* [Comm] samba и smbldap-tools
@ 2010-09-15 0:20 Vasiliy Zdanovskiy
0 siblings, 0 replies; only message in thread
From: Vasiliy Zdanovskiy @ 2010-09-15 0:20 UTC (permalink / raw)
To: community
[-- Attachment #1.1: Type: text/plain, Size: 1157 bytes --]
Доброго времени суток.
Возникла проблема при работе с самбой в p5
testparm ошибок не выдает
после smbldap-populate все аккуратно добавилось.
PDC в домен добавил
Тестовая машина добавилась.
Шары видны и доступны
Проблемы возникли, когда попытался добавить юзера через вебинтерфейс
-->ldap-useradd: no free uid available
Плюнул бы на вебморду, но тогда прийдется добавление krb делать вручную
Конфиги и содержимое LDAP и конфиги привожу ниже:
При попытке создания юзера smbldap выдает:
failed to add entry: objectClass: value #0 invalid per syntax at
/usr/sbin/smbldap-useradd line 629, <DATA> line 466.
Хотя учетную запись создает и она в интерфейсе видна.
smbldap-passwd отрабатывает нормально.
Что делать. Может кто сталкивался.
[-- Attachment #1.2: base.ldif --]
[-- Type: text/plain, Size: 17687 bytes --]
dn: dc=dom
objectClass: organization
objectClass: dcObject
dc: dom
o: dom
dn: cn=ldaproot,dc=dom
objectClass: organizationalRole
cn: ldaproot
dn: ou=People,dc=dom
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=dom
objectClass: organizationalUnit
ou: Group
dn: ou=kdcroot,dc=dom
objectClass: organizationalUnit
ou: kdcroot
dn: cn=kdc,ou=kdcroot,dc=dom
cn: kdc
sn: kdc
objectClass: top
objectClass: person
userPassword:: emRidXNxdHM=
dn: cn=kadmin,ou=kdcroot,dc=dom
cn: kadmin
sn: kadmin
objectClass: top
objectClass: person
userPassword:: b3JzYnJyZGY=
dn: cn=kerberos,ou=kdcroot,dc=dom
objectClass: krbContainer
cn: kerberos
dn: cn=DOM,cn=kerberos,ou=kdcroot,dc=dom
cn: DOM
objectClass: top
objectClass: krbRealmContainer
objectClass: krbTicketPolicyAux
krbSubTrees: ou=kdcroot,dc=dom
dn: krbPrincipalName=K/M@DOM,cn=DOM,cn=kerberos,ou=kdcroot,dc=domini
on
krbMaxTicketLife: 86400
krbMaxRenewableAge: 0
krbTicketFlags: 64
krbPrincipalName: K/M@DOM
krbPrincipalExpiration: 19700101000000Z
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQGjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAAns
+QrOWrBR1jIJNNZfTf6cSmhigaLyBw==
krbLastPwdChange: 19700101000000Z
krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A
krbExtraData:: AAcBAAIAAjT4twAAAAA=
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
dn: krbPrincipalName=krbtgt/DOM@DOM,cn=DOM,cn=kerberos,ou=kdcro
ot,dc=dom
krbMaxTicketLife: 86400
krbMaxRenewableAge: 0
krbTicketFlags: 0
krbPrincipalName: krbtgt/DOM@DOM
krbPrincipalExpiration: 19700101000000Z
krbPrincipalKey:: MIHmoAMCAQGhAwIBAaIDAgEBowMCAQCkgc8wgcwwL6EtMCugAwIBF6EkBCIQ
AJ5PRjdMD3qnAsBUUqfShtPxTQwd0RYomYmCG+yYgKymMCehJTAjoAMCAQGhHAQaCAD+TpkLwZu1O
C8IAFhyhJRN+X7VblsnzlYwN6E1MDOgAwIBBqEsBCoYAMT129awSZueSYVKc7uRYCTIMLigW7u/9O
E1tVbey7MyPcl85dXGDL0wN6E1MDOgAwIBEKEsBCoYAAmuD6Mw2qeVALjkxF1MgY3J+IeJ2ZGVucN
ViPZvpsJrcd+tIPAWYAA=
krbLastPwdChange: 19700101000000Z
krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A
krbExtraData:: AAcBAAIAAjT4twAAAAA=
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
dn: krbPrincipalName=kadmin/admin@DOM,cn=DOM,cn=kerberos,ou=kdcroot,
dc=dom
krbMaxTicketLife: 10800
krbMaxRenewableAge: 0
krbTicketFlags: 4
krbPrincipalName: kadmin/admin@DOM
krbPrincipalExpiration: 19700101000000Z
krbPrincipalKey:: MIHmoAMCAQGhAwIBAaIDAgEBowMCAQCkgc8wgcwwL6EtMCugAwIBF6EkBCIQ
AGJ4eaZzSW7poQWUMmOntdttiMehYP06FV8C38opY3XxMCehJTAjoAMCAQGhHAQaCABsW3YFUDlC+
QfPUDUwi6aTHBy3pCSSrA4wN6E1MDOgAwIBBqEsBCoYAJfAOExkqNh2R90zRz6q39u8zim0DF0zWJ
folQ33zNN3YL6N66oc/s0wN6E1MDOgAwIBEKEsBCoYAGhTPoDQ/6Dt7lnolFAD/CPPRWG1t6k4uyG
cKNFoAfneA6ASeacpMpg=
krbLastPwdChange: 19700101000000Z
krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A
krbExtraData:: AAcBAAIAAnRPTgBiZXI=
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
dn: krbPrincipalName=kadmin/changepw@DOM,cn=DOM,cn=kerberos,ou=kdcro
ot,dc=dom
krbMaxTicketLife: 300
krbMaxRenewableAge: 0
krbTicketFlags: 8196
krbPrincipalName: kadmin/changepw@DOM
krbPrincipalExpiration: 19700101000000Z
krbPrincipalKey:: MIHmoAMCAQGhAwIBAaIDAgEBowMCAQCkgc8wgcwwL6EtMCugAwIBF6EkBCIQ
ALX2WOY/56m2cX9pHC5YhklyzNehFiNNaEnj8zNuSBr6MCehJTAjoAMCAQGhHAQaCACt1g16SacJo
Ylf2ugQuL/GNAkf4MNwzBswN6E1MDOgAwIBBqEsBCoYALTylHMBCcAXW5jvDqiR6Bvn64EZkJ4WUm
lipLT38P0dRO2YYpQ4QTwwN6E1MDOgAwIBEKEsBCoYAEkSVcQ80jsnnE7fdNIw4O2DFmv0rp51M79
rru6dLeJrxQzt+YgHIxE=
krbLastPwdChange: 19700101000000Z
krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A
krbExtraData:: AAcBAAIAAigICBAAAAA=
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
dn: krbPrincipalName=kadmin/history@DOM,cn=DOM,cn=kerberos,ou=kdcroo
t,dc=dom
krbMaxTicketLife: 86400
krbMaxRenewableAge: 0
krbTicketFlags: 0
krbPrincipalName: kadmin/history@DOM
krbPrincipalExpiration: 19700101000000Z
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQGjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAAhs
3lOyvu8wGcRsGANvPlCVmZHBtlTjGg==
krbLastPwdChange: 19700101000000Z
krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A
krbExtraData:: AAcBAAIAAigICBAAAAA=
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
dn: krbPrincipalName=kadmin/storage.dom@DOM,cn=DOM,cn=kerberos,
ou=kdcroot,dc=dom
krbMaxTicketLife: 10800
krbMaxRenewableAge: 0
krbTicketFlags: 4
krbPrincipalName: kadmin/storage.dom@DOM
krbPrincipalExpiration: 19700101000000Z
krbPrincipalKey:: MIHmoAMCAQGhAwIBAaIDAgEBowMCAQCkgc8wgcwwL6EtMCugAwIBF6EkBCIQ
AJjzu3w20EIKfS7ZQJPO1479Ryiu8IhL5EixJKchVsn4MCehJTAjoAMCAQGhHAQaCABlxTSje5eLo
PVbEfc3ZXr8RyLb46L1rYYwN6E1MDOgAwIBBqEsBCoYAPnprZStBUJgDYiHq24Z+RVZsrKZg2l1I3
CvHr5DzQ5FwNWKy7rA/qowN6E1MDOgAwIBEKEsBCoYAARH+n3J7TP1h1XwWLbSLiB3DBrdOcPjq+D
1WNtD+j+Pmi81e5jUnKk=
krbLastPwdChange: 19700101000000Z
krbExtraData:: AAIYT4xMZGJfY3JlYXRpb25ARE9NSU5JT04A
krbExtraData:: AAcBAAIAAjP4tyxjbj0=
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
dn: krbPrincipalName=nfs/storage.dom@DOM,cn=DOM,cn=kerberos,ou=
kdcroot,dc=dom
krbPrincipalName: nfs/storage.dom@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAByO
AJY2cIt+CbvNFcGLkNhrqTt2Z6YJRg==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035505Z
krbExtraData:: AAIZT4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: krbPrincipalName=cifs/storage.dom@DOM,cn=DOM,cn=kerberos,ou
=kdcroot,dc=dom
krbPrincipalName: cifs/storage.dom@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAEbL
JoI20Z8ZHpmW1CGePoMqQhrcBTd7KA==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035505Z
krbExtraData:: AAIZT4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: krbPrincipalName=host/storage.dom@DOM,cn=DOM,cn=kerberos,ou
=kdcroot,dc=dom
krbPrincipalName: host/storage.dom@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAJR+
WF70+3cCjC6eEQmcn8VC8shKOeeMWw==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035505Z
