ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : Aleksei Ivanov                       2:5020/400     23 Jun 2002  00:12:39
 To : All
 Subject : samba 2.2.5+ldap  WS/Win2k can't join the domain
 -------------------------------------------------------------------------------- 
 

 Hе могу джойнить домен с NT и Win2k. Samba 2.2.5 with ldap.
 для настройки использовал how-to:
 http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.htm
 Самба собрана из сырцов с поддержкой лдапа.
 Win95/98 работают без проблем.
 При попытке входа с нти или 2к пишет, что
 отсутствует учетная запись на данную машину или
 неверный пароль на эту учетную запись.
 
 вот smb.conf
 --
 [global]
         ldap server = machine
         ldap port = 389
         ldap suffix = "o=smb, dc=unav, dc=es"
         ldap admin dn = "cn=root, o=smb, dc=unav, dc=es"
         ldap ssl = no
         client code page = 866
         workgroup = BANK
         netbios name = MACHINE
         server string = File Server
         security = user
         null passwords = Yes
         encrypt passwords = Yes
         logon drive = U:
         logon path = \\%N\profiles\%g
         nt acl support = no
         domain master = yes
         local master = yes
         domain logons = yes
         preferred master = yes
         os level = 255
         wins support = yes
         wins proxy = yes
 
         debug level = 2
         log file = /var/log/samba/hostnames/%m
         max log size = 50000
         time server = Yes
         deadtime = 15
         max open files = 50000
         load printers = No
         character set = KOI8-R
         create mask = 0664
         security mask = 00
         directory mask = 0770
         directory security mask = 00
         hosts allow = 192.168.0. 127.
 
 [netlogon]
         path = /usr/local/samba/etc/netlogon
         locking = no
         writeable = yes
         guest ok = yes
         browseable = yes
         read only = yes
         write list = Administrator
 [profile]
         path = /usr/local/samba/etc/profiles
         read only = no
         writeable = no
         guest ok = yes
         browseable = yes
         create mask = 0600
         directory mask = 0700
 
 [BASE]
         comment = File Server
         path = /mnt/disk0/base
         writeable = Yes
 --
 
 вот кусок /etc/passwd
 it01$:x:692:14:machine_nickname:/dev/null:/bin/false
 host$:x:693:14:machine_nickname:/dev/null:/bin/false
 
 вот данные из ldap
 dn: uid=it01$,o=smb, dc=unav, dc=es
 uid: it01$
 pwdLastSet: 1024770331
 logonTime: 0
 logoffTime: 2147483647
 kickoffTime: 2147483647
 pwdCanChange: 0
 pwdMustChange: 2147483647
 displayName: machine_nickname
 cn: machine_nickname
 rid: 2384
 primaryGroupID: 1029
 lmPassword: 38A6A0CB5C9DAAC3AAD3B435B51404EE
 ntPassword: 4FB1A84AC1A364ED44316CFDDA076034
 acctFlags: [W          ]
 objectClass: sambaAccount
 dn: uid=host$,o=smb, dc=unav, dc=es
 objectClass: sambaAccount
 uid: host$
 pwdLastSet: 1024770952
 logonTime: 0
 logoffTime: 2147483647
 kickoffTime: 2147483647
 pwdCanChange: 0
 pwdMustChange: 2147483647
 displayName: machine_nickname
 cn: machine_nickname
 rid: 2386
 primaryGroupID: 1029
 lmPassword: 20C32F087023340DAAD3B435B51404EE
 ntPassword: 655C0F51DAEEA46804A09E7EC4D2AD4C
 acctFlags: [W          ]
 
 В логах ничего в общем интересного, кроме как ругань на
 такую вот лабуду:
 
