From: Vasiliy Zdanovskiy <vasilyvz@gmail.com> To: community@lists.altlinux.org Subject: [Comm] samba и smbldap-tools Date: Wed, 15 Sep 2010 03:20:34 +0300 Message-ID: <4C901152.7030303@gmail.com> (raw) [-- Attachment #1.1: Type: text/plain, Size: 1157 bytes --] Доброго времени суток. Возникла проблема при работе с самбой в p5 testparm ошибок не выдает после smbldap-populate все аккуратно добавилось. PDC в домен добавил Тестовая машина добавилась. Шары видны и доступны Проблемы возникли, когда попытался добавить юзера через вебинтерфейс -->ldap-useradd: no free uid available Плюнул бы на вебморду, но тогда прийдется добавление krb делать вручную Конфиги и содержимое LDAP и конфиги привожу ниже: При попытке создания юзера smbldap выдает: failed to add entry: objectClass: value #0 invalid per syntax at /usr/sbin/smbldap-useradd line 629, <DATA> line 466. Хотя учетную запись создает и она в интерфейсе видна. smbldap-passwd отрабатывает нормально. Что делать. Может кто сталкивался. [-- Attachment #1.2: base.ldif --] [-- Type: text/plain, Size: 17687 bytes --] dn: dc=dom objectClass: organization objectClass: dcObject dc: dom o: dom dn: cn=ldaproot,dc=dom objectClass: organizationalRole cn: ldaproot dn: ou=People,dc=dom objectClass: organizationalUnit ou: People dn: ou=Group,dc=dom objectClass: organizationalUnit ou: Group dn: ou=kdcroot,dc=dom objectClass: organizationalUnit ou: kdcroot dn: cn=kdc,ou=kdcroot,dc=dom cn: kdc sn: kdc objectClass: top objectClass: person userPassword:: emRidXNxdHM= dn: cn=kadmin,ou=kdcroot,dc=dom cn: kadmin sn: kadmin objectClass: top objectClass: person userPassword:: b3JzYnJyZGY= dn: cn=kerberos,ou=kdcroot,dc=dom objectClass: krbContainer cn: kerberos dn: cn=DOM,cn=kerberos,ou=kdcroot,dc=dom cn: DOM objectClass: top objectClass: krbRealmContainer objectClass: krbTicketPolicyAux krbSubTrees: ou=kdcroot,dc=dom dn: krbPrincipalName=K/M@DOM,cn=DOM,cn=kerberos,ou=kdcroot,dc=domini on krbMaxTicketLife: 86400 krbMaxRenewableAge: 0 krbTicketFlags: 64 krbPrincipalName: K/M@DOM krbPrincipalExpiration: 19700101000000Z krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQGjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAAns +QrOWrBR1jIJNNZfTf6cSmhigaLyBw== krbLastPwdChange: 19700101000000Z krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A krbExtraData:: AAcBAAIAAjT4twAAAAA= objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux dn: krbPrincipalName=krbtgt/DOM@DOM,cn=DOM,cn=kerberos,ou=kdcro ot,dc=dom krbMaxTicketLife: 86400 krbMaxRenewableAge: 0 krbTicketFlags: 0 krbPrincipalName: krbtgt/DOM@DOM krbPrincipalExpiration: 19700101000000Z krbPrincipalKey:: MIHmoAMCAQGhAwIBAaIDAgEBowMCAQCkgc8wgcwwL6EtMCugAwIBF6EkBCIQ AJ5PRjdMD3qnAsBUUqfShtPxTQwd0RYomYmCG+yYgKymMCehJTAjoAMCAQGhHAQaCAD+TpkLwZu1O C8IAFhyhJRN+X7VblsnzlYwN6E1MDOgAwIBBqEsBCoYAMT129awSZueSYVKc7uRYCTIMLigW7u/9O E1tVbey7MyPcl85dXGDL0wN6E1MDOgAwIBEKEsBCoYAAmuD6Mw2qeVALjkxF1MgY3J+IeJ2ZGVucN ViPZvpsJrcd+tIPAWYAA= krbLastPwdChange: 19700101000000Z krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A krbExtraData:: AAcBAAIAAjT4twAAAAA= objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux dn: krbPrincipalName=kadmin/admin@DOM,cn=DOM,cn=kerberos,ou=kdcroot, dc=dom krbMaxTicketLife: 10800 krbMaxRenewableAge: 0 krbTicketFlags: 4 krbPrincipalName: kadmin/admin@DOM krbPrincipalExpiration: 19700101000000Z krbPrincipalKey:: MIHmoAMCAQGhAwIBAaIDAgEBowMCAQCkgc8wgcwwL6EtMCugAwIBF6EkBCIQ AGJ4eaZzSW7poQWUMmOntdttiMehYP06FV8C38opY3XxMCehJTAjoAMCAQGhHAQaCABsW3YFUDlC+ QfPUDUwi6aTHBy3pCSSrA4wN6E1MDOgAwIBBqEsBCoYAJfAOExkqNh2R90zRz6q39u8zim0DF0zWJ folQ33zNN3YL6N66oc/s0wN6E1MDOgAwIBEKEsBCoYAGhTPoDQ/6Dt7lnolFAD/CPPRWG1t6k4uyG cKNFoAfneA6ASeacpMpg= krbLastPwdChange: 19700101000000Z krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A krbExtraData:: AAcBAAIAAnRPTgBiZXI= objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux dn: krbPrincipalName=kadmin/changepw@DOM,cn=DOM,cn=kerberos,ou=kdcro ot,dc=dom krbMaxTicketLife: 300 krbMaxRenewableAge: 0 krbTicketFlags: 8196 krbPrincipalName: kadmin/changepw@DOM krbPrincipalExpiration: 19700101000000Z krbPrincipalKey:: MIHmoAMCAQGhAwIBAaIDAgEBowMCAQCkgc8wgcwwL6EtMCugAwIBF6EkBCIQ ALX2WOY/56m2cX9pHC5YhklyzNehFiNNaEnj8zNuSBr6MCehJTAjoAMCAQGhHAQaCACt1g16SacJo Ylf2ugQuL/GNAkf4MNwzBswN6E1MDOgAwIBBqEsBCoYALTylHMBCcAXW5jvDqiR6Bvn64EZkJ4WUm lipLT38P0dRO2YYpQ4QTwwN6E1MDOgAwIBEKEsBCoYAEkSVcQ80jsnnE7fdNIw4O2DFmv0rp51M79 rru6dLeJrxQzt+YgHIxE= krbLastPwdChange: 19700101000000Z krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A krbExtraData:: AAcBAAIAAigICBAAAAA= objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux dn: krbPrincipalName=kadmin/history@DOM,cn=DOM,cn=kerberos,ou=kdcroo t,dc=dom krbMaxTicketLife: 86400 krbMaxRenewableAge: 0 krbTicketFlags: 0 krbPrincipalName: kadmin/history@DOM krbPrincipalExpiration: 19700101000000Z krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQGjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAAhs 3lOyvu8wGcRsGANvPlCVmZHBtlTjGg== krbLastPwdChange: 19700101000000Z krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A krbExtraData:: AAcBAAIAAigICBAAAAA= objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux dn: krbPrincipalName=kadmin/storage.dom@DOM,cn=DOM,cn=kerberos, ou=kdcroot,dc=dom krbMaxTicketLife: 10800 krbMaxRenewableAge: 0 krbTicketFlags: 4 krbPrincipalName: kadmin/storage.dom@DOM krbPrincipalExpiration: 19700101000000Z krbPrincipalKey:: MIHmoAMCAQGhAwIBAaIDAgEBowMCAQCkgc8wgcwwL6EtMCugAwIBF6EkBCIQ AJjzu3w20EIKfS7ZQJPO1479Ryiu8IhL5EixJKchVsn4MCehJTAjoAMCAQGhHAQaCABlxTSje5eLo PVbEfc3ZXr8RyLb46L1rYYwN6E1MDOgAwIBBqEsBCoYAPnprZStBUJgDYiHq24Z+RVZsrKZg2l1I3 CvHr5DzQ5FwNWKy7rA/qowN6E1MDOgAwIBEKEsBCoYAARH+n3J7TP1h1XwWLbSLiB3DBrdOcPjq+D 1WNtD+j+Pmi81e5jUnKk= krbLastPwdChange: 19700101000000Z krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A krbExtraData:: AAcBAAIAAjP4tyxjbj0= objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux dn: krbPrincipalName=nfs/storage.dom@DOM,cn=DOM,cn=kerberos,ou= kdcroot,dc=dom krbPrincipalName: nfs/storage.dom@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAByO AJY2cIt+CbvNFcGLkNhrqTt2Z6YJRg== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035505Z krbExtraData:: AAIZT4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: krbPrincipalName=cifs/storage.dom@DOM,cn=DOM,cn=kerberos,ou =kdcroot,dc=dom krbPrincipalName: cifs/storage.dom@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAEbL JoI20Z8ZHpmW1CGePoMqQhrcBTd7KA== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035505Z krbExtraData:: AAIZT4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: krbPrincipalName=host/storage.dom@DOM,cn=DOM,cn=kerberos,ou =kdcroot,dc=dom krbPrincipalName: host/storage.dom@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAJR+ WF70+3cCjC6eEQmcn8VC8shKOeeMWw== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035505Z krbExtraData:: AAIZT4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: krbPrincipalName=pop3/storage.dom@DOM,cn=DOM,cn=kerberos,ou =kdcroot,dc=dom krbPrincipalName: pop3/storage.dom@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAJRV S+8Z1rWzurnUNHg69RJaS7cDgSNIzw== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035505Z