Samba3 + Winbind

Linux-haladó

Samba3 + Winbind

  • 1176 megtekintés

( Previ | 2004. 08. 24., k – 12:15 )

Sziasztok!

Problémám akadt a samba 3.0.6 és a winbind 3.0.6 csomagokkal. Alaphelyzet: Samba PDC, Debian SID-en, a backend ldap. Az LDAP címtár rendesen feltöltve adatokkal, az idealx-es scriptek segítségével.
A WinXP-s gépek belépnek a domainbe, a megosztásokat is elérik rendjén. Ami nem működik, az a
wbinfo -g
wbinfo -u parancs, azaz nem tudom kilistázni a csoportokat és usereket.
A wbinfo -t jó, és a wbinfo -a is, tehát a squid pl tud ntlm-el hitelesíteni usereket.
Az egészben az a furcsa, hogy utoljára a 3.0.3a-s winbind csomag működött rendesen, azóta bármely samba-winbind kombó a "Error looking up domain users" hibával jön. Ötletek?

Itt az smb.conf is:
[code:1:9090eb6e27]

# Global parameters
[global]
dos charset = 852
unix charset = ISO8859-2
workgroup = PREVINET
server string = Samba Server
interfaces = eth1
map to guest = Bad User
passwd program = /usr/local/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
deadtime = 10
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY SO_KEEPALIVE

client ntlmv2 auth = Yes
client plaintext auth = No
# server signing = no
server signing = yes

load printers = yes
printcap name = cups
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
logon script = logon.bat
# logon path =
logon drive = H:
logon path = \\%N\profiles\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes

passdb backend = ldapsam:ldap://192.168.1.1

idmap backend = ldap:ldap://192.168.1.1
idmap uid = 500-20000
idmap gid = 500-20000
winbind use default domain = yes
# winbind cache time = 0

ldap suffix = dc=previnet,dc=local
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups

ldap idmap suffix = ou=Users
ldap admin dn = "cn=Manager,dc=previnet,dc=local"
ldap passwd sync = Yes
ldap delete dn = Yes

# ldap ssl = start_tls

admin users = administrator
create mask = 0640
directory mask = 0750
printing = cups
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
hide files = /?esktop.ini/
lock directory = /var/run/samba
map acl inherit = Yes
inherit acls = Yes
inherit permissions = Yes
hide dot files = yes
[/code:1:9090eb6e27]

Bocs, ha kicsit hosszú volt!

Segítségeteket köszönöm
Previ