Добрый день. Поставил samba + openldap + nss_ldap + pam_ldap + smbldap-tools
С помощью smbpasswd управление пользователями работает - добовляются, удаляются и т.д. Но команда getent passwd показывает только локальных пользователей, и при подключении пользователя samba выдается ошибка - нет локального пользователя. Файл /etc/nss_ldap.conf host 127.0.0.1 base dc=moskva,dc=local uri ldap://localhost binddn cn=admin,dc=moskva,dc=local bindpw secret rootbinddn cn=admin,dc=moskva,dc=local timelimit 5 bind_timelimit 5 pam_member_attribute gid pam_login_attribute uid pam_password crypt nss_base_passwd ou=Users,dc=moskva,dc=local?one nss_base_shadow ou=Users,dc=moskva,dc=local?one nss_base_group ou=Group,dc=moskva,dc=local?one nss_reconnect_tries 1 nss_reconnect_maxconntries 1 Файл /etc/pam_ldap.conf почти аналогичен. # cat /etc/pam_ldap.conf |grep -v "#" host 127.0.0.1 base dc=moskva,dc=local uri ldap://localhost bindpw secret rootbinddn cn=admin,dc=moskva,dc=local timelimit 5 bind_timelimit 5 pam_password crypt nss_base_passwd ou=Users,dc=moskva,dc=local?one nss_base_shadow ou=Users,dc=moskva,dc=local?one nss_base_group ou=Group,dc=moskva,dc=local?one # cat /etc/nsswitch.conf |grep -v "#" passwd: files winbind ldap shadow: tcb files winbind ldap group: files winbind ldap hosts: files nisplus nis dns ethers: files netmasks: files networks: files protocols: files rpc: files services: files bootparams: nisplus [NOTFOUND=return] files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus #cat /etc/pam.d/system-auth-ldap |grep -v "#" auth sufficient pam_tcb.so shadow fork prefix=$2a$ count=8 nullok auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_ldap.so use_first_pass account sufficient pam_tcb.so shadow fork account required pam_ldap.so password required pam_passwdqc.so min=disabled,24,12,8,7 max=40 passphrase=3 match=4 similar=deny random=42 enforce=users retry=3 password sufficient pam_tcb.so use_authtok shadow fork prefix=$2a$ count=8 nullok write_to=tcb password requisite pam_succeed_if.so uid >= 500 quiet password required pam_ldap.so use_authtok session optional pam_tcb.so session optional pam_ldap.so session required pam_mktemp.so session required pam_limits.so # cat /etc/pam.d/system-auth-winbind |grep -v "#" auth required pam_env.so auth sufficient pam_winbind.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so account sufficient pam_winbind.so account required pam_unix.so password required pam_cracklib.so retry=3 password sufficient pam_unix.so nullok use_authtok md5 shadow password required pam_deny.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so # cat /etc/pam.d/samba |grep -v "#" auth required pam_winbind.so auth required pam_nologin.so account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth auth required pam_stack.so service=system-auth account sufficient pam_winbind.so password required pam_winbind.so system-auth -> system-auth-ldap -- С уважением, Головичев Игорь _______________________________________________ Sysadmins mailing list [email protected] https://lists.altlinux.org/mailman/listinfo/sysadmins