krbExtraData:: AAIZT4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: krbPrincipalName=http/storage.dom@DOM,cn=DOM,cn=kerberos,ou =kdcroot,dc=dom krbPrincipalName: http/storage.dom@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIALfK eoQDhW6obkTDWoJP578ZiHxsnIJY7A== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035506Z krbExtraData:: AAIaT4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: krbPrincipalName=HTTP/storage.dom@DOM,cn=DOM,cn=kerberos,ou =kdcroot,dc=dom krbPrincipalName: HTTP/storage.dom@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAOwY dv3NK2OW1km3IhByzD9BG7n54JGmAQ== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035506Z krbExtraData:: AAIaT4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: krbPrincipalName=pop/storage.dom@DOM,cn=DOM,cn=kerberos,ou= kdcroot,dc=dom krbPrincipalName: pop/storage.dom@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAATD jB95UTPr2+E3K+m1KCMoIzd4/PfxYQ== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035506Z krbExtraData:: AAIaT4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: krbPrincipalName=imap/storage.dom@DOM,cn=DOM,cn=kerberos,ou =kdcroot,dc=dom krbPrincipalName: imap/storage.dom@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAKlg +HwDhUPuxFgRVUWBwGXBQSfs7HbbdQ== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035506Z krbExtraData:: AAIaT4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: krbPrincipalName=smtp/storage.dom@DOM,cn=DOM,cn=kerberos,ou =kdcroot,dc=dom krbPrincipalName: smtp/storage.dom@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIABQy dYXIG1C3v2TryRpBx4QRQuQyjVzElA== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035507Z krbExtraData:: AAIbT4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: cn=audio,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: audio userPassword:: e2NyeXB0fXg= gidNumber: 81 memberUid: vasilyvz dn: cn=cdrom,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: cdrom userPassword:: e2NyeXB0fXg= gidNumber: 22 memberUid: vasilyvz dn: cn=cdwriter,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: cdwriter userPassword:: e2NyeXB0fXg= gidNumber: 80 memberUid: vasilyvz dn: cn=floppy,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: floppy userPassword:: e2NyeXB0fXg= gidNumber: 71 memberUid: vasilyvz dn: cn=proc,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: proc userPassword:: e2NyeXB0fXg= gidNumber: 19 memberUid: vasilyvz dn: cn=radio,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: radio userPassword:: e2NyeXB0fXg= gidNumber: 83 memberUid: vasilyvz dn: cn=scanner,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: scanner userPassword:: e2NyeXB0fXg= gidNumber: 112 memberUid: vasilyvz dn: cn=uucp,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: uucp userPassword:: e2NyeXB0fXg= gidNumber: 14 memberUid: vasilyvz dn: cn=wheel,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: wheel userPassword:: e2NyeXB0fXg= gidNumber: 10 memberUid: vasilyvz dn: cn=xgrp,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: xgrp userPassword:: e2NyeXB0fXg= gidNumber: 113 memberUid: vasilyvz dn: cn=vasilyvz,ou=Group,dc=dom objectClass: posixGroup objectClass: top objectClass: extensibleObject cn: vasilyvz userPassword:: e2NyeXB0fXg= gidNumber: 5000 dn: krbPrincipalName=vasilyvz@DOM,cn=DOM,cn=kerberos,ou=kdcroot,dc=d ominion krbPrincipalName: vasilyvz@DOM objectClass: krbPrincipal objectClass: krbPrincipalAux objectClass: krbTicketPolicyAux krbTicketFlags: 0 krbPrincipalKey:: MIHroAMCAQGhAwIBAaIDAgEDowMCAQCkgdQwgdEwL6EtMCugAwIBF6EkBCIQ AJonRVBbIp26lc3s/VZZruKGMG07IYWEwInlPs20m6MyMCehJTAjoAMCAQGhHAQaCABTuv1mJgKAt VNqplCsvPStXRrQrt2SrrwwN6E1MDOgAwIBBqEsBCoYAHnQxOpwegLKJhGggVfLu8RfcL2uubFP6f B+rQ6heqIU+UXBI4SPfTAwPKATMBGgAwIBBaEKBAhET01JTklPTqElMCOgAwIBAaEcBBoIAKQPQrk TzL9pIDnrR6nKghVzzoi/V62S7g== krbPasswordExpiration: 19700101000000Z krbLastPwdChange: 20100912035847Z krbExtraData:: AAL3T4xMcm9vdC9hZG1pbkBET01JTklPTgA= dn: uid=vasilyvz,ou=People,dc=dom uid: vasilyvz objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount uidNumber: 5000 gidNumber: 5000 sambaAcctFlags: [U ] sambaSID: S-1-5-21-4235590718-613939999-1949843480-11000 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 0 sn: vasilyvz cn: vasilyvz homeDirectory: /home/vasilyvz loginShell: /bin/bash userPassword:: e0NSWVBUfSQyYSQwNSQzb3JGVkpNVm5lTTdmZkw2eGFYdGl1ejN2clpsL3V5Q0E wbWdHdk5CM0NGaHM5VkJmcDJiQw== sambaLMPassword: CCF9155E3E7DB453AAD3B435B51404EE sambaNTPassword: 3DBDE697D71690A769204BEB12283678 mail: vasilyvz@dom sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1284511374 dn: sambaDomainName=DOM,dc=dom sambaAlgorithmicRidBase: 1000 sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 gidNumber: 10000 sambaDomainName: DOM sambaSID: S-1-5-21-4235590718-613939999-1949843480 objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaNextRid: 10002 uidNumber: 10004 dn: ou=Computers,dc=dom objectClass: top objectClass: organizationalUnit ou: Computers dn: ou=Idmap,dc=dom objectClass: top objectClass: organizationalUnit ou: Idmap dn: uid=storage$,ou=Computers,dc=dom objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: storage$ uid: storage$ uidNumber: 10000 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-4235590718-613939999-1949843480-10001 displayName: Computer sambaAcctFlags: [S ] sambaLMPassword: B9C3A7037138FF7A5B9C6E7E47A97ADE sambaNTPassword: C8F0D5E140E191747AF630FE60844CC6 dn: cn=Domain Admins,ou=Group,dc=dom objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: administrator description: Netbios Domain Administrators sambaSID: S-1-5-21-4235590718-613939999-1949843480-512 sambaGroupType: 2 displayName: Domain Admins dn: cn=Domain Users,ou=Group,dc=dom objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 cn: Domain Users description: Netbios Domain Users sambaSID: S-1-5-21-4235590718-613939999-1949843480-513 sambaGroupType: 2 displayName: Domain Users dn: cn=Domain Guests,ou=Group,dc=dom objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users sambaSID: S-1-5-21-4235590718-613939999-1949843480-514 sambaGroupType: 2 displayName: Domain Guests dn: cn=Domain Computers,ou=Group,dc=dom objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 515 cn: Domain Computers description: Netbios Domain Computers accounts sambaSID: S-1-5-21-4235590718-613939999-1949843480-515 sambaGroupType: 2 displayName: Domain Computers dn: cn=Administrators,ou=Group,dc=dom objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer/sambaDom ainName sambaSID: S-1-5-32-544 sambaGroupType: 5 displayName: Administrators dn: cn=Account Operators,ou=Group,dc=dom objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 548 cn: Account Operators description: Netbios Domain Users to manipulate users accounts sambaSID: S-1-5-32-548 sambaGroupType: 5 displayName: Account Operators dn: cn=Print Operators,ou=Group,dc=dom objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 550 cn: Print Operators description: Netbios Domain Print Operators sambaSID: S-1-5-32-550 sambaGroupType: 5 displayName: Print Operators dn: cn=Backup Operators,ou=Group,dc=dom objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 551 cn: Backup Operators description: Netbios Domain Members can bypass