openldap e samba

Mon, 06 Jun 2011 17:52:10 -0700 

        Lista

        Estou seguindo alguns textos que encontrei na internet sobre a
integração do openldap com o samba.

        Eu estou tendo problemas com o comando "smbldap-populate".
quando executo o comando esta aparecendo as seguintes mensagens de erro.

Populating LDAP directory for domain particula
(S-1-5-21-1993900916-2692806690-969127028)
(using builtin directory structure)

entry dc=particula,dc=local already exist. 
entry ou=People,dc=particula,dc=local already exist. 
entry ou=Groups,dc=particula,dc=local already exist. 
entry ou=People,dc=particula,dc=local already exist. 
entry ou=Idmap,dc=particula,dc=local already exist. 
entry uid=root,ou=People,dc=particula,dc=local already exist. 
entry uid=nobody,ou=People,dc=particula,dc=local already exist. 
adding new entry: cn=Domain Admins,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 101.
adding new entry: cn=Domain Users,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 112.
adding new entry: cn=Domain Guests,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 123.
adding new entry: cn=Domain Computers,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 134.
adding new entry: cn=Administrators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 179.
adding new entry: cn=Account Operators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 201.
adding new entry: cn=Print Operators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 212.
adding new entry: cn=Backup Operators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 223.
adding new entry: cn=Replicators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 234.
adding new entry: sambaDomainName=particula,dc=particula,dc=local
failed to add entry: invalid DN at /usr/sbin/smbldap-populate line 498,
<GEN1> line 242.

Please provide a password for the domain root: 
Changing UNIX password for root
New password: 
Retype new password: 
Failed to modify UNIX password: attribute 'shadowLastChange' not allowed
at /usr/sbin/smbldap-passwd line 285, <STDIN> line 2.

        Por acaso alguém na lista já teve um problema como esse?

        O que eu fiz até agora foi:

3 - Dados Tecnicos
        Distribuicao                    - gnu/linux debian stable
        Dominio                         - particula.local
        IP do servidor ldap e samba     - 192.168.0.7
        dc=particula,dc=local

4.1-Instalacao 
        $ aptitude install slapd ldap-utils migrationtools
        $ aptitude install phpldapadmin libnet-ldap-perl
        $ aptitude install samba samba-doc winbind libnss-ldap libmhash2 
sysutils libcrypt-smbhash-perl smbldap-tools 

4.2-Configuracao do LDAP
        $ vi /etc/ldap/ldap.conf
                host 192.168.0.7
                base dc=particula,dc=local
                rootbinddn cn=admin,dc=particula,dc=local

        $ slappasswd -h {SSHA} -s <SENHA>
        {SSHA}JSqnZ+f4RN9UBdtjNBJti9NXdN5zkrst

        $ vi /etc/ldap/slapd.conf
                # Read slapd.conf(5) for possible values
                loglevel        256

                # The base of your directory in database #1
                suffix          "dc=particula,dc=local"

                rootdn          "cn=admin,dc=particula,dc=local"
                rootpw          {SSHA}JSqnZ+f4RN9UBdtjNBJti9NXdN5zkrst
        $ vi /etc/syslog.conf
                local4.*                /var/log/ldap.log
        $ cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz 
/etc/ldap/schema/
        $ gunzip /etc/ldap/schema/samba.schema.gz
        $ vi /etc/ldap/slapd.conf
                include                     /etc/ldap/schema/samba.schema
                index cn                    pres,sub,eq
                index sn                    pres,sub,eq
                index uid                   pres,sub,eq
                index displayName           pres,sub,eq
                index uidNumber             eq
                index gidNumber             eq
                index memberUID             eq
                index sambaSID              eq
                index sambaPrimaryGroupSID  eq
                index sambaDomainName       eq
                index default               sub
                access to attrs=userPassword,sambaLMPassword,sambaNTPassword
                       by self write
                       by anonymous auth
                       by * none
        $ /etc/init.d/sysklogd restart
        $ /etc/init.d/slapd restart

4.3-Migracao dos usuarios, grupos e hosts do linux para o LDAP
        $ vi /usr/share/migrationtools/migrate_common.ph
                $DEFAULT_MAIL_DOMAIN = "particula.local";
                $DEFAULT_BASE = "dc=particula,dc=local";

        $ cd /usr/share/migrationtools/

        # Migrar a base do ldap
        $ ./migrate_base.pl | ldapadd -xD cn=admin,dc=particula,dc=local -c -h 
192.168.0.7 -w SENHA

        # Migrar os grupos para a base de dados do ldap
        $ ./migrate_group.pl /etc/group | ldapadd -xD 
cn=admin,dc=particula,dc=local -c -h 192.168.0.7 -w SENHA

        # Migrar os usuario para a base de dados do ldap
        $ ./migrate_passwd.pl /etc/passwd | ldapadd -xD 
cn=admin,dc=particula,dc=local -c -h 192.168.0.7 -w SENHA

        # Migrar os hosts para a base de dados do ldap
        # Exemplo do arquivo /etc/hosts
        # 192.168.0.7   server.particula.local  server
        $ ./migrate_hosts.pl /etc/hosts | ldapadd -xD 
cn=admin,dc=particula,dc=local -c -h 192.168.0.7 -w SENHA

4.4-Configuracao do PhpLdapAdmin
        $ vi /usr/share/phpldapadmin/config/config.php
                $servers[$i]['name'] = 'Particula LDAP Server';
                $servers[$i]['host'] = '192.168.0.7';

4.5-Configuracao do SMB-LDAP Tools
        $ cd /tmp
        $ wget http://www.nomis52.net/data/mkntpwd.tar.gz
        $ cd /usr/local/src
        $ tar -xzvf /tmp/mkntpwd.tar.gz
        $ cd /usr/local/src/mkntpwd
        $ make
        $ cp mkntpwd /usr/local/sbin/
        $ net getlocalsid
                SID for domain AKIRA is: 
S-1-5-21-422933630-3355374061-2294550427
        $ cd /etc/smbldap-tools/
        $ cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz .
        $ gunzip smbldap.conf.gz
        $ vi smbldap.conf
                ID="S-1-5-21-1304105363-4135810921-3996400691"
                slaveLDAP="192.168.0.7"
                masterLDAP="192.168.0.7"
                ldapTLS="0"
                suffix="dc=particula,dc=local"
                usersdn="ou=People,${suffix}"
                computersdn="ou=People,${suffix}"
                groupsdn="ou=Group,${suffix}"
                userSmbHome="\\srv3\home\%U"
                userProfile="\\srv3\profiles\%U"
                userScript="%U.bat"
                mailDomain="particula"
        $ cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf .
        $ vi smbldap_bind.conf
                slaveDN="cn=admin,dc=particula,dc=local"
                slavePw="SENHA"
                masterDN="cn=admin,dc=particula,dc=local"
                masterPw="SENHA"
        $ ./smbldap-populate

-- 

 .''`.   Caio Abreu Ferreira
: :'  :  [email protected]
`. `'`   Debian User
  `-     Key fingerprint = 97F8 61AC 605F 8A8B 3BA1  D479 8C9A 52E8 6478 601F

Attachment: signature.asc
Description: Digital signature

Responder a