samba 3.0.2 smbldap-tools 0.8.4 RH 9 nss_ldap configured pam_ldap NOT configured LDAP passwd backend
Hi, i've instaled samba 3.0.2 with smbldap-tools 0.8.4 twice in two different RH9. I got it runs in the first but not in the second with the same configuration (i think) The problen is (i got the same problem the first time but i don't remember how i fixed it) that when i try to create a new posix/samba account (with smbldap-useradd -a juan, for example) it runs until it create the posix account. Then it hangs. What could be happen? Thanks in advance! Carlos slapd[3195]: daemon: conn=271 fd=12 connection from IP=127.0.0.1:33598 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=271 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128 slapd[3195]: conn=271 op=0 RESULT tag=97 err=0 text= slapd[3195]: conn=271 op=1 SRCH base="o=senado.es" scope=2 filter="(&(objectClass=posixAccount)(uidNumber=1000))" slapd[3195]: conn=271 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: daemon: conn=272 fd=17 connection from IP=127.0.0.1:33599 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=272 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128 slapd[3195]: conn=272 op=0 RESULT tag=97 err=0 text= slapd[3195]: conn=272 op=1 SRCH base="o=senado.es" scope=2 filter="(&(objectClass=posixAccount)(uid=juan))" slapd[3195]: conn=272 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=272 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=273 fd=17 connection from IP=127.0.0.1:33600 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=273 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128 slapd[3195]: conn=273 op=0 RESULT tag=97 err=0 text= slapd[3195]: conn=273 op=1 SRCH base="ou=Groups,o=senado.es" scope=2 filter="(&(objectClass=posixGroup)(gidNumber=513))" slapd[3195]: conn=273 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=274 fd=17 connection from IP=127.0.0.1:33601 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=274 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128 slapd[3195]: conn=274 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=274 op=1 SRCH base="ou=People,o=senado.es" scope=2 filter="(sambaSID=S-1-5-21-2056510298-3027076148-852687323-3000)" slapd[3195]: conn=274 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=274 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=275 fd=19 connection from IP=127.0.0.1:33602 (IP=0.0.0.0:389) accepted. slapd[3195]: connection_read(17): no connection! slapd[3195]: conn=275 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128 slapd[3195]: conn=275 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=275 op=1 ADD dn="UID=JUAN,OU=PEOPLE,O=SENADO.ES" slapd[3195]: conn=275 op=1 RESULT tag=105 err=0 text= slapd[3195]: daemon: conn=276 fd=17 connection from IP=127.0.0.1:33603 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=276 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128 slapd[3195]: conn=276 op=0 RESULT tag=97 err=0 text= slapd[3195]: conn=276 op=1 SRCH base="ou=Groups,o=senado.es" scope=2 filter="(&(objectClass=posixGroup)(|(cn=513)(gidNumber=513)))" slapd[3195]: conn=276 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=276 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=277 fd=17 connection from IP=127.0.0.1:33604 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=277 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128 slapd[3195]: conn=277 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=277 op=1 SRCH base="ou=Groups,o=senado.es" scope=2 filter="(&(objectClass=posixGroup)(|(cn=513)(gidNumber=513)))" slapd[3195]: conn=277 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=277 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=278 fd=21 connection from IP=127.0.0.1:33605 (IP=0.0.0.0:389) accepted. slapd[3195]: connection_read(17): no connection! slapd[3195]: conn=278 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128 slapd[3195]: conn=278 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=278 op=1 SRCH base="cn=usuarios,ou=Groups,o=senado.es" scope=0 filter="(&(memberUid=juan))" slapd[3195]: conn=278 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=278 op=2 UNBIND slapd[3195]: conn=-1 fd=21 closed slapd[3195]: daemon: conn=279 fd=17 connection from IP=127.0.0.1:33606 (IP=0.0.0.0:389) accepted. slapd[3195]: connection_read(21): no connection! slapd[3195]: conn=279 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128 slapd[3195]: conn=279 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=279 op=1 MOD dn="cn=usuarios,ou=Groups,o=senado.es" slapd[3195]: conn=279 op=1 RESULT tag=103 err=0 text= slapd[3195]: conn=279 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed ---------------------------------------------------------------------------------------------------- [EMAIL PROTECTED] smbldap-tools]# grep -v ^# smbldap_bind.conf slaveDN="cn=Manager,o=senado.es" slavePw="secret" masterDN="cn=Manager,o=senado.es" masterPw="secret" -------------------------------------------------------------------------------------------------- [EMAIL PROTECTED] smbldap-tools]# grep -v ^# smbldap.conf | grep -v ^$ UID_START="1000" GID_START="1000" SID="S-1-5-21-2056510298-3027076148-852687323" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" ldapTLS="0" verify="" cafile="" clientcert="" clientkey="" suffix="o=senado.es" usersdn="ou=People,o=senado.es" computersdn="ou=Computers,o=senado.es" groupsdn="ou=Groups,o=senado.es" scope="sub" hash_encrypt="MD5" userLoginShell="/bin/false" userHomePrefix="" userGecos="System