samba+ldap configuracios problema

Linux-kezdő

Sziasztok!

A problema a kovetkezo:

Samba melle feltettem egy ldap ot is a csoport kezeles miatt. Mivel nem igazan tudtam ket kulonallo csoportot letrehozni ugyanazon mappak eleresere a megfelelo jogkorokkel. Mig egyik csoport csak olvashatja a mappakat a masiknak irasi joga is van, de ugyanazon ket mappara. A hibakat bemasolnam:

mmcntr:~# /etc/init.d/samba restart
Stopping Samba daemons: nmbd smbdstart-stop-daemon: warning: failed to kill 14171: No such process
.
Starting Samba daemons: nmbd smbd.
mmcntr:~# /etc/init.d/samba restart
Stopping Samba daemons: nmbd smbd.
Starting Samba daemons: nmbd smbd.
mmcntr:~# ps ax
Itt az egyik amikor ugy latom mintha a smb processe nem si futna, utana meg elindul:(

A masik az hogy at kene hozzam a meglevo usereket a sambabol, amit mar felvettem, erre a neten utan keresgeles es olvasas utan azt talaltam hogy van egy migrationtools nevezetu csomag amiben perl scriptek vannak, ezt felmasoltam a csomagbol, csak nem igazan tudom melyiket hasznaljam a scriptgyujtemenybol es hogy? etc/migrationtoollsba meg van egy config fajl is.

mmcntr:~# /usr/sbin/slapindex

WARNING!
Runnig as root!
There's a fair chance slapd will fail to start.
Check file permissions!

/etc/ldap/slapd.conf: line 110: rootdn is always granted unlimited privileges.
bdb_db_open: database already in use
backend_startup_one: bi_db_open failed! (-1)
slap_startup failed
mmcntr:~#

10364 ? S 0:00 [cifsd]
14850 ? Ssl 0:00 /usr/sbin/slapd -g openldap -u openldap
19518 pts/0 Ss 0:00 -bash
19538 pts/0 S 0:00 su -
19539 pts/0 S 0:00 -su
19682 ? Ss 0:00 /usr/sbin/smbd -D
19705 ? Ss 0:00 /usr/sbin/nmbd -D
19706 ? S 0:00 /usr/sbin/nmbd -D
19712 pts/0 R+ 0:00 ps ax

Ezt a hibat nem igazan ertem...es hiba ugrik fel a total comanderben most a jelszo kero ablak nem is fogadja el, hisz a csoportokat sem tudom hozzadni illetve atvinni..

Valaki tudna ebben nekem segíteni? (remelem erthetoen irtam le a gondomat, ha valami nem teljesen ertheto elnezest igyekszem akkor javitani)

Most a samba fut es fut az openldap is, csak nem tudom hogy tudok hozzadni illetve athozni csoportokat bele.

  • 2893 megtekintés

( hrgy84 | 2009. 02. 19., cs – 09:55 )

Migrationtools hasznalata:
- backupot keszitesz minden samba-related dologrol, config, tdbsam adatbazis (altalaba /var/lib/samba alatt), jelszavakat osszegyujteni, felirkalni!
- openldap -ba include-olni a samba.schema -t
- atallitod a samba-t ldapsam hasznalatara (rengeteg howto van ehhez a neten, ezt most nem irnam le)
- a /etc/passwd es /etc/group fajlokbol levalogatod azon usereket/csoportokat, amelyek a sambahoz tartoznak, a hozzajuk tartozo sorokat kipakolod egy fajlba, ezekbol a fajlokbol torlod oket (!! Figyelem !! NEM userdel !!).
- a migrationtools-ban a migrate_common.ph -t bekonfigolod a sajat rendszeredhez (dn-re figyelni kell, alapbol dc=padl,dc=com ami neked NEM lesz jo!!!!)
- a migrate_base segitsegevel kialakitod az alap layoutot az ldap-ban
- a migrate_passwd, migrate_group scriptek hasznalataval a levalogatott fajlokbol migralsz egyet.
- nss_ldap, pam_ldap beizzitasa (a hogyanert megint google, egyszeru nagyon...)
- userek ellenorzese, hogy latod-e linux alol.
- pdbedit-tel ujra fel kell venni a usereket, most lehet felhasznalni a regi jelszavakat (illetve mod nyilik az uj jelszo gyartasara)

Csoportokat a net groupmap-pal tudsz hozzaadni, eloszor letre kell hoznod az _ldapban_ mint unix csoportot, es utana lehet samba-val a net groupmap segitsegevel hozzaadni a csoportokat.

