Squeeze ldap+samba

Fórumok

Sziasztok!
Squeezen szenvedek már jóideje ldap és samba összelövésével, de csak nem jutok előrébb.
Bármilyen változtatást indítanék smbldap-tools-szal, az alábbi hibát kapom:
...no structuralObjectClass operational attribute... :S
Tudnátok segíteni, hogy mit rontok el a konfigban? Köszönöm!

/etc/ldap/slapd.conf

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
moduleload back_hdb
sizelimit 500
tool-threads 1
backend hdb
database hdb
suffix "dc=teszt,dc=hu"
rootdn "cn=admin,dc=teszt,dc=hu"
rootpw {MD5}XXXXXXXXXXXXXXXXXXXXXX==
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
lastmod on
checkpoint 512 30
access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet
by dn="cn=replicator,dc=teszt,dc=hu" write
by self write
by anonymous auth
by * read

access to attrs=shadowLastChange,shadowMax
by self write
by * read

access to *
by dn="cn=replicator,dc=teszt,dc=hu" write
by self write
by * read

/etc/ldap/ldap.conf

host 127.0.0.1
base dc=teszt,dc=hu
binddn cn=admin,dc=teszt,dc=hu
bindpw XXXXXXXXXXX
bind_policy soft
pam_password exop
timelimit 15
nss_base_passwd dc=teszt,dc=hu?sub
nss_base_shadow dc=teszt,dc=hu?sub
nss_base_group ou=group,dc=teszt,dc=hu?one

/etc/samba/smb.conf

unix charset = UTF8
display charset = UTF8
workgroup = tesztdomain
realm = teszt.hu
server string = %h server
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/
pam password change = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
syslog = 0
time server = Yes
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
domain logons = Yes
os level = 10
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=teszt,dc=hu
ldap delete dn = Yes
ldap group suffix = ou=group
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computer
ldap suffix = dc=teszt,dc=hu
ldap ssl = no
ldap user suffix = ou=people
panic action = /usr/share/samba/panic-action %d
map acl inherit = Yes
case sensitive = No
hide unreadable = Yes
map hidden = Yes
map system = Yes

[homes]
comment = Home Directories
path = /home/%u
valid users = %S
read only = No
create mask = 0600
directory mask = 0700
browseable = No

[netlogon]
path = /home/samba/netlogon
browseable = No

/etc/smbldap-tools/smbldap.conf

SID="S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX"
sambaDomain="tesztdomain"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
ldapSSL="0"
verify="require"
cafile="/etc/smbldap-tools/ca.pem"
clientcert="/etc/smbldap-tools/smbldap-tools.pem"
clientkey="/etc/smbldap-tools/smbldap-tools.key"
suffix="ou=tesztdomain,dc=teszt,dc=hu"
usersdn="ou=people,${suffix}"
computersdn="ou=computer,${suffix}"
groupsdn="ou=group,${suffix}"
idmapdn="ou=idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="MD5"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="365"
userSmbHome="\\%L\%U"
userProfile=""
userHomeDrive="U:"
userScript=""
mailDomain="tesztdomain.teszt.hu"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

Hozzászólások

A slapd.conf-ban a suffix "dc=teszt,dc=hu", az smb.conf-ban már nem az, sem pedig az smbldap.conf-ban. Lehet, hogy más hiba is van, de, ha ezek nem konzisztensek, akkor biztos, hogy nem fog működni a dolog.

Elég friss a tipic, így kérdezek itt:
PDC-t csinálok, LDAP nélkül.

add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u -r %u

add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g

add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g

set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u

Az add machine, add group, add user scriptek értem mit csinálnak, viszont nem tudom, h kerül ez bele a konfigba?
A samba mikor futtatja Őket, vagy melyik csomagja szedi ki a konfigból eze sorokat és minek a hatására?