krbExtraData:: AAIZT4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: krbPrincipalName=pop3/storage.dom@DOM,cn=DOM,cn=kerberos,ou
=kdcroot,dc=dom
krbPrincipalName: pop3/storage.dom@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAJRV
S+8Z1rWzurnUNHg69RJaS7cDgSNIzw==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035505Z
krbExtraData:: AAIZT4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: krbPrincipalName=http/storage.dom@DOM,cn=DOM,cn=kerberos,ou
=kdcroot,dc=dom
krbPrincipalName: http/storage.dom@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIALfK
eoQDhW6obkTDWoJP578ZiHxsnIJY7A==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035506Z
krbExtraData:: AAIaT4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: krbPrincipalName=HTTP/storage.dom@DOM,cn=DOM,cn=kerberos,ou
=kdcroot,dc=dom
krbPrincipalName: HTTP/storage.dom@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAOwY
dv3NK2OW1km3IhByzD9BG7n54JGmAQ==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035506Z
krbExtraData:: AAIaT4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: krbPrincipalName=pop/storage.dom@DOM,cn=DOM,cn=kerberos,ou=
kdcroot,dc=dom
krbPrincipalName: pop/storage.dom@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAATD
jB95UTPr2+E3K+m1KCMoIzd4/PfxYQ==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035506Z
krbExtraData:: AAIaT4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: krbPrincipalName=imap/storage.dom@DOM,cn=DOM,cn=kerberos,ou
=kdcroot,dc=dom
krbPrincipalName: imap/storage.dom@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIAKlg
+HwDhUPuxFgRVUWBwGXBQSfs7HbbdQ==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035506Z
krbExtraData:: AAIaT4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: krbPrincipalName=smtp/storage.dom@DOM,cn=DOM,cn=kerberos,ou
=kdcroot,dc=dom
krbPrincipalName: smtp/storage.dom@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MEGgAwIBAaEDAgEBogMCAQOjAwIBAKQrMCkwJ6ElMCOgAwIBAaEcBBoIABQy
dYXIG1C3v2TryRpBx4QRQuQyjVzElA==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035507Z
krbExtraData:: AAIbT4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: cn=audio,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: audio
userPassword:: e2NyeXB0fXg=
gidNumber: 81
memberUid: vasilyvz
dn: cn=cdrom,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: cdrom
userPassword:: e2NyeXB0fXg=
gidNumber: 22
memberUid: vasilyvz
dn: cn=cdwriter,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: cdwriter
userPassword:: e2NyeXB0fXg=
gidNumber: 80
memberUid: vasilyvz
dn: cn=floppy,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: floppy
userPassword:: e2NyeXB0fXg=
gidNumber: 71
memberUid: vasilyvz
dn: cn=proc,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: proc
userPassword:: e2NyeXB0fXg=
gidNumber: 19
memberUid: vasilyvz
dn: cn=radio,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: radio
userPassword:: e2NyeXB0fXg=
gidNumber: 83
memberUid: vasilyvz
dn: cn=scanner,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: scanner
userPassword:: e2NyeXB0fXg=
gidNumber: 112
memberUid: vasilyvz
dn: cn=uucp,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: uucp
userPassword:: e2NyeXB0fXg=
gidNumber: 14
memberUid: vasilyvz
dn: cn=wheel,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: wheel
userPassword:: e2NyeXB0fXg=
gidNumber: 10
