[FUG-BR] Samba + Ldap: sincronização de senh as

[Fabiano Caixeta Duarte]

Senhores,

Até a retirada do Openldap 2.2.X da árvore do ports, a sincronização de
senhas dos atributos unixPassword, sambaNTPassword e sambaLMPassword
vinham sendo feitas normalmente quando um usuário samba modificava a
senha via windows.

Após a migração para o Openldap 2.3.38 e sem alteração de nenhuma
configuração/parâmetro de compilação do samba, isto parou de funcionar.

Quando um usuário muda a senha, apenas os atributos sambaXXPassword são
alterados.

Nenhum erro é reportado nos logs do samba ou do openldap.

Alguma sugestão?

Fabiano.

-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

[FUG-BR] samba + ldap

[Paulo Henrique]

Estou com um problema que esta me atormentando a dias
implantei o samba + ldap + ssl, a implantacao foi perfeita so que todos os 
micro com windows xp estao apresentando um problema estranho
todos carregam um logon script de padrao para mapear o home, publico e o 
diretorio do grupo ate ae tudo certo
so que quando clicko em mue computador da um delay de uns 5 segundos para abrir 
ou seja aparecer as unidades locais e mapeadas.
Retirei o ssl do ldap para ver se resolvia alguma coisa , e nada, coloquei 
algumas opcoes no samba para performance e nada, nao sei + 
o que pode ser, alguem tem alguma dica ???
vou postar a configuracao do samba e do ldap 

[global]
workgroup = xxx
netbios name = xxx
server string = xxx
security = user
encrypt passwords = yes
load printers = yes
log level = 2
log file = /var/log/samba/%m.log
password level = 0
username level = 0
max log size = 50
os level = 100
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
interfaces = eth0, lo
bind interfaces only = Yes
smb ports = 139
use sendfile = no
oplocks = yes
max xmit = 65535
read raw = Yes
write raw = Yes
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
large readwrite = Yes
deadtime = 15
keepalive = 20
admin users = xxx
logon script = xxx.bat
logon home = \\%L\%U\.profiles
logon path = \\%L\profiles\%U
logon drive = U:
time server = yes
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
dns proxy = no
name resolve order = lmhosts wins host bcast
ldap ssl = off
ldap delete dn = no
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=xxx,dc=xxx,dc=xxx,dc=xx
ldap suffix = dc=xxx,dc=xxx,dc=xxx
ldap group suffix = ou=Grupos
ldap user suffix = ou=Usuarios
ldap machine suffix = ou=Computadores
ldap passwd sync = yes
idmap uid = 1-15000
idmap gid = 1-15000
enable privileges = yes
acl compatibility = auto
nt acl support = yes
map acl inherit = Yes
inherit permissions = Yes
passwd chat = *New*password* %n  *Retype*new*password* %n 
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/local/sbin/smbldap-useradd -w %u
add user script = /usr/local/sbin/smbldap-useradd -m %u
delete user script = /usr/local/sbin/smbldap-userdel %u
add machine script = /usr/local/sbin/smbldap-useradd -w %u
add group script = /usr/local/sbin/smbldap-groupadd -p %g
delete group script = /usr/local/sbin/smbldap-groupdel %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
Unix charset = ISO8859-15
display charset = cp850
preserve case = no
short preserve case = no
default case = lower
cups server = 
message command = csh -c 'xedit %s;rm %s' 
#Lixeira
recycle:exclude = *.tmp *.temp *.o *.obj ~$* cópia*.*
recycle:keeptree = True
recycle:touch = True
recycle:versions = True
recycle:noversions = .doc|.xls|.ppt|.cdr
recycle:repository = .recycle
recycle:maxsize = 100

[homes]
comment = Diretorio Home
path = /home/users/%U
browseable = no
writable = yes
guest ok = no
read only = no
create mask = 0700
directory mask = 0700
force user = %U

[profiles]
path = /home/profiles/
browseable = no
read only = no
csc policy = disable
profile acls = yes
nt acl support = no
create mode = 0776
hide files = /desktop.ini/ntuser.ini/NTUSER.*/

[netlogon]
path = /home/netlogon
public = no
browseable = no
writable = no
read only = yes
write list = 

[printers]
comment = Impressoras
path = /var/spool/samba
browseable = yes
guest ok = no
writable = no
printable = yes

[publico]
comment = Area Publica
path = /home/publico/
browseable = yes
guest ok = no
writable = yes
read only = no
create mask = 0777
directory mask = 0777
force user = %U
force group = %G

[grupos]
comment = Grupos
path = /home/grupos/%G
browseable = no
guest ok = no
writable = yes
read only = no
create mask = 0770
directory mask = 0770
force user = %U
force group = %G
vfs objects = recycle

[antivirus]
comment = Antivirus
path = /home/antivirus
browseable = no
guest ok = no
writable = no
readonly = yes
public = no
write list = xxx

[wpkg]
comment = Windows Packager
path = /home/wpkg
read only = yes
browseable = no
public = no
writable = no
write list = xxx



##
sldap.conf

#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/qmail.schema
include /usr/local/etc/openldap/schema/pykota.schema
#
pidfile /usr/local/var/run/slapd.pid
argsfile 

Re: [FUG-BR] samba + ldap

[Rafael Floriano Sousa Sales]

Olá,

Tente as opções:
dns proxy = yes
wins proxy = yes


Abraços


-- 
Rafael Floriano Sousa Sales
Segurança da  Informação
Tompast IT Services
e-mail: [EMAIL PROTECTED]
+55-11-3207-2457
+55-11-8433-2281
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd