hi linuxer !!!
aku baru install samba dengan auth di LDAP. semua konfiurasi ada di di
bawah. waktu start samba, ldap OK. juga create user pake smbldap-tools juga
ok.
masalahnya adalah
waktu aku coba login dengan user yg tidak ada di database (ldap), user itu
bisa login ke samba. kira2 salahnya dimana?
data:
kompilasi
samba-2.2.7a
./configure --prefix=/usr/local/samba2 --with-smbmount --with-ldapsam
--with-winbind --with-msdfs
smb.conf
#======================= Global Settings
=====================================
[global]
workgroup = mylan
netbios name = Jupiter
server string = Samba Server %v
passwd program=/usr/local/sbin/smbldap-passwd %u
passwd chat=/*new*password*%n\n*new*password*%n\n*succesfully
printcap name = lpstat
load printers = yes
printing = cups
printer admin = @adm
log file = /var/log/samba/log.%m
max log size = 50
hosts allow = 192.168.1. 192.168.0. 127.
map to guest = bad user
security = user
unix password sync = Yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 192.168.0.0/24 192.168.1.0/24
; local master = no
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
# LDAP configuration for Domain Controlling:
ldap admin dn = cn=Manager,dc=mylan,dc=net
# ldap ssl = start_tls
#ldap ssl = off
# start_tls should run on 389, but samba defaults incorrectly to 636
ldap port = 389
ldap suffix = dc=mylan,dc=net
ldap server = localhost
add user script = /usr/local/sbin/smbldap-useradd -m -d /home/gina -g 600 -s
/sbin/nologin %u
# 7. Name Resolution Options:
name resolve order = wins lmhosts bcast
wins support = yes
; wins server = w.x.y.z
dns proxy = no
# 8. File Naming Options:
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
[Profiles]
path = /var/lib/samba/profiles
browseable = no
guest ok = yes
writable = yes
root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ];
\
then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# to allow user 'guest account' to print.
guest ok = yes
writable = no
printable = yes
create mode = 0700
[print$]
path = /var/lib/samba/printers
browseable = yes
read only = yes
write list = @adm root
guest ok = yes
openldap-2.1.23
./configure --prefix=/usr/local/ldap --with-bdb=no --with-gdbm=yes
slapd.conf
include /usr/local/ldap/etc/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/samba.schema
include /etc/openldap/schema/local.schema
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix dc=mylan,dc=net
rootdn cn=Manager,dc=mylan,dc=net
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
#rootpw {SSHA}sTwe4ljfNbEuZe6GmBi6/lPZWQACCfBi
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /usr/local/ldap/var/samba
# Indices to maintain
#index objectClass eq
index objectClass,uid,uidNumber,gidNumber eq
index cn,mail,surname,givenname eq,subinitial
# Index the rid for samba:
index rid eq
--
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip dan info di http://linux.or.id/milis.php
FAQ milis http://linux.or.id/faq.php