memberUid: vasilyvz
dn: cn=xgrp,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: xgrp
userPassword:: e2NyeXB0fXg=
gidNumber: 113
memberUid: vasilyvz
dn: cn=vasilyvz,ou=Group,dc=dom
objectClass: posixGroup
objectClass: top
objectClass: extensibleObject
cn: vasilyvz
userPassword:: e2NyeXB0fXg=
gidNumber: 5000
dn: krbPrincipalName=vasilyvz@DOM,cn=DOM,cn=kerberos,ou=kdcroot,dc=d
ominion
krbPrincipalName: vasilyvz@DOM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbTicketFlags: 0
krbPrincipalKey:: MIHroAMCAQGhAwIBAaIDAgEDowMCAQCkgdQwgdEwL6EtMCugAwIBF6EkBCIQ
AJonRVBbIp26lc3s/VZZruKGMG07IYWEwInlPs20m6MyMCehJTAjoAMCAQGhHAQaCABTuv1mJgKAt
VNqplCsvPStXRrQrt2SrrwwN6E1MDOgAwIBBqEsBCoYAHnQxOpwegLKJhGggVfLu8RfcL2uubFP6f
B+rQ6heqIU+UXBI4SPfTAwPKATMBGgAwIBBaEKBAhET01JTklPTqElMCOgAwIBAaEcBBoIAKQPQrk
TzL9pIDnrR6nKghVzzoi/V62S7g==
krbPasswordExpiration: 19700101000000Z
krbLastPwdChange: 20100912035847Z
krbExtraData:: AAL3T4xMcm9vdC9hZG1pbkBET01JTklPTgA=
dn: uid=vasilyvz,ou=People,dc=dom
uid: vasilyvz
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
uidNumber: 5000
gidNumber: 5000
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-4235590718-613939999-1949843480-11000
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 0
sn: vasilyvz
cn: vasilyvz
homeDirectory: /home/vasilyvz
loginShell: /bin/bash
userPassword:: e0NSWVBUfSQyYSQwNSQzb3JGVkpNVm5lTTdmZkw2eGFYdGl1ejN2clpsL3V5Q0E
wbWdHdk5CM0NGaHM5VkJmcDJiQw==
sambaLMPassword: CCF9155E3E7DB453AAD3B435B51404EE
sambaNTPassword: 3DBDE697D71690A769204BEB12283678
mail: vasilyvz@dom
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1284511374
dn: sambaDomainName=DOM,dc=dom
sambaAlgorithmicRidBase: 1000
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
gidNumber: 10000
sambaDomainName: DOM
sambaSID: S-1-5-21-4235590718-613939999-1949843480
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaNextRid: 10002
uidNumber: 10004
dn: ou=Computers,dc=dom
objectClass: top
objectClass: organizationalUnit
ou: Computers
dn: ou=Idmap,dc=dom
objectClass: top
objectClass: organizationalUnit
ou: Idmap
dn: uid=storage$,ou=Computers,dc=dom
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: storage$
uid: storage$
uidNumber: 10000
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-4235590718-613939999-1949843480-10001
displayName: Computer
sambaAcctFlags: [S ]
sambaLMPassword: B9C3A7037138FF7A5B9C6E7E47A97ADE
sambaNTPassword: C8F0D5E140E191747AF630FE60844CC6
dn: cn=Domain Admins,ou=Group,dc=dom
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: administrator
description: Netbios Domain Administrators
sambaSID: S-1-5-21-4235590718-613939999-1949843480-512
sambaGroupType: 2
displayName: Domain Admins
dn: cn=Domain Users,ou=Group,dc=dom
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-4235590718-613939999-1949843480-513
sambaGroupType: 2
displayName: Domain Users
dn: cn=Domain Guests,ou=Group,dc=dom
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-4235590718-613939999-1949843480-514
sambaGroupType: 2
displayName: Domain Guests
dn: cn=Domain Computers,ou=Group,dc=dom
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-4235590718-613939999-1949843480-515
sambaGroupType: 2
displayName: Domain Computers
dn: cn=Administrators,ou=Group,dc=dom
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the computer/sambaDom
ainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