 - ---
   Allowed connection from  (192.168.0.55)
   ldap_connect_system: succesful connection to the LDAP server
   ldap_search_one_user: searching
 for:[(&(uid=nobody)(objectclass=sambaAccount))]
   get_single_attribute: [uid] = [nobody]
   Entry found for user: nobody
   get_single_attribute: [pwdLastSet] = [0]
   get_single_attribute: [logonTime] = [0]
   get_single_attribute: [logoffTime] = [0]
   get_single_attribute: [kickoffTime] = [0]
   get_single_attribute: [pwdCanChange] = [0]
   get_single_attribute: [pwdMustChange] = [0]
   get_single_attribute: [cn] = [nobody]
   get_single_attribute: [homeDrive] = [U:]
   get_single_attribute: [smbHome] = [\\%N\]
   get_single_attribute: [scriptPath] = [<does not exist>]
   get_single_attribute: [profilePath] = [\\%N\\profile]
   get_single_attribute: [description] = [<does not exist>]
   get_single_attribute: [userWorkstations] = [<does not exist>]
   get_single_attribute: [rid] = [501]
   get_single_attribute: [primaryGroupID] = [514]
   get_single_attribute: [lmPassword] = [NO PASSWORDXXXXXXXXXXXXXXXXXXXXX]
   get_single_attribute: [ntPassword] = [NO PASSWORDXXXXXXXXXXXXXXXXXXXXX]
   get_single_attribute: [acctFlags] = [[NU         ]]
 
   ldap_connect_system: succesful connection to the LDAP server
   ldap_search_one_user: searching
 for:[(&(uid=it01$)(objectclass=sambaAccount))]
   get_single_attribute: [uid] = [it01$]
   Entry found for user: it01$
   get_single_attribute: [pwdLastSet] = [1024770331]
   get_single_attribute: [logonTime] = [0]
   get_single_attribute: [logoffTime] = [2147483647]
   get_single_attribute: [kickoffTime] = [2147483647]
   get_single_attribute: [pwdCanChange] = [0]
   get_single_attribute: [pwdMustChange] = [2147483647]
   get_single_attribute: [cn] = [machine_nickname]
   get_single_attribute: [homeDrive] = [<does not exist>]
   get_single_attribute: [smbHome] = [<does not exist>]
   get_single_attribute: [scriptPath] = [<does not exist>]
   get_single_attribute: [profilePath] = [<does not exist>]
   get_single_attribute: [description] = [<does not exist>]
   get_single_attribute: [userWorkstations] = [<does not exist>]
   get_single_attribute: [rid] = [2384]
   get_single_attribute: [primaryGroupID] = [1029]
   get_single_attribute: [lmPassword] = [38A6A0CB5C9DAAC3AAD3B435B51404EE]
   get_single_attribute: [ntPassword] = [4FB1A84AC1A364ED44316CFDDA076034]
   get_single_attribute: [acctFlags] = [[W          ]]
   Closing connections
 
 - ---
 
 Соответственно, логинюсь с машины it01, под существующим юзером.
 Куда покопать еще можно? Да, система Mandrake 8.0
 
 --
 С уважением, Алексей Иванов
 --- ifmail v.2.15dev5
  * Origin: Demos online service (2:5020/400)
 
 

Вернуться к списку тем, сортированных по: возрастание даты  уменьшение даты  тема  автор 

Тема:    Автор:    Дата:    samba 2.2.5+ldap WS/Win2k can\'t join the domain   Aleksei Ivanov   23 Jun 2002 00:12:39   Re: samba 2.2.5+ldap WS/Win2k can\'t join the domain   Yura Pismerov   23 Jun 2002 06:50:10   Re: samba 2.2.5+ldap WS/Win2k can\'t join the domain   Aleksei Ivanov   23 Jun 2002 20:42:36   Re: samba 2.2.5+ldap WS/Win2k can\'t join the domain   Valentin Nechayev   28 Jun 2002 23:56:54   Re: samba 2.2.5+ldap WS/Win2k can\'t join the domain   Valentin A. Alekseev   29 Jun 2002 13:02:42   Re: samba 2.2.5+ldap WS/Win2k can\'t join the domain   Gleb Smirnoff   07 Jul 2002 23:03:09