subject:"\[FUG\-BR\] LDAP AGAIN"

[FUG-BR] LDAP AGAIN

2008-08-28 Por tôpico William David FUG-BR

Boa Tarde
gostaria de pedir a ajuda pra uma cosia que esta me deixando careca.
estou com um maldito erro no Openldap.

no qual ele nao retorna  os  grupos corretamente pelo id e o samba se
perde ao  logar com o usuário não permitindo ele conectar aos
compartilhamentos pela restrição de grupos.

eu estava escrevendo uma artigo sobre o FREBSD + OLDAP + Samba + e
empaquei nisso

vejam o artigo que tem visão completa das configuração e explicações
http://biosystems.ath.cx:8080/wiki/doku.php?id=manuais:sar


# id bio
uid=1013(bio) gid=513(Domain Users) groups=513(Domain Users)

# id teste
uid=1395(teste) gid=513(Domain Users) groups=513(Domain Users)

# id teste1
uid=1396(teste1) gid=513(Domain Users) groups=513(Domain Users)


Aug 28 16:19:33 Bartelby id: nss_ldap: could not search LDAP server -
Server is unavailable


# getent group

teste1:*:1000:teste,bio,teste1
teste2:*:1003:teste,bio
teste3:*:1004:teste,bio
teste4:*:1005:teste,bio


# /usr/local/libexec/slapd -V
@(#) $OpenLDAP: slapd 2.4.11 (Jul 25 2008 13:17:13) $
   [EMAIL 
PROTECTED]:/usr/ports/net/openldap24-server/work/openldap-2.4.11/servers/slapd


# /var/db/pkg/
pam_ldap-1.8.4
db46-4.6.21.1
nss_ldap-1.257
openldap-sasl-client-2.4.11
openldap-sasl-server-2.4.11
smbldap-tools-0.9.5
samba-3.0.31_1,1





minhas config são:


# /usr/local/etc/nss_ldap.secret - /etc/ldap.secret  -
/usr/local/etc/ldap.secret
teste

# /usr/local/etc/nss_ldap.conf - /etc/ldap.conf  - /usr/local/etc/ldap.conf
host schwarz-001b

uri ldap://schwarz-001b:389/

port 389

base dc=schwarz

bind_policy soft

rootbinddn cn=Manager,dc=schwarz

pam_password SSHA
ssl no
bind_policy soft

nss_base_passwd ou=Users,dc=schwarz?one
nss_base_passwd ou=Computers,dc=schwarz?one
nss_base_group  ou=Groups,dc=schwarz?one



# /usr/local/etc/openldap/ldap.conf
BASEdc=schwarz
URI ldap://192.168.1.232 ldap://192.168.2.100

BINDDN cn=manager,dc=schwarz




# /usr/local/etc/openldap/slapd.conf

include  /usr/local/etc/openldap/schema/core.schema
include  /usr/local/etc/openldap/schema/cosine.schema
include  /usr/local/etc/openldap/schema/inetorgperson.schema
include  /usr/local/etc/openldap/schema/nis.schema
include  /usr/local/etc/openldap/schema/samba.schema

pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args

ServerID 001

modulepath  /usr/local/libexec/openldap
moduleload  back_hdb

loglevel 256

databasehdb

suffix  dc=schwarz
rootdn  cn=Manager,dc=schwarz

rootpw  {SSHA}qgsEroh1jPssq3EOKn74TESuVhLm95Wl

directory   /var/db/openldap-sch

checkpoint  10245

index  objectClass,uidNumber,gidNumber,entryUUID,entryCSN,contextCSN
eq
index  cn,sn,uid,displayName
pres,sub,eq
index  memberUid,mail,givenname
eq,subinitial
index  sambaSID,sambaPrimaryGroupSID,sambaDomainName,sambaGroupType,sambaSIDList
  eq

overlay syncprov

syncprov-checkpoint 100 10
syncprov-sessionlog 100

lastmod  on

syncrepl   rid=001
  provider=ldap://192.168.1.232
  type=refreshAndPersist
  interval=00:00:00:10
  searchbase=dc=schwarz
  scope=sub
  schemachecking=off
  bindmethod=simple
  binddn=cn=manager,dc=schwarz
  credentials=teste
  retry=60 +

syncrepl   rid=003
  provider=ldap://192.168.2.100
  type=refreshOnly
  interval=00:00:02:00
  searchbase=dc=schwarz
  scope=sub
  schemachecking=off
  bindmethod=simple
  binddn=cn=manager,dc=schwarz
  credentials=teste
  retry=60 +

mirrormode on

access to *
 by self write
 by anonymous auth
 by * none


## /etc/nsswitch.conf
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

# host schwarz-001b
schwarz-001b.schwarz has address 192.168.1.232

# netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
tcp4   0  0  192.168.1.232.59920192.168.2.100.389  TIME_WAIT
tcp4   0  0  192.168.1.232.53064192.168.1.232.389  TIME_WAIT
tcp4   0  0  192.168.1.232.389  192.168.2.100.58975ESTABLISHED
tcp4   0  0  192.168.1.232.389  192.168.1.232.63562ESTABLISHED
tcp4   0  0  192.168.1.232.63562192.168.1.232.389  ESTABLISHED
tcp4   0 52  192.168.1.232.22   192.168.1.246.55668ESTABLISHED
tcp4   0  0  192.168.1.232.389  192.168.1.232.55105ESTABLISHED
tcp4   0  0  192.168.1.232.55105192.168.1.232.389  ESTABLISHED
tcp4   0  0  *.389  *.*LISTEN
tcp6   0  0  *.389  *.*LISTEN



--
-=-=-=-=-=-=-=-=-=-

Re: [FUG-BR] LDAP AGAIN

2008-08-28 Por tôpico Giancarlo Rubio

2008/8/28 William David FUG-BR [EMAIL PROTECTED]:
 Boa Tarde
 gostaria de pedir a ajuda pra uma cosia que esta me deixando careca.
 estou com um maldito erro no Openldap.

 no qual ele nao retorna  os  grupos corretamente pelo id e o samba se
 perde ao  logar com o usuário não permitindo ele conectar aos
 compartilhamentos pela restrição de grupos.

 eu estava escrevendo uma artigo sobre o FREBSD + OLDAP + Samba + e
 empaquei nisso

 vejam o artigo que tem visão completa das configuração e explicações
 http://biosystems.ath.cx:8080/wiki/doku.php?id=manuais:sar


 # id bio
 uid=1013(bio) gid=513(Domain Users) groups=513(Domain Users)

 # id teste
 uid=1395(teste) gid=513(Domain Users) groups=513(Domain Users)

 # id teste1
 uid=1396(teste1) gid=513(Domain Users) groups=513(Domain Users)

Qual seria o retorno certo desse id?? Se possivel poste em algum
lugar, um ldapsearch -x -D cn=Manager,dc=schwarz -w teste, para ver
sua base real.


 Aug 28 16:19:33 Bartelby id: nss_ldap: could not search LDAP server -
 Server is unavailable

Isso sempre acontece aqui cmg, tem a ver com a política usada soft.


 # getent group

 teste1:*:1000:teste,bio,teste1
 teste2:*:1003:teste,bio
 teste3:*:1004:teste,bio
 teste4:*:1005:teste,bio


 # /usr/local/libexec/slapd -V
 @(#) $OpenLDAP: slapd 2.4.11 (Jul 25 2008 13:17:13) $
   [EMAIL 
 PROTECTED]:/usr/ports/net/openldap24-server/work/openldap-2.4.11/servers/slapd


 # /var/db/pkg/
 pam_ldap-1.8.4
 db46-4.6.21.1
 nss_ldap-1.257
 openldap-sasl-client-2.4.11
 openldap-sasl-server-2.4.11
 smbldap-tools-0.9.5
 samba-3.0.31_1,1




 
 minhas config são:


 # /usr/local/etc/nss_ldap.secret - /etc/ldap.secret  -
 /usr/local/etc/ldap.secret
 teste

 # /usr/local/etc/nss_ldap.conf - /etc/ldap.conf  - 
 /usr/local/etc/ldap.conf
 host schwarz-001b

 uri ldap://schwarz-001b:389/

 port 389

 base dc=schwarz

 bind_policy soft

 rootbinddn cn=Manager,dc=schwarz

 pam_password SSHA
 ssl no
 bind_policy soft


 nss_base_passwd ou=Users,dc=schwarz?one
 nss_base_passwd ou=Computers,dc=schwarz?one

Não tá errado isso nao???

 nss_base_group  ou=Groups,dc=schwarz?one



 # /usr/local/etc/openldap/ldap.conf
 BASEdc=schwarz
 URI ldap://192.168.1.232 ldap://192.168.2.100

 BINDDN cn=manager,dc=schwarz




 # /usr/local/etc/openldap/slapd.conf

 include  /usr/local/etc/openldap/schema/core.schema
 include  /usr/local/etc/openldap/schema/cosine.schema
 include  /usr/local/etc/openldap/schema/inetorgperson.schema
 include  /usr/local/etc/openldap/schema/nis.schema
 include  /usr/local/etc/openldap/schema/samba.schema

 pidfile /var/run/openldap/slapd.pid
 argsfile/var/run/openldap/slapd.args

 ServerID 001

 modulepath  /usr/local/libexec/openldap
 moduleload  back_hdb

 loglevel 256

 databasehdb

 suffix  dc=schwarz
 rootdn  cn=Manager,dc=schwarz

 rootpw  {SSHA}qgsEroh1jPssq3EOKn74TESuVhLm95Wl

 directory   /var/db/openldap-sch

 checkpoint  10245

 index  objectClass,uidNumber,gidNumber,entryUUID,entryCSN,contextCSN
eq
 index  cn,sn,uid,displayName
pres,sub,eq
 index  memberUid,mail,givenname
eq,subinitial
 index  
 sambaSID,sambaPrimaryGroupSID,sambaDomainName,sambaGroupType,sambaSIDList
  eq