dn: cn=Account Operators,ou=Group,dc=dom
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
dn: cn=Print Operators,ou=Group,dc=dom
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
dn: cn=Backup Operators,ou=Group,dc=dom
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
dn: cn=Replicators,ou=Group,dc=dom
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
dn: sambaSID=S-1-5-32-545,ou=Group,dc=dom
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
sambaSID: S-1-5-32-545
sambaGroupType: 4
displayName: Users
gidNumber: 10000
sambaSIDList: S-1-5-21-4235590718-613939999-1949843480-513
dn: uid=vvz-note$,ou=Computers,dc=dom
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: vvz-note$
uid: vvz-note$
uidNumber: 10001
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-4235590718-613939999-1949843480-10002
displayName: Computer
sambaLMPassword: F804071FD632D9F4E3D6A0C58AD1533C
sambaNTPassword: 5445DB8985AE0734CD2D99C7DC161BAD
sambaAcctFlags: [W ]
dn: uid=test,ou=People,dc=dom
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: test
sn: test
givenName: test
uid: test
uidNumber: 10003
gidNumber: 513
homeDirectory: /home/test
loginShell: /sbin/nologin
gecos: Test
userPassword:: e2NyeXB0fXg=
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: test
sambaAcctFlags: [UX]
sambaSID: S-1-5-21-4235590718-613939999-1949843480-21006
[-- Attachment #1.3: smb.conf --]
[-- Type: text/plain, Size: 1606 bytes --]
[global]
realm = DOM
workgroup = DOM
netbios name = storage
server string = Samba server on %h (v. %v)
security = user
wins support = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
nt acl support = yes
domain master = yes
domain logons = yes
guest account = pcguest
logon script = %u.bat
logon path = \%L\profiles\%u
logon drive = H:
use kerberos keytab = Yes
log file = /var/log/samba/log.%m
max log size = 50
printcap name = cups
dns proxy = yes
use sendfile = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=ldaproot,dc=dom
ldap suffix = dc=dom
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
os level = 65
preferred master = Yes
wins support = yes
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
browseable = no
guest ok = yes
writable = no
share modes = no
[share]
comment = Commonplace
path = /srv/share
read only = No
[homes]
comment = Home Directory for '%u'
browseable = no
writable = yes
[-- Attachment #1.4: smbldap.conf --]
[-- Type: text/plain, Size: 1066 bytes --]
smbldap.conf
SID="S-1-5-21-4235590718-613939999-1949843480"
sambaDomain="DOM"
slaveLDAP="localhost"
slavePort="389"
masterLDAP="localhost"
masterPort="389"
ldapTLS="0"
ldapSSL="0"
verify="require"
#cafile="/etc/smbldap-tools/ca.pem"
#clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
#clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"
suffix="dc=dom"
usersdn="ou=People,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Group,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/sbin/nologin"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\STORAGE\%U"
userProfile="\\STORAGE\profiles\%U"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="dom.od.ua"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 554 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-09-15 0:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-09-15 0:20 [Comm] samba и smbldap-tools Vasiliy Zdanovskiy
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git