Trenin Sergey пишет:
Евгений, не приведете содержимое файлов snb.conf, slapd.conf и
slapd-ваша_зона.conf, тоже разбираюсь с pdc
smb.conf:
[global]
dos charset = CP866
unix charset = utf8
display charset = utf8
workgroup = DKVKO
realm = DKVKO.LAN
server string = Samba server on %h (v. %v)
interfaces = 192.168.137.2/24, 127.0.0.1/24
bind interfaces only = Yes
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/
passwd chat debug = Yes
use kerberos keytab = Yes
log file = /var/log/samba/log.%U.%m.%G.%I
max log size = 50
max xmit = 64000
time server = Yes
unix extensions = No
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=64000
SO_RCVBUF=64000 SO_KEEPALIVE
printcap name = cups
logon path =
logon drive = x:
logon home = \\%L\vol1
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=ldaproot,dc=dkvko,dc=lan
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=dkvko,dc=lan
ldap user suffix = ou=People
admin users = @domainadmins
hosts allow = 192.168., 127.
use sendfile = Yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = @domainadmins
guest ok = Yes
[Profiles]
path = /var/lib/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[vol1]
path = /mnt/samba/vol1
read only = No
create mask = 0777
directory mask = 0777
use sendfile = No
Ахтунг! ldap machine suffix = ou=Computers - это мне так удобнее, ветку
Computers предварительно нужно создать. Это если не хотите, чтоб у вас
лдап-записи хостов лежали неаппетитной кучей в корне лдапа.
slapd-dkvko.lan.conf:
database hdb
suffix "dc=dkvko,dc=lan"
rootdn "cn=ldaproot,dc=dkvko,dc=lan"
rootpw zeexeph6uj8chi8x
directory /var/lib/ldap/bases/dkvko.lan
index objectClass eq
index uid eq
index cn eq
index uidNumber eq
index gidNumber eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to dn.subtree="ou=kdcroot,dc=dkvko,dc=lan"
by dn.exact="cn=kdc,ou=kdcroot,dc=dkvko,dc=lan" read
by dn.exact="cn=kadmin,ou=kdcroot,dc=dkvko,dc=lan" write
by * none
access to dn.subtree="cn=DKVKO.LAN,cn=kerberos,ou=kdcroot,dc=dkvko,dc=lan"
by dn.exact="cn=kdc,ou=kdcroot,dc=dkvko,dc=lan" read
by dn.exact="cn=kadmin,ou=kdcroot,dc=dkvko,dc=lan" write
by * none
access to *
by * read
slapd.conf отличается от стандартного только инклудом конфига моей зоны.
_______________________________________________
Sysadmins mailing list
[email protected]
https://lists.altlinux.org/mailman/listinfo/sysadmins