User" defaultUserGid="513" defaultComputerGid="553" skeletonDir="/etc/skel" defaultMaxPasswordAge="55" userSmbHome="" userProfile="" userHomeDrive="" userScript="" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" mk_ntpasswd="/usr/local/sbin/mkntpwd" -------------------------------------------------------------------------------------------------- [EMAIL PROTECTED] smbldap-tools]# grep -v ^# /etc/ldap.conf | grep -v ^$ host 127.0.0.1 base o=senado.es uri ldap://127.0.0.1/ binddn cn=Manager,o=senado.es bindpw secret rootbinddn cn=Manager,o=senado.es scope sub nss_base_passwd o=senado.es?sub nss_base_shadow ou=People,o=senado.es?one nss_base_group ou=Groups,o=senado.es?one ssl no pam_password md5 ---------------------------------------------------------------------------------------------------- [EMAIL PROTECTED] smbldap-tools]# grep -v ^# /etc/openldap/slapd.conf | grep -v ^$ include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/rfc822-MailMember.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/redhat/kerberosobject.schema include /usr/share/doc/samba-3.0.2a/examples/LDAP/samba.schema access to * by * loglevel 256 database ldbm suffix "o=senado.es" rootdn "cn=Manager,o=senado.es" rootpw secret directory /var/lib/ldap index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial ----------------------------------------------------------------------------------------------------- [EMAIL PROTECTED] smbldap-tools]# grep -v ^# /etc/openldap/ldap.conf | grep -v ^$ HOST 127.0.0.1 BASE o=senado.es ----------------------------------------------------------------------------------------------------- [EMAIL PROTECTED] smbldap-tools]# grep -v ^# /etc/samba/smb.conf | grep -v ^$ [global] netbios name = testPDC workgroup = test passdb backend = ldapsam:ldap://localhost:389 ldap admin dn = "cn=Manager,o=senado.es" ldap ssl = off ; Cuando borro un usuario del dominio solo quiero ; borrar sus atributos de samba, pero no elimino ; la entrada del ldap. ldap delete dn = no ldap suffix = o=senado.es ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap filter = (uid=%u) ; Intenta sincronizar el password ldap con la password NT ldap passwd sync = yes add user script = /usr/local/sbin/smbldap-useradd -m "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" ;idmap backend = ldap:ldap://localhost:389 ;ldap idmap suffix = ou=Idmap ;username map = /etc/samba/smbusers security = user encrypt passwords = yes os level = 255 preferred master = yes domain master = yes local master = yes wins support = yes domain logons = yes logon path = logon home = logon drive = logon script = [netlogon] path = /home/samba/netlogon read only = yes ----------------------------------------------------------------------------------------------------------- [EMAIL PROTECTED] smbldap-tools]# grep -v ^# /etc/nsswitch.conf | grep -v ^$ passwd: files ldap shadow: files group: files ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus ---------------------------------------------------------------------------------------------------- dn: o=senado.es objectClass: top objectClass: organization o: senado.es dn: ou=People,o=senado.es objectClass: top objectClass: organizationalUnit ou: People dn: ou=Groups,o=senado.es objectClass: top objectClass: organizationalUnit ou: Groups dn: ou=Computers,o=senado.es objectClass: top objectClass: organizationalUnit ou: Computers dn: cn=adminsnt,ou=Groups,o=senado.es objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping description: Usuarios con permisos de administracion cn: adminsnt gidNumber: 512 sambaSID: S-1-5-21-2056510298-3027076148-852687323-512 sambaGroupType: 2 displayName: adminsnt memberUid: Administrador dn: cn=invitados,ou=Groups,o=senado.es objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping description: Usuarios sin privilegios cn: invitados gidNumber: 99 sambaSID: S-1-5-21-2056510298-3027076148-852687323-514 sambaGroupType: 2 displayName: invitados dn: cn=usuarios,ou=Groups,o=senado.es objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping description: Usuarios normales del dominio cn: usuarios gidNumber: 513 sambaSID: S-1-5-21-2056510298-3027076148-852687323-513 sambaGroupType: 2 displayName: usuarios dn: uid=Administrador,ou=People,o=senado.es objectClass: top objectClass: posixAccount objectClass: sambaSamAccount cn: Administrador uid: Administrador uidNumber: 0 gidNumber: 512 homeDirectory: /dev/null sambaSID: S-1-5-21-2056510298-3027076148-852687323-1000 displayName: Administrador sambaPrimaryGroupSID: S-1-5-21-2056510298-3027076148-852687323-512 sambaPwdCanChange: 1078218555 sambaPwdMustChange: 2147483647 sambaLMPassword: F0D412BD764FFE81AAD3B435B51404EE sambaNTPassword: 209C6174DA490CAEB422F3FA5A7AE634 sambaPwdLastSet: 1078218555 sambaAcctFlags: [U ] userPassword: {SSHA}Xjsp7TqeUPsae9G5waRi4Hx4rswOt0R8 dn: uid=invitado,ou=People,o=senado.es objectClass: top objectClass: posixAccount objectClass: sambaSamAccount cn: invitado gidNumber: 99 uid: invitado sambaSID: S-1-5-21-2056510298-3027076148-852687323-1000 sambaPrimaryGroupSID: S-1-5-21-2056510298-3027076148-852687323-514 uidNumber: 1000 homeDirectory: /dev/null sambaPwdCanChange: 1078218599 sambaPwdMustChange: 2147483647 sambaLMPassword: 786285D31C040D28E68AA26A841A86FA sambaNTPassword: 1EA468D4AAA403FA9C3C58725792D638 sambaPwdLastSet: 1078218599 sambaAcctFlags: [U ] userPassword: {SSHA}+OFXK+mDJIJY8e/0QozZF2JWmCRICBhe memberUid: invitado dn: sambaDomainName=TEST,o=senado.es sambaDomainName: TEST sambaSID: S-1-5-21-2056510298-3027076148-852687323 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