A slapindex-et kezzel csak nagy baj eseten inditjuk, az openldap eleg onallo ahhoz, hogy ne kelljen szivni ilyesmivel.

Sikert.
-- 


()=() Ki oda vagyik,
('Y') hol szall a galamb
C . C elszalasztja a
()_() kincset itt alant.

Koszi a segitseget, de van par kerdesem meg.

Meg nem sikerult befejezni a configolast de volt egy aramszunet es ujraindulasnal az ldap ugyan fut de a samba nem indul el, plusz az ldap nem tud csatlakozni meg. A configolas helytelensege miatt vannak valoszinuleg ezeka hibak, de par dolog meg nem vilagos szamomra.

-a migrate_base -sel miylen formaban tudom a layotokat kialkitani?
-a migrate_passwd, migrate_group scriptek -et ilyen formaban hasznaljam?

Na ezt mar megtalaltam de amikor kiadom ezt a parancsot:

mmcntr:/usr/share/migrationtools# ldapadd -D "ou=infg,dc=ort,dc=hu" -W -f /tmp/
Enter LDAP Password:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
mmcntr:/usr/share/migrationtools#

mmcntr:/usr/share/migrationtools# /etc/init.d/slapd start
Starting OpenLDAP: slapd.
mmcntr:/usr/share/migrationtools#ldapadd -D "ou=infg,dc=ort,dc=hu" -W -f /tmp/base.ldif
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
mmcntr:/usr/share/migrationtools#

Ezt miert irja ki?:S Nem fogadna ela jelszot?:(

(Elnezest, ha rosszul tettem volna fel a kerdeseimet)

___________________________________________________________________________________________________________________________

Az optimizmus nem azt jelenti, hogy valaki nem látja a problémákat, hanem hogy hisz abban, hogy mindig létezik egy megoldás.

Oke, ldap alapok:

Ez legyen minden gepen korrektul belove, kulonben szopasok lesznek: 


# /etc/ldap/ldap.conf
BASE=ort,dc=hu
# Ez cserelendo, ha nem itt fut
URI=ldap://127.0.0.1:389

ldapadd/ldapmodify -re en aliast szokok csinalni bashrc-ben, igy: 


alias ldapadd='ldapadd -D "cn=admin,dc=ort,dc=hu" -xW'
alias ldapmodify='ldapmodify -D "cn=admin,dc=ort,dc=hu" -xW'

-xW: Ekkor simple bind-del ker jelszot.
Utana relogin, es elerheto.
Hasznalat: 


# ldapadd -f /tmp/base.ldf
Password: ********

.. snip ..

A base egy altalanos layoutot csinal, olyan mindenkire jot. At kell nezni, nem kell minden belole, csak amit hasznalni akarsz. A People alatt altalaban a usereket meg a gepeket taroljuk, a Groups ala jonnek a csoportok, a tobbit izles szerint.

En a base migralas utan (ha nem kell extra objectClass a userekhez) akkor igy csinalom (aliasolt ldapadd mellett): 


egrep '^(kuka|szende|szundi|hapci|morgo|tudor|vidor):' /etc/passwd | ./migrate_passwd.pl - | ldapadd 
egrep '^(kuka|szende|szundi|hapci|morgo|tudor|vidor):' /etc/group | ./migrate_group.pl - | ldapadd

Ha nem csak samba, hanem egyeb mas is lesz a usereken, akkor szukseges lehet egy csere kozbeiktatasa, ugyanis az account nem a legbovithetobb objectclass: 


egrep '^(kuka|szende|szundi|hapci|morgo|tudor|vidor):' /etc/passwd | ./migrate_passwd.pl - | sed 's/objectClass: account/objectClass: person/g' | ldapadd

-- 


()=() Ki oda vagyik,
('Y') hol szall a galamb
C . C elszalasztja a
()_() kincset itt alant.

Végig csinaltam ez jo lett. Viszont kerdes, hogy:

Amit tmp konyvtar alatt letrehoztam ldif eket ugye ez reboot utan torlodik. A kérdés viszont az ha minden mukodott amit leírtal parancsokat is vegig csinaltam rebootnal miert nem kapcsolodik az ldap serverhez? es meg nem fogadja el a a sambanal a jelszavakat, amik voltak, lehet uj jelszvakat kene generaljak? az ldapadd fajlba (/usr/share/migrationtools) letrejottek aminek letre kellett jonnie atimportalta a csoportokat es usereket is, de pl az itt levo base.ldif es a tobbi is 0 meretu az baj?:( Csupan reboot utani indulaskor nem kapcsolodik az ldap. Arra tudok gondolni hogy az /etc/ldap/slapd ban a rootpw van rosszul elkodolva, de ez sem. Irjam be direktbe a jelszot oda is? nss_lap could't not connect, es hogy illegal seek, meg a csoportot sem talalja, szoval total nem ertem:( Bocs ha erthetelen amit irok, de nem nagyon ertem ezek utan miert nem mukodik:(

___________________________________________________________________________________________________________________________

Az optimizmus nem azt jelenti, hogy valaki nem látja a problémákat, hanem hogy hisz abban, hogy mindig létezik egy megoldás.

HHh... elmondtam az elejen, hogy a sambas jelszavakat ossze kell gyujtogetni, mert "azellen nem ved" vagyis azt nem migralja.

Varj. Az nsswitch.conf -ban levo ldap beallitas miatt folyamatosan akar kapcsolodni az ldap-hoz de nem sikerul neki (remelem a files-t bennehagytad, bar akkor meg rootkent se tudnal belogni...), ugyanakkor automatan failback-el a fajl alapura (Ezert mondtam, hogy ne migralj mindent ldap-ba). Elvileg ez elmulik, amint az ldap szerver elindul (ezert nem szokjak altalaban az ldap szervert meg a sambat egy gepre tenni, de ugye kis penz, kis foci, vegulis mukodik ez igy is).
Ha viszont az a baj, hogy bootolas kozben egyaltalan nem indul az ldap, akkor nezd meg a messages-t mert tuti valami baja van, es tuti elsirja a banatat. Ha nem, akkor vedd a loglevel-t a slapd.conf-ban nagyobbra.

A bootolas soran gyorsabban feladja, ha megkeresed a libnss-ldap.conf -ban a bind_policy -t, kiveszed elole a komment jelet, es a hard-ot soft-ra irod at.
-- 


()=() Ki oda vagyik,
('Y') hol szall a galamb
C . C elszalasztja a
()_() kincset itt alant.

Aham a jelszo biztos problemas lesz. (Akkor ezt elszurtam)

Az ldap elindul bootoláskor, de nem tud kapcsolódni ...

Ez van a messegben:

Feb 23 06:25:20 mmcntr syslogd 1.4.1#18: restart.
Feb 23 06:48:07 mmcntr -- MARK --
Feb 23 07:08:08 mmcntr -- MARK --
Feb 23 07:28:08 mmcntr -- MARK --
Feb 23 07:48:08 mmcntr -- MARK --
Feb 23 08:08:08 mmcntr -- MARK --

nsswitch.conf tartalma:

# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

#passwd: compat
passwd: files ldap
#group: compat
group: files ldap
shadow: files ldap

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: db files
publickey: nisplus
automount: files
aliases: files nisplus

libnss-ldap.conf tartalma:

###DEBCONF###
# the configuration of this file will be done by debconf as long as the
# first line of the file says '###DEBCONF###'
#
# you should use dpkg-reconfigure libnss-ldap to configure this file.
#
@(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#

# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
#host 127.0.0.1

# The distinguished name of the search base.
base dc=ort,dc=hu

# Another way to specify your LDAP server is to provide an
uri ldap://127.0.0.1/
# Unix Domain Sockets to connect to a local LDAP Server.
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
# Please do not put double quotes around it as they
# would be included literally.
#binddn cn=proxyuser,dc=padl,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw secret

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/libnss-ldap.secret (mode 600)
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
# of an editor to create the file.
rootbinddn cn=mmcntr,dc=ort,dc=hu

# The port.
# Optional: default is 389.
port 389

# The search scope.
#scope sub
#scope one
#scope base

# Search timelimit
#timelimit 30

# Bind/connect timelimit
#bind_timelimit 30

# Reconnect policy:
# hard_open: reconnect to DSA with exponential backoff if
# opening connection failed
# hard_init: reconnect to DSA with exponential backoff if
# initializing connection failed
# hard: alias for hard_open
# soft: return immediately on server failure
bind_policy soft

# Connection policy:
# persist: DSA connections are kept open (default)
# oneshot: DSA connections destroyed after request
#nss_connect_policy persist

# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600

# Use paged rseults
#nss_paged_results yes

# Pagesize: when paged results enable, used to set the
# pagesize to a custom value
#pagesize 1000

# Filter to AND with uid=%s
#pam_filter objectclass=account

# The user ID attribute (defaults to uid)
#pam_login_attribute uid

# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes

# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes

# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check_service_attr yes

# Group to enforce membership of
pam_groupdn cn=PAM,ou=Groups,dc=ort,dc=hu

# Group member attribute
#pam_member_attribute uniquemember

# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0

# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody

# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
#
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear

# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
pam_password crypt

# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds

# RACF is an alias for the above. For use with
# IBM RACF
#pam_password racf

# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad

# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop

# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change your password.

# Use backlinks for answering initgroups()
#nss_initgroups backlink

# Enable support for RFC2307bis (distinguished names in group
# members)
#nss_schema rfc2307bis

# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=People,dc=ort,dc=hu
nss_base_shadow ou=People,dc=ort,dc=hu
nss_base_group ou=Group,dc=ort,dc=hu
nss_base_hosts ou=Hosts,dc=ort,dc=hu
nss_base_services ou=Services,dc=ort,dc=hu
#nss_base_networks ou=Networks,dc=padl,dc=com?one
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
nss_base_netgroup ou=Netgroup,dc=ort,dc=hu

# attribute/objectclass mapping
# Syntax:
nss_map_attribute rfc2307attribute mapped_attribute
nss_map_objectclass rfc2307objectclass mapped_objectclass

# configure --enable-nds is no longer supported.
# NDS mappings
#nss_map_attribute uniqueMember member

# Services for UNIX 3.5 mappings
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid msSFU30Name
#nss_map_attribute uniqueMember msSFU30PosixMember
#nss_map_attribute userPassword msSFU30Password
#nss_map_attribute homeDirectory msSFU30HomeDirectory
#nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
#pam_login_attribute msSFU30Name
pam_filter objectclass=User
pam_password ad

# configure --enable-mssfu-schema is no longer supported.
# Services for UNIX 2.0 mappings
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount user
nss_map_attribute uid msSFUName
nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
pam_filter objectclass=User
pam_password ad

# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
#nss_map_attribute uid sAMAccountName
#nss_map_attribute homeDirectory unixHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
#nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad

# configure --enable-authpassword is no longer supported
# AuthPassword mappings
nss_map_attribute userPassword authPassword

# AIX SecureWay mappings
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear

# For pre-RFC2307bis automount schema
#nss_map_objectclass automountMap nisMap
#nss_map_attribute automountMapName nisMapName
#nss_map_objectclass automount nisObject
#nss_map_attribute automountKey cn
#nss_map_attribute automountInformation nisMapEntry

# Netscape SDK LDAPS
ssl on

# Netscape SDK SSL options
sslpath /etc/ssl/certs

# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
ssl on

# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is to use libldap's default behavior, which can be configured in
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
#tls_checkpeer yes

# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs

# Seed the PRNG if /dev/urandom is not provided
tls_randfile /var/run/egd-pool

# SSL cipher suite
# See man ciphers for syntax
tls_ciphers TLSv1

# Client certificate and key
# Use these, if your server requires client authentication.
tls_cert
tls_key

# Disable SASL security layers. This is needed for AD.
sasl_secprops maxssf=0

# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache

Lehetseges hogy ebbena configban szurtam el meg valamit. ssl beallitasokat kene meg megnezzem?

