From: "Евгений Баженов" <bazhen@ustk.kz>
To: ALT Linux sysadmins' discussion <sysadmins@lists.altlinux.org>
Subject: Re: [Sysadmins] Samba + LDAP, sambaPwdLastSet - подземный стук
Date: Tue, 01 Jun 2010 11:17:28 +0600
Message-ID: <4C0497E8.7070402@ustk.kz> (raw)
In-Reply-To: <op.vdj5ozfms2o7xx@localhost.localdomain>
Trenin Sergey пишет:
> Евгений, не приведете содержимое файлов snb.conf, slapd.conf и
> slapd-ваша_зона.conf, тоже разбираюсь с pdc
smb.conf:
[global]
dos charset = CP866
unix charset = utf8
display charset = utf8
workgroup = DKVKO
realm = DKVKO.LAN
server string = Samba server on %h (v. %v)
interfaces = 192.168.137.2/24, 127.0.0.1/24
bind interfaces only = Yes
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/
passwd chat debug = Yes
use kerberos keytab = Yes
log file = /var/log/samba/log.%U.%m.%G.%I
max log size = 50
max xmit = 64000
time server = Yes
unix extensions = No
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=64000
SO_RCVBUF=64000 SO_KEEPALIVE
printcap name = cups
logon path =
logon drive = x:
logon home = \\%L\vol1
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=ldaproot,dc=dkvko,dc=lan
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=dkvko,dc=lan
ldap user suffix = ou=People
admin users = @domainadmins
hosts allow = 192.168., 127.
use sendfile = Yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = @domainadmins
guest ok = Yes
[Profiles]
path = /var/lib/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[vol1]
path = /mnt/samba/vol1
read only = No
create mask = 0777
directory mask = 0777
use sendfile = No
Ахтунг! ldap machine suffix = ou=Computers - это мне так удобнее, ветку
Computers предварительно нужно создать. Это если не хотите, чтоб у вас
лдап-записи хостов лежали неаппетитной кучей в корне лдапа.
slapd-dkvko.lan.conf:
database hdb
suffix "dc=dkvko,dc=lan"
rootdn "cn=ldaproot,dc=dkvko,dc=lan"
rootpw zeexeph6uj8chi8x
directory /var/lib/ldap/bases/dkvko.lan
index objectClass eq
index uid eq
index cn eq
index uidNumber eq
index gidNumber eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to dn.subtree="ou=kdcroot,dc=dkvko,dc=lan"
by dn.exact="cn=kdc,ou=kdcroot,dc=dkvko,dc=lan" read
by dn.exact="cn=kadmin,ou=kdcroot,dc=dkvko,dc=lan" write
by * none
access to dn.subtree="cn=DKVKO.LAN,cn=kerberos,ou=kdcroot,dc=dkvko,dc=lan"
by dn.exact="cn=kdc,ou=kdcroot,dc=dkvko,dc=lan" read
by dn.exact="cn=kadmin,ou=kdcroot,dc=dkvko,dc=lan" write
by * none
access to *
by * read
slapd.conf отличается от стандартного только инклудом конфига моей зоны.
next prev parent reply other threads:[~2010-06-01 5:17 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-28 11:34 Евгений Баженов
2010-05-29 10:24 ` Dmitriy Kruglikov
2010-05-31 4:34 ` Trenin Sergey
2010-05-31 6:58 ` Trenin Sergey
2010-05-31 6:59 ` Trenin Sergey
2010-05-31 7:06 ` Владимир
2010-05-31 7:48 ` Trenin Sergey
2010-05-31 7:55 ` Владимир
2010-05-31 8:22 ` Trenin Sergey
2010-05-31 8:18 ` Dmitriy Kruglikov
2010-06-01 5:17 ` Евгений Баженов [this message]
2010-06-01 7:59 ` Trenin Sergey
2010-06-01 8:31 ` Евгений Баженов
2010-06-01 8:36 ` Dmitriy Kruglikov
2010-06-01 8:51 ` Trenin Sergey
2010-06-01 8:51 ` Dmitriy Kruglikov
2010-06-01 9:04 ` Trenin Sergey
2010-06-01 9:03 ` Dmitriy Kruglikov
2010-06-03 8:16 ` Trenin Sergey
2010-06-03 8:33 ` Dmitriy Kruglikov
2010-06-03 9:06 ` Trenin Sergey
2010-06-03 9:08 ` Dmitriy Kruglikov
2010-06-03 9:38 ` Vladimir Karpinsky
2010-06-03 10:12 ` Dmitriy Kruglikov
2010-06-04 10:48 ` Trenin Sergey
2010-06-04 10:52 ` Trenin Sergey
2010-06-04 10:45 ` Алексей Шенцев
2010-06-04 11:00 ` Trenin Sergey
2010-06-04 11:02 ` Trenin Sergey
2010-06-04 11:01 ` Dmitriy Kruglikov
2010-06-04 11:14 ` Trenin Sergey
2010-06-04 11:18 ` Алексей Шенцев
2010-06-04 11:35 ` Dmitriy Kruglikov
2010-06-04 10:55 ` Trenin Sergey
2010-06-04 10:52 ` Dmitriy Kruglikov
2010-06-03 10:07 ` Maks Re
2010-06-03 10:13 ` Dmitriy Kruglikov
2010-06-03 10:14 ` Алексей Шенцев
2010-06-03 10:24 ` Dmitriy Kruglikov
2010-06-07 12:17 ` Andrey Kuleshov
2010-06-07 12:13 ` Andrey Kuleshov
2010-06-07 12:19 ` Dmitriy Kruglikov
2010-06-01 5:30 ` Евгений Баженов
2010-06-01 6:41 ` Dmitriy Kruglikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C0497E8.7070402@ustk.kz \
--to=bazhen@ustk.kz \
--cc=sysadmins@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git