[FUG-BR] LDAP AGAIN
Boa Tarde gostaria de pedir a ajuda pra uma cosia que esta me deixando careca. estou com um maldito erro no Openldap. no qual ele nao retorna os grupos corretamente pelo id e o samba se perde ao logar com o usuário não permitindo ele conectar aos compartilhamentos pela restrição de grupos. eu estava escrevendo uma artigo sobre o FREBSD + OLDAP + Samba + e empaquei nisso vejam o artigo que tem visão completa das configuração e explicações http://biosystems.ath.cx:8080/wiki/doku.php?id=manuais:sar # id bio uid=1013(bio) gid=513(Domain Users) groups=513(Domain Users) # id teste uid=1395(teste) gid=513(Domain Users) groups=513(Domain Users) # id teste1 uid=1396(teste1) gid=513(Domain Users) groups=513(Domain Users) Aug 28 16:19:33 Bartelby id: nss_ldap: could not search LDAP server - Server is unavailable # getent group teste1:*:1000:teste,bio,teste1 teste2:*:1003:teste,bio teste3:*:1004:teste,bio teste4:*:1005:teste,bio # /usr/local/libexec/slapd -V @(#) $OpenLDAP: slapd 2.4.11 (Jul 25 2008 13:17:13) $ [EMAIL PROTECTED]:/usr/ports/net/openldap24-server/work/openldap-2.4.11/servers/slapd # /var/db/pkg/ pam_ldap-1.8.4 db46-4.6.21.1 nss_ldap-1.257 openldap-sasl-client-2.4.11 openldap-sasl-server-2.4.11 smbldap-tools-0.9.5 samba-3.0.31_1,1 minhas config são: # /usr/local/etc/nss_ldap.secret - /etc/ldap.secret - /usr/local/etc/ldap.secret teste # /usr/local/etc/nss_ldap.conf - /etc/ldap.conf - /usr/local/etc/ldap.conf host schwarz-001b uri ldap://schwarz-001b:389/ port 389 base dc=schwarz bind_policy soft rootbinddn cn=Manager,dc=schwarz pam_password SSHA ssl no bind_policy soft nss_base_passwd ou=Users,dc=schwarz?one nss_base_passwd ou=Computers,dc=schwarz?one nss_base_group ou=Groups,dc=schwarz?one # /usr/local/etc/openldap/ldap.conf BASEdc=schwarz URI ldap://192.168.1.232 ldap://192.168.2.100 BINDDN cn=manager,dc=schwarz # /usr/local/etc/openldap/slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args ServerID 001 modulepath /usr/local/libexec/openldap moduleload back_hdb loglevel 256 databasehdb suffix dc=schwarz rootdn cn=Manager,dc=schwarz rootpw {SSHA}qgsEroh1jPssq3EOKn74TESuVhLm95Wl directory /var/db/openldap-sch checkpoint 10245 index objectClass,uidNumber,gidNumber,entryUUID,entryCSN,contextCSN eq index cn,sn,uid,displayName pres,sub,eq index memberUid,mail,givenname eq,subinitial index sambaSID,sambaPrimaryGroupSID,sambaDomainName,sambaGroupType,sambaSIDList eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 lastmod on syncrepl rid=001 provider=ldap://192.168.1.232 type=refreshAndPersist interval=00:00:00:10 searchbase=dc=schwarz scope=sub schemachecking=off bindmethod=simple binddn=cn=manager,dc=schwarz credentials=teste retry=60 + syncrepl rid=003 provider=ldap://192.168.2.100 type=refreshOnly interval=00:00:02:00 searchbase=dc=schwarz scope=sub schemachecking=off bindmethod=simple binddn=cn=manager,dc=schwarz credentials=teste retry=60 + mirrormode on access to * by self write by anonymous auth by * none ## /etc/nsswitch.conf group: files ldap group_compat: nis hosts: files dns networks: files passwd: files ldap passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files # host schwarz-001b schwarz-001b.schwarz has address 192.168.1.232 # netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp4 0 0 192.168.1.232.59920192.168.2.100.389 TIME_WAIT tcp4 0 0 192.168.1.232.53064192.168.1.232.389 TIME_WAIT tcp4 0 0 192.168.1.232.389 192.168.2.100.58975ESTABLISHED tcp4 0 0 192.168.1.232.389 192.168.1.232.63562ESTABLISHED tcp4 0 0 192.168.1.232.63562192.168.1.232.389 ESTABLISHED tcp4 0 52 192.168.1.232.22 192.168.1.246.55668ESTABLISHED tcp4 0 0 192.168.1.232.389 192.168.1.232.55105ESTABLISHED tcp4 0 0 192.168.1.232.55105192.168.1.232.389 ESTABLISHED tcp4 0 0 *.389 *.*LISTEN tcp6 0 0 *.389 *.*LISTEN -- -=-=-=-=-=-=-=-=-=-
Re: [FUG-BR] LDAP AGAIN
2008/8/28 William David FUG-BR [EMAIL PROTECTED]: Boa Tarde gostaria de pedir a ajuda pra uma cosia que esta me deixando careca. estou com um maldito erro no Openldap. no qual ele nao retorna os grupos corretamente pelo id e o samba se perde ao logar com o usuário não permitindo ele conectar aos compartilhamentos pela restrição de grupos. eu estava escrevendo uma artigo sobre o FREBSD + OLDAP + Samba + e empaquei nisso vejam o artigo que tem visão completa das configuração e explicações http://biosystems.ath.cx:8080/wiki/doku.php?id=manuais:sar # id bio uid=1013(bio) gid=513(Domain Users) groups=513(Domain Users) # id teste uid=1395(teste) gid=513(Domain Users) groups=513(Domain Users) # id teste1 uid=1396(teste1) gid=513(Domain Users) groups=513(Domain Users) Qual seria o retorno certo desse id?? Se possivel poste em algum lugar, um ldapsearch -x -D cn=Manager,dc=schwarz -w teste, para ver sua base real. Aug 28 16:19:33 Bartelby id: nss_ldap: could not search LDAP server - Server is unavailable Isso sempre acontece aqui cmg, tem a ver com a política usada soft. # getent group teste1:*:1000:teste,bio,teste1 teste2:*:1003:teste,bio teste3:*:1004:teste,bio teste4:*:1005:teste,bio # /usr/local/libexec/slapd -V @(#) $OpenLDAP: slapd 2.4.11 (Jul 25 2008 13:17:13) $ [EMAIL PROTECTED]:/usr/ports/net/openldap24-server/work/openldap-2.4.11/servers/slapd # /var/db/pkg/ pam_ldap-1.8.4 db46-4.6.21.1 nss_ldap-1.257 openldap-sasl-client-2.4.11 openldap-sasl-server-2.4.11 smbldap-tools-0.9.5 samba-3.0.31_1,1 minhas config são: # /usr/local/etc/nss_ldap.secret - /etc/ldap.secret - /usr/local/etc/ldap.secret teste # /usr/local/etc/nss_ldap.conf - /etc/ldap.conf - /usr/local/etc/ldap.conf host schwarz-001b uri ldap://schwarz-001b:389/ port 389 base dc=schwarz bind_policy soft rootbinddn cn=Manager,dc=schwarz pam_password SSHA ssl no bind_policy soft nss_base_passwd ou=Users,dc=schwarz?one nss_base_passwd ou=Computers,dc=schwarz?one Não tá errado isso nao??? nss_base_group ou=Groups,dc=schwarz?one # /usr/local/etc/openldap/ldap.conf BASEdc=schwarz URI ldap://192.168.1.232 ldap://192.168.2.100 BINDDN cn=manager,dc=schwarz # /usr/local/etc/openldap/slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args ServerID 001 modulepath /usr/local/libexec/openldap moduleload back_hdb loglevel 256 databasehdb suffix dc=schwarz rootdn cn=Manager,dc=schwarz rootpw {SSHA}qgsEroh1jPssq3EOKn74TESuVhLm95Wl directory /var/db/openldap-sch checkpoint 10245 index objectClass,uidNumber,gidNumber,entryUUID,entryCSN,contextCSN eq index cn,sn,uid,displayName pres,sub,eq index memberUid,mail,givenname eq,subinitial index sambaSID,sambaPrimaryGroupSID,sambaDomainName,sambaGroupType,sambaSIDList eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 lastmod on syncrepl rid=001 provider=ldap://192.168.1.232 type=refreshAndPersist interval=00:00:00:10 searchbase=dc=schwarz scope=sub schemachecking=off bindmethod=simple binddn=cn=manager,dc=schwarz credentials=teste retry=60 + syncrepl rid=003 provider=ldap://192.168.2.100 type=refreshOnly interval=00:00:02:00 searchbase=dc=schwarz scope=sub schemachecking=off bindmethod=simple binddn=cn=manager,dc=schwarz credentials=teste retry=60 + mirrormode on access to * by self write by anonymous auth by * none Eu nunca usei em produção synclerep, vc já tentou fazer o teste sem a replicação usando apenas 1 servidor?? ## /etc/nsswitch.conf group: files ldap group_compat: nis hosts: files dns networks: files passwd: files ldap passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files # host schwarz-001b schwarz-001b.schwarz has address 192.168.1.232 # netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp4 0 0 192.168.1.232.59920192.168.2.100.389 TIME_WAIT tcp4 0 0 192.168.1.232.53064192.168.1.232.389 TIME_WAIT tcp4 0 0 192.168.1.232.389 192.168.2.100.58975ESTABLISHED tcp4 0 0 192.168.1.232.389
Re: [FUG-BR] LDAP AGAIN
Boa note criei o servidor do 0 sem Repl com o openLDAP 2.4.11 reconfigurei tudo no braço mesmo erro o estranho é que alguns usuários ele volta a mensagem correta do ID e nao da a mensagem de erro tentando conectar no servidor ldap mesmo micro usuários importados do master.passwd # id bio uid=1001(bio) gid=1001(bio) groups=1001(bio),0(wheel),1002(hinode),1005(prepre),1009(dirind),1011(gerlog),1012(gerind),1013(gerqua),1014(gercom),1015(gerfin),1017(fatura),1018(pessoa),1019(segura),1020(pcp),1021(compra),1022(almoxa),1023(expedi),1024(produc),1025(manute),1026(proces),1027(dimens),1028(inspec),1029(iso),1030(isocorp),1031(isoaud),1032(logist),1033(presta),1034(materi),1035(procep),1036(vtb),1037(ferram),1043(saturn),1044(forpon),1047(orcamento),1142(bosh),1000(teste1),1003(teste2),1004(teste3) isso que deveria aparecer no usuários de teste ldapsearch -x -D cn=Manager,dc=schwarz -w teste # extended LDIF # # LDAPv3 # base dc=schwarz (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # schwarz dn: dc=schwarz objectClass: dcObject objectClass: organization o: schwarz dc: schwarz .. # teste4, Groups, schwarz dn: cn=teste4,ou=Groups,dc=schwarz objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping cn: teste4 gidNumber: 1005 sambaSID: S-1-5-21-291182402-1633439629-2175469024-3011 sambaGroupType: 2 displayName: teste4 memberUid: teste memberUid: bio # teste1, Users, schwarz dn: uid=teste1,ou=Users,dc=schwarz objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: teste1 sn: teste1 givenName: teste1 uid: teste1 uidNumber: 1396 gidNumber: 513 homeDirectory: /dados/users/teste1 loginShell: /usr/sbin/nologin gecos: System User userPassword:: e2NyeXB0fXg= # search result search: 2 result: 0 Success # numResponses: 249 # numEntries: 248 com relação ao nss_base_passwd a base computers eu somente copiei do the linux samba ldap how-to http://download.gna.org/smbldap-tools/docs/samba-ldap-howto/#htoc17 - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd