From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DNS_FROM_OPENWHOIS autolearn=no version=3.2.5 Message-ID: <4C0497E8.7070402@ustk.kz> Date: Tue, 01 Jun 2010 11:17:28 +0600 From: =?KOI8-R?Q?=E5=D7=C7=C5=CE=C9=CA_=E2=C1=D6=C5=CE=CF=D7?= User-Agent: Thunderbird 2.0.0.21 (X11/20090430) MIME-Version: 1.0 To: ALT Linux sysadmins' discussion References: <4BFFAA31.2060604@ustk.kz> In-Reply-To: Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit X-Authenticated-Sender: bazhen@ustk.kz X-Return-Path: bazhen@ustk.kz X-Envelope-From: bazhen@ustk.kz X-MDaemon-Deliver-To: sysadmins@lists.altlinux.org X-MDAV-Processed: ustk.kz, Tue, 01 Jun 2010 11:17:30 +0600 Subject: Re: [Sysadmins] =?koi8-r?b?U2FtYmEgKyBMREFQLCBzYW1iYVB3ZExhc3RTZXQg?= =?koi8-r?b?LSDQz8Taxc3O2cog09TVyw==?= X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux sysadmins' discussion List-Id: ALT Linux sysadmins' discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jun 2010 05:17:39 -0000 Archived-At: List-Archive: Trenin Sergey пишет: > Евгений, не приведете содержимое файлов snb.conf, slapd.conf и > slapd-ваша_зона.conf, тоже разбираюсь с pdc smb.conf: [global] dos charset = CP866 unix charset = utf8 display charset = utf8 workgroup = DKVKO realm = DKVKO.LAN server string = Samba server on %h (v. %v) interfaces = 192.168.137.2/24, 127.0.0.1/24 bind interfaces only = Yes map to guest = Bad User passdb backend = ldapsam:ldap://127.0.0.1/ passwd chat debug = Yes use kerberos keytab = Yes log file = /var/log/samba/log.%U.%m.%G.%I max log size = 50 max xmit = 64000 time server = Yes unix extensions = No socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=64000 SO_RCVBUF=64000 SO_KEEPALIVE printcap name = cups logon path = logon drive = x: logon home = \\%L\vol1 domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=ldaproot,dc=dkvko,dc=lan ldap group suffix = ou=Group ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=dkvko,dc=lan ldap user suffix = ou=People admin users = @domainadmins hosts allow = 192.168., 127. use sendfile = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = @domainadmins guest ok = Yes [Profiles] path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [vol1] path = /mnt/samba/vol1 read only = No create mask = 0777 directory mask = 0777 use sendfile = No Ахтунг! ldap machine suffix = ou=Computers - это мне так удобнее, ветку Computers предварительно нужно создать. Это если не хотите, чтоб у вас лдап-записи хостов лежали неаппетитной кучей в корне лдапа. slapd-dkvko.lan.conf: database hdb suffix "dc=dkvko,dc=lan" rootdn "cn=ldaproot,dc=dkvko,dc=lan" rootpw zeexeph6uj8chi8x directory /var/lib/ldap/bases/dkvko.lan index objectClass eq index uid eq index cn eq index uidNumber eq index gidNumber eq access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to dn.subtree="ou=kdcroot,dc=dkvko,dc=lan" by dn.exact="cn=kdc,ou=kdcroot,dc=dkvko,dc=lan" read by dn.exact="cn=kadmin,ou=kdcroot,dc=dkvko,dc=lan" write by * none access to dn.subtree="cn=DKVKO.LAN,cn=kerberos,ou=kdcroot,dc=dkvko,dc=lan" by dn.exact="cn=kdc,ou=kdcroot,dc=dkvko,dc=lan" read by dn.exact="cn=kadmin,ou=kdcroot,dc=dkvko,dc=lan" write by * none access to * by * read slapd.conf отличается от стандартного только инклудом конфига моей зоны.