Ignore a quantidade de mensgens anteriores, estavam demorando a entrar
na lista qdo enviava, por isso mandei várias vezes, mas vc respondeu
anteriormente.
Funcionou perfeitamente, agora estou conseguindo autenticar corretamente
as máquinas com o Windows XP. Valeu mesmo pelas dicas e pela paciência.
Eu estava tentando fazer com que os usuários pudessem eles mesmos
alterar a senha da rede pelo windows XP. Mas qdo tendo aparece a
mensagem de que não tenho acesso.
Dando uma olhada naquele material que me mandou sobre o
smbldap-tools, encontrei uma parte a respeito na configuração do
slapd.conf no que diz respeito ao acesso a base de dados.
/access to attrs=userPassword, sambaNTPassword, sambaLMPassword
by dn="cn=admin, dc=ljussara" write
by anonymous auth
by self write
by * none
/
Você não deveria precisar alterar isso, (somente acrescentar os
atributos do samba para que os hashes não sejam vistos por qualquer
um), a instalação da base deveria ter colocado esta linha pra você.
Mas sim ela precisa estar lá.
E conforme a RFC2253 "Distinguished Names" ou "dn" NÃO PODEM CONTER
ESPAÇOS. Tire os espaços que você colocou após cada vírgula e reinicie
o ldap.
Os espaços foram um erro de digitação no email, no arquivo original eles
não existem.
//eu acrescentei o ou=Users /by dn="cn=admin, ou=Users,dc=ljussara"
write/ mas não deu certo não.
É alguma coisa por aqui que precisa ser mudada? Eu preciso dar acesso
aos usuários para gravar (chmod 666) no /var/lib/ldap ?
Se você fizer isso qualquer usuário vai conseguir alterar os arquivos
da base. Ou seja, NÃO.
Desde já muito obrigado
Pedro
Você também não pode ter isso definido individualmente, portanto
retire a opção sambaProfilePath que você colocou nas contas.
Edmundo Valle Neto
Atenciosamente.
Edmundo Valle Neto
Eu reiniciei o servidor, o micro, exclui e inclui o usuário novamente,
mas não deu certo, não consigo alterar a senha pelo windows xp não,
retorna a mensagem que não tenho permissão para alterar a senha.
Estou enviando meu arquivo smb.conf, slapd.conf e um um trecho do log
onde com a saída de qdo tento alterar a senha. Se puder dar uma olhada
eu agradeço.
Abraço
Pedro
#LOG
2007/07/13 03:58:40, 2] smbd/reply.c:reply_special(236)
netbios connect: name1=SERVSAMBA name2=MAQ97
[2007/07/13 03:58:40, 2] smbd/reply.c:reply_special(243)
netbios connect: local=servsamba remote=maq97, name type = 0
[2007/07/13 03:58:40, 0] lib/util_sock.c:write_socket_data(430)
write_socket_data: write failure. Error = Connection reset by peer
[2007/07/13 03:58:40, 0] lib/util_sock.c:write_socket(455)
write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection
reset by peer
[2007/07/13 03:58:40, 0] lib/util_sock.c:send_smb(647)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2007/07/13 03:58:40, 2] smbd/server.c:exit_server(609)
Closing connections
[2007/07/13 03:58:40, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2007/07/13 03:58:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: nilson
[2007/07/13 03:58:43, 2] smbd/chgpasswd.c:expect(281)
expect: Success
[2007/07/13 03:58:43, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: nilson
[2007/07/13 03:58:46, 2] smbd/chgpasswd.c:expect(281)
expect: Success
[2007/07/13 03:58:48, 2] smbd/server.c:exit_server(609)
Closing connections
#SMB.CONF
# SERVIDOR SAMBA/LDAP
#======================= Global Settings =======================
[global]
workgroup = JUSSARA
server string = Serv. Samba
netbios name = ServSamba
wins support = yes
dns proxy = no
name resolve order = lmhosts host wins bcast
#### Debugging/Accounting ####
log level = 2
log file = /var/log/samba/samba.log
max log size = 1000
; syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
security = user
encrypt passwords = yes
passdb backend = ldapsam:ldap://127.0.0.1
# passdb expand explicit = no
obey pam restrictions = no
; guest account = nobody
; invalid users = root
# username map /etc/samba/smbusers
# Sincronização das senha dos usuários
unix password sync = yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "*Enter\snew\sUNIX\spassword:*" %n\n
"*Retype\snew\sUNIX\spassword:*" %n\n
ldap passwd sync = yes
# ldap ssl = start_tsl
ldap admin dn = cn=admin,dc=ljussara
ldap suffix = dc=ljussara
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap delete dn = yes
#Configurações dos scripts de adição/exclusão de usuários
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
###### Configuração de Dominio
domain logons = yes
enable privileges = yes
admin users = adm
logon drive = Z:
logon script = logon.bat
logon path =
logon home =
##### Misc
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
writable = no
create mask = 0700
directory mask = 0700
[profiles]
path = /home/profiles
create mask = 0777
directory mask = 0777
guest ok = yes
profile acls = yes
force user = %U
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = yes
share modes = no
[Arquivos]
comment = Compartilhamento de arquivos
path = /Arquivos
browseable = yes
writeable = yes
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
#SLAPD.CONF
# ARQUIVO DE CONF. SERVER LDAP
#######################################################################
# Global Directives:
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
#Forca a verificacao do dados com os schemas
schemacheck on
#######################################################################
# SERVICO
#######################################################################
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
loglevel 296
modulepath /usr/lib/ldap
moduleload back_bdb
#######################################################################
# SEGURANCA
#######################################################################
allow bind_v2
#######################################################################
# BANCO DE DADOS
#######################################################################
backend bdb
checkpoint 512 30
#######################################################################
# BASE DE DADOS
#######################################################################
database bdb
suffix "dc=ljussara"
#Pasta que armazena os arquivos da base de dados - incluir no bkp
directory "/var/lib/ldap"
index objectClass eq
#index cn,sn,uid,displayName pres,sub,eq
#index memberUID,mail,givenname eq,subinitial
#index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
rootdn "cn=admin,dc=ljussara"
rootpw {MD5}7DI9pILkgi0BBKhovmLYmA
lastmod on
mode 0600
cachesize 2000
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
#######################################################################
# ACL's PARA BASE DE DADOS
#######################################################################
access to
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
by dn="cn=admin,ou=Users,dc=ljussara" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=ljussara" write
by * read
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
