2008/8/28 William David FUG-BR <[EMAIL PROTECTED]>: > Boa Tarde > gostaria de pedir a ajuda pra uma cosia que esta me deixando careca. > estou com um maldito erro no Openldap. > > no qual ele nao retorna os grupos corretamente pelo id e o samba se > perde ao logar com o usuário não permitindo ele conectar aos > compartilhamentos pela restrição de grupos. > > eu estava escrevendo uma artigo sobre o FREBSD + OLDAP + Samba + e > empaquei nisso > > vejam o artigo que tem visão completa das configuração e explicações > http://biosystems.ath.cx:8080/wiki/doku.php?id=manuais:sar > > > # id bio > uid=1013(bio) gid=513(Domain Users) groups=513(Domain Users) > > # id teste > uid=1395(teste) gid=513(Domain Users) groups=513(Domain Users) > > # id teste1 > uid=1396(teste1) gid=513(Domain Users) groups=513(Domain Users)
Qual seria o retorno certo desse id?? Se possivel poste em algum lugar, um ldapsearch -x -D "cn=Manager,dc=schwarz" -w teste, para ver sua base real. > Aug 28 16:19:33 Bartelby id: nss_ldap: could not search LDAP server - > Server is unavailable Isso sempre acontece aqui cmg, tem a ver com a política usada soft. > > # getent group > > teste1:*:1000:teste,bio,teste1 > teste2:*:1003:teste,bio > teste3:*:1004:teste,bio > teste4:*:1005:teste,bio > # /usr/local/libexec/slapd -V > @(#) $OpenLDAP: slapd 2.4.11 (Jul 25 2008 13:17:13) $ > [EMAIL > PROTECTED]:/usr/ports/net/openldap24-server/work/openldap-2.4.11/servers/slapd > > > # /var/db/pkg/ > pam_ldap-1.8.4 > db46-4.6.21.1 > nss_ldap-1.257 > openldap-sasl-client-2.4.11 > openldap-sasl-server-2.4.11 > smbldap-tools-0.9.5 > samba-3.0.31_1,1 > > > > > ############################################ > minhas config são: > > > # /usr/local/etc/nss_ldap.secret <-> /etc/ldap.secret <-> > /usr/local/etc/ldap.secret > teste > > # /usr/local/etc/nss_ldap.conf <-> /etc/ldap.conf <-> > /usr/local/etc/ldap.conf > host schwarz-001b > > uri ldap://schwarz-001b:389/ > > port 389 > > base dc=schwarz > > bind_policy soft > > rootbinddn cn=Manager,dc=schwarz > > pam_password SSHA > ssl no > bind_policy soft > nss_base_passwd ou=Users,dc=schwarz?one > nss_base_passwd ou=Computers,dc=schwarz?one Não tá errado isso nao??? > nss_base_group ou=Groups,dc=schwarz?one > > > > # /usr/local/etc/openldap/ldap.conf > BASE dc=schwarz > URI ldap://192.168.1.232 ldap://192.168.2.100 > > BINDDN cn=manager,dc=schwarz > > > > > # /usr/local/etc/openldap/slapd.conf > > include /usr/local/etc/openldap/schema/core.schema > include /usr/local/etc/openldap/schema/cosine.schema > include /usr/local/etc/openldap/schema/inetorgperson.schema > include /usr/local/etc/openldap/schema/nis.schema > include /usr/local/etc/openldap/schema/samba.schema > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > ServerID 001 > > modulepath /usr/local/libexec/openldap > moduleload back_hdb > > loglevel 256 > > database hdb > > suffix "dc=schwarz" > rootdn "cn=Manager,dc=schwarz" > > rootpw {SSHA}qgsEroh1jPssq3EOKn74TESuVhLm95Wl > > directory /var/db/openldap-sch > > checkpoint 1024 5 > > index objectClass,uidNumber,gidNumber,entryUUID,entryCSN,contextCSN > eq > index cn,sn,uid,displayName > pres,sub,eq > index memberUid,mail,givenname > eq,subinitial > index > sambaSID,sambaPrimaryGroupSID,sambaDomainName,sambaGroupType,sambaSIDList > eq > > overlay syncprov > > syncprov-checkpoint 100 10 > syncprov-sessionlog 100 > > lastmod on > > syncrepl rid=001 > provider=ldap://192.168.1.232 > type=refreshAndPersist > interval=00:00:00:10 > searchbase="dc=schwarz" > scope=sub > schemachecking=off > bindmethod=simple > binddn="cn=manager,dc=schwarz" > credentials=teste > retry="60 +" > > syncrepl rid=003 > provider=ldap://192.168.2.100 > type=refreshOnly > interval=00:00:02:00 > searchbase="dc=schwarz" > scope=sub > schemachecking=off > bindmethod=simple > binddn="cn=manager,dc=schwarz" > credentials=teste > retry="60 +" > > mirrormode on > > access to * > by self write > by anonymous auth > by * none > Eu nunca usei em produção synclerep, vc já tentou fazer o teste sem a replicação usando apenas 1 servidor?? > > ## /etc/nsswitch.conf > group: files ldap > group_compat: nis > hosts: files dns > networks: files > passwd: files ldap > passwd_compat: nis > shells: files > services: compat > services_compat: nis > protocols: files > rpc: files > > # host schwarz-001b > schwarz-001b.schwarz has address 192.168.1.232 > > # netstat -an > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address (state) > tcp4 0 0 192.168.1.232.59920 192.168.2.100.389 TIME_WAIT > tcp4 0 0 192.168.1.232.53064 192.168.1.232.389 TIME_WAIT > tcp4 0 0 192.168.1.232.389 192.168.2.100.58975 ESTABLISHED > tcp4 0 0 192.168.1.232.389 192.168.1.232.63562 ESTABLISHED > tcp4 0 0 192.168.1.232.63562 192.168.1.232.389 ESTABLISHED > tcp4 0 52 192.168.1.232.22 192.168.1.246.55668 ESTABLISHED > tcp4 0 0 192.168.1.232.389 192.168.1.232.55105 ESTABLISHED > tcp4 0 0 192.168.1.232.55105 192.168.1.232.389 ESTABLISHED > tcp4 0 0 *.389 *.* LISTEN > tcp6 0 0 *.389 *.* LISTEN > > > > -- > -=-=-=-=-=-=-=-=-=- > William David Armstrong <----. Of course it runs > Bio Systems Security Networking <----|========================== > MSN / GT [EMAIL PROTECTED] <----' OpenBSD or FreeBSD > -------------------------------------- > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > -- Giancarlo Rubio ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
