit = Yes
map untrusted to domain = Yes
enable privileges = Yes
veto files = /lost+found/ /publicftp/
Also, \\SAMBASERVERsagt er, er konnte meinen Benutzer nicht finden, aber ich kann ihn sehen getent passwd. Was kann ich tun, um SAMBASERVERmeinen Benutzer zu sehen und zu authentifizieren?
Dank im Voraus!
Antwort1
Ich habe herausgefunden, was falsch war. Ich habe einfach diese Konfiguration vorgenommen:
ldap admin dn = uid=root,ou=Users,dc=business,dc=intranet
und habe ein gemacht service smb restartund ich konnte alle Benutzer durch sehen smbldap-userlist. Die Authentifizierung hat auch gut funktioniert.