Samba PDC Problem ( Login Domain Users klappt nicht )
Hallo zusammen, versuche ein Samba als PDC gegen ein LDAP laufen zu lassen. Für mein Netzwer Zuhause zwar ein bischen overkill, aber zu Lernzwecken möchte ich das gerne zum laufen bringen. Als Domain Admin kann ich mich an den PDC anmelden, als "normaler User" klappt das nicht. Bin schon fast am verzweifeln. Benutzer ist nur im LDAP bekannt. Login via ssh klappt. Habe die diversen Howtos schon durchgelesen. Komme aber leider nicht auf den Fehler. Scheine jetzt ein bischen den Überblick verloren zu haben. :o( Hier mal die Konfigs und nötigen Informationen. Hoffe ihr könnt mir hier einen Tip geben, wo mein Fehler ist. Danke schonmal im voraus ! :o) Gruss Siggi Ich nutze die Scripte von idealx.com ! OS = Suse 9.0 Samba = samba3-doc-3.0.4-7.11 samba3-client-3.0.4-7.11 samba3-3.0.4-7.11 samba3-winbind-3.0.4-7.11 LDAP = openldap2-client-2.1.22-73 openldap2-back-ldap-2.1.22-73 openldap2-back-meta-2.1.22-73 openldap2-back-perl-2.1.22-73 openldap2-2.1.22-73 openldap2-back-monitor-2.1.22-73 ls -la profiles ( in /var/lib/samba ) drwxrwxrwt 5 root Domain Users 64 Jul 5 17:12 profiles log des w2k-test clients SAM Logon (Interactive). Domain:[HOFSTETT-01]. User:[charsten@W2K-TEST] Requested Domain:[HOFSTETT-01] [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2004/07/18 12:05:38, 3] smbd/uid.c:push_conn_ctx(351) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2004/07/18 12:05:38, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [HOFSTETT-01]\[charsten]@[W2K-TEST] with the new password interf ace [2004/07/18 12:05:38, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [HOFSTETT-01]\[charsten]@[W2K-TEST] [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2004/07/18 12:05:38, 3] smbd/uid.c:push_conn_ctx(351) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/07/18 12:05:38, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483) init_sam_from_ldap: Entry found for user: charsten [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2004/07/18 12:05:38, 3] smbd/uid.c:push_conn_ctx(351) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2004/07/18 12:05:38, 3] smbd/uid.c:push_conn_ctx(351) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/07/18 12:05:38, 2] passdb/pdb_ldap.c:init_group_from_ldap(1807) init_group_from_ldap: Entry found for group: 513 [2004/07/18 12:05:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2004/07/18 12:05:38, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [charsten] succeeded smbldap-usershow.pl charsten ( welcher der Domain User sein soll ) dn: uid=charsten,ou=People,dc=hofstett,dc=net objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: charsten sn: charsten uid: charsten uidNumber: 1002 gidNumber: 513 homeDirectory: /home/charsten loginShell: /bin/bash gecos: System User description: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: System User sambaSID: S-1-5-21-2563602662-518312200-911678181-3004 sambaPrimaryGroupSID: S-1-5-21-2563602662-518312200-911678181-513 sambaHomeDrive: H: sambaLogonScript: charsten.cmd sambaHomePath: \\HOFSTETT-01\homes\ sambaProfilePath: \\HOFSTETT-01\profiles\charsten sambaNTPassword: F28E05CE6412BF954DEF80AA2F487352 sambaPwdLastSet: 1090144245 sambaAcctFlags: [U] sambaPwdMustChange: 1094032245 sambaLMPassword: 7A6C868D27358F3FE72C57EF50F76A05 userPassword: {SSHA}FWIw9z9h4tpQrMBuNDGlK/dH/xrR81Cp smb.conf # Samba config file created using SWAT # from 192.168.1.100 (192.168.1.100) # Date: 2004/07/14 09:24:51 # Global parameters [global] dos charset = 850 unix charset = ISO-8859-15 display charset = ISO-8859-15 workgroup = HOFSTETT-01 netbios name = PDC-HOFSTETT map to guest = Bad User passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n *Password*changed* passwd program = /var/lib/samba/sbin/smbldap-passwd.pl -u '%u' encrypt passwords = Yes obey pam restrictions = No username map = /etc/samba/smbusers unix password sync = Yes add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w %u printcap name = CUPS show add printer wizard = No domain logons = Yes os level = 32 preferred master = Yes domain master = Yes wins support = Yes printer admin = @ntadmin, root, administrator cups options = raw log level = 3 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 time server = Yes shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\homes utmp = Yes winbind use default domain = Yes map acl inherit = Yes # veto files = /*.eml/*.nws/riched20.dll/*.{*}/ # veto oplock files = /*.doc/*.xls/*.mdb/ interfaces = 192.168.1.0/24, eth0, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=hofstett,dc=net ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups # ldap idmap suffix = ou=Idmap ldap passwd sync = yes ldap admin dn = "cn=root,dc=hofstett,dc=net" ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap delete dn = no # idmap backend = ldap:ldap://127.0.0.1/ # idmap uid = 10000-20000 # idmap gid = 10000-20000 security = user [IPC$] path = /tmp hosts allow = 192.168.1.0/24, 127.0.0.1 hosts deny = 0.0.0.0/0 [netlogon] comment = Netzwerk-Anmeldedienst path = /var/lib/samba/netlogon read only = Yes browsable = No [profiles] comment = Roaming Profile Share (wandernde Benutzerprofile) path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 browsable = No guest ok = Yes profile acls = Yes csc policy = Yes force user = %U valid users = %U @"Domain Admins" writeable = yes [homes] comment = Home Directories valid users = %U read only = No browseable = No create mode = 0664 directory mode = 0775 group = @"Domain Users" root preexec = echo ''Logon am %T als %U an %m''
/var/log/samba/info.log root postexec = echo ''Logout am %T als %U an %m'' /var/log/samba/info.log
[users] comment = All users path = /home read only = No inherit permissions = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit permissions = Yes [pdf] comment = PDF creator path = /var/tmp create mask = 0600 printable = Yes print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @Domain\ Admins, root force group = ntadmin create mask = 0664 directory mask = 0775 [apps] comment = Application and Download Directory path = /samba/apps users = %G read only = No [public] path = /samba/public users = hofstett force user = nobody read only = No
participants (1)
-
Siggi.Hofstetter@t-online.de