file security to back up files sambaSID: S-1-5-32-551 sambaGroupType: 5 displayName: Backup Operators dn: cn=Replicators,ou=Group,dc=dom objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 552 cn: Replicators description: Netbios Domain Supports file replication in a sambaDomainName sambaSID: S-1-5-32-552 sambaGroupType: 5 displayName: Replicators dn: sambaSID=S-1-5-32-545,ou=Group,dc=dom objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 10000 sambaSIDList: S-1-5-21-4235590718-613939999-1949843480-513 dn: uid=vvz-note$,ou=Computers,dc=dom objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: vvz-note$ uid: vvz-note$ uidNumber: 10001 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-4235590718-613939999-1949843480-10002 displayName: Computer sambaLMPassword: F804071FD632D9F4E3D6A0C58AD1533C sambaNTPassword: 5445DB8985AE0734CD2D99C7DC161BAD sambaAcctFlags: [W ] dn: uid=test,ou=People,dc=dom objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: test sn: test givenName: test uid: test uidNumber: 10003 gidNumber: 513 homeDirectory: /home/test loginShell: /sbin/nologin gecos: Test userPassword:: e2NyeXB0fXg= sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: test sambaAcctFlags: [UX] sambaSID: S-1-5-21-4235590718-613939999-1949843480-21006 [-- Attachment #1.3: smb.conf --] [-- Type: text/plain, Size: 1606 bytes --] [global] realm = DOM workgroup = DOM netbios name = storage server string = Samba server on %h (v. %v) security = user wins support = yes idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind nested groups = yes nt acl support = yes domain master = yes domain logons = yes guest account = pcguest logon script = %u.bat logon path = \%L\profiles\%u logon drive = H: use kerberos keytab = Yes log file = /var/log/samba/log.%m max log size = 50 printcap name = cups dns proxy = yes use sendfile = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=ldaproot,dc=dom ldap suffix = dc=dom ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=Computers os level = 65 preferred master = Yes wins support = yes ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g %g %u [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon browseable = no guest ok = yes writable = no share modes = no [share] comment = Commonplace path = /srv/share read only = No [homes] comment = Home Directory for '%u' browseable = no writable = yes [-- Attachment #1.4: smbldap.conf --] [-- Type: text/plain, Size: 1066 bytes --] smbldap.conf SID="S-1-5-21-4235590718-613939999-1949843480" sambaDomain="DOM" slaveLDAP="localhost" slavePort="389" masterLDAP="localhost" masterPort="389" ldapTLS="0" ldapSSL="0" verify="require" #cafile="/etc/smbldap-tools/ca.pem" #clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem" #clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key" suffix="dc=dom" usersdn="ou=People,${suffix}" computersdn="ou=Computers,${suffix}" groupsdn="ou=Group,${suffix}" idmapdn="ou=Idmap,${suffix}" sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" scope="sub" hash_encrypt="SSHA" crypt_salt_format="%s" userLoginShell="/sbin/nologin" userHome="/home/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" defaultMaxPasswordAge="45" userSmbHome="\\STORAGE\%U" userProfile="\\STORAGE\profiles\%U" userHomeDrive="H:" userScript="logon.bat" mailDomain="dom.od.ua" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 554 bytes --]
reply other threads:[~2010-09-15 0:20 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=4C901152.7030303@gmail.com \ --to=vasilyvz@gmail.com \ --cc=community@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git