 overlay syncprov

 syncprov-checkpoint 100 10
 syncprov-sessionlog 100

 lastmod  on

 syncrepl   rid=001
  provider=ldap://192.168.1.232
  type=refreshAndPersist
  interval=00:00:00:10
  searchbase=dc=schwarz
  scope=sub
  schemachecking=off
  bindmethod=simple
  binddn=cn=manager,dc=schwarz
  credentials=teste
  retry=60 +

 syncrepl   rid=003
  provider=ldap://192.168.2.100
  type=refreshOnly
  interval=00:00:02:00
  searchbase=dc=schwarz
  scope=sub
  schemachecking=off
  bindmethod=simple
  binddn=cn=manager,dc=schwarz
  credentials=teste
  retry=60 +

 mirrormode on

 access to *
 by self write
 by anonymous auth
 by * none


Eu nunca usei em produção synclerep, vc já tentou fazer o teste sem a
replicação usando apenas 1 servidor??


 ## /etc/nsswitch.conf
 group: files ldap
 group_compat: nis
 hosts: files dns
 networks: files
 passwd: files ldap
 passwd_compat: nis
 shells: files
 services: compat
 services_compat: nis
 protocols: files
 rpc: files

 # host schwarz-001b
 schwarz-001b.schwarz has address 192.168.1.232

 # netstat -an
 Active Internet connections (including servers)
 Proto Recv-Q Send-Q  Local Address  Foreign Address(state)
 tcp4   0  0  192.168.1.232.59920192.168.2.100.389  TIME_WAIT
 tcp4   0  0  192.168.1.232.53064192.168.1.232.389  TIME_WAIT
 tcp4   0  0  192.168.1.232.389  192.168.2.100.58975ESTABLISHED
 tcp4   0  0  192.168.1.232.389

Re: [FUG-BR] LDAP AGAIN

2008-08-28 Por tôpico William David FUG-BR

Boa note  criei o servidor do 0 sem Repl com o openLDAP 2.4.11
reconfigurei tudo no braço   mesmo erro
o estranho é  que alguns usuários ele  volta a mensagem  correta do ID
e nao  da a mensagem de erro tentando  conectar no servidor ldap

mesmo micro usuários importados  do master.passwd

# id bio
uid=1001(bio) gid=1001(bio)
groups=1001(bio),0(wheel),1002(hinode),1005(prepre),1009(dirind),1011(gerlog),1012(gerind),1013(gerqua),1014(gercom),1015(gerfin),1017(fatura),1018(pessoa),1019(segura),1020(pcp),1021(compra),1022(almoxa),1023(expedi),1024(produc),1025(manute),1026(proces),1027(dimens),1028(inspec),1029(iso),1030(isocorp),1031(isoaud),1032(logist),1033(presta),1034(materi),1035(procep),1036(vtb),1037(ferram),1043(saturn),1044(forpon),1047(orcamento),1142(bosh),1000(teste1),1003(teste2),1004(teste3)

isso que deveria aparecer no usuários de teste

ldapsearch -x -D cn=Manager,dc=schwarz -w teste
# extended LDIF
#
# LDAPv3
# base dc=schwarz (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# schwarz
dn: dc=schwarz
objectClass: dcObject
objectClass: organization
o: schwarz
dc: schwarz


..
# teste4, Groups, schwarz
dn: cn=teste4,ou=Groups,dc=schwarz
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: teste4
gidNumber: 1005
sambaSID: S-1-5-21-291182402-1633439629-2175469024-3011
sambaGroupType: 2
displayName: teste4
memberUid: teste
memberUid: bio

# teste1, Users, schwarz
dn: uid=teste1,ou=Users,dc=schwarz
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: teste1
sn: teste1
givenName: teste1
uid: teste1
uidNumber: 1396
gidNumber: 513
homeDirectory: /dados/users/teste1
loginShell: /usr/sbin/nologin
gecos: System User
userPassword:: e2NyeXB0fXg=


# search result
search: 2
result: 0 Success

# numResponses: 249
# numEntries: 248


com relação ao nss_base_passwd  a base computers eu somente copiei do
the linux samba ldap how-to
http://download.gna.org/smbldap-tools/docs/samba-ldap-howto/#htoc17
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

[FUG-BR] LDAP AGAIN

Re: [FUG-BR] LDAP AGAIN

Re: [FUG-BR] LDAP AGAIN

3 matches

Site Navigation

Mail list logo

Footer information