A belso halon van ssl ez nem lehet problema, de remélem hogy utolag is tudoam jelszavas problemara megoldast talani...

_______________________________________________________________________________________
Az optimizmus nem azt jelenti, hogy valaki nem látja a problémákat, hanem hogy hisz abban, hogy mindig létezik egy megoldás.

Ez a messages sajnos nagyon keves. Szerintem grep-pelj 'slapd' -ra a /var/log alatt, a syslog valahova biztos lepakolja a slapd uzeneteit. Ha a slapd nem indul el, akkor persze nem is lehet hozza kapcsolodni.

libnss-ldap:
- bindpw miert van engedve, ha nincs binddn?ű
- pam_groupdn cn=PAM,ou=Groups,dc=ort,dc=hu - ???????

Illetve itt osszevissza vannak dolgok engedelyezve. Vagy rosszul illesztetted be a konfigot, vagy valami nagyon el van itt szurva, az lenne a csoda, ha mukodne.
Ha az utobbi, akkor szerintem ezt a konfigot gyorsan dobd ki, valahonnan elo kellene vadaszni az eredeti konfigfajlt ('apt-get source' a baratod), es kezzel engedelyezni ami kell neked. Tenyleg nagyon nem jo ez igy.

-- 


()=() Ki oda vagyik,
('Y') hol szall a galamb
C . C elszalasztja a
()_() kincset itt alant.

Emlékeztem mik elol vettem kia remet, visszaraktam:

# PADL Software
# http://www.padl.com
#

# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
host 127.0.0.1

# The distinguished name of the search base.
base dc=ort,dc=hu

# Another way to specify your LDAP server is to provide an
# uri ldap://127.0.0.1/
# Unix Domain Sockets to connect to a local LDAP Server.
# uri ldap://127.0.0.1/
# uri ldaps://127.0.0.1/
# uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
#uri ldaps://mmcntr.ort.hu

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
# Please do not put double quotes around it as they
# would be included literally.
#binddn cn=proxyuser,dc=padl,dc=com

# The credentials to bind with.
# Optional: default is no credential.
#bindpw secret

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/libnss-ldap.secret (mode 600)
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
# of an editor to create the file.
rootbinddn cn=mmcntr,dc=ort,dc=hu

# The port.
# Optional: default is 389.
port 389

# The search scope.
#scope sub
#scope one
#scope base

# Search timelimit
timelimit 2

# Bind/connect timelimit
#bind_timelimit 2

# Reconnect policy:
# hard_open: reconnect to DSA with exponential backoff if
# opening connection failed
# hard_init: reconnect to DSA with exponential backoff if
# initializing connection failed
# hard: alias for hard_open
# soft: return immediately on server failure
bind_policy soft

# Connection policy:
# persist: DSA connections are kept open (default)
# oneshot: DSA connections destroyed after request
#nss_connect_policy persist

# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600

# Use paged rseults
#nss_paged_results yes

# Pagesize: when paged results enable, used to set the
# pagesize to a custom value
#pagesize 1000

# Filter to AND with uid=%s
#pam_filter objectclass=account

# The user ID attribute (defaults to uid)
#pam_login_attribute uid

# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes

# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes

# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check_service_attr yes

# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=ort,dc=hu

# Group member attribute
#pam_member_attribute uniquemember

# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0

# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody

# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
#
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear

# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt

# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds

# RACF is an alias for the above. For use with
# IBM RACF
#pam_password racf

# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad

# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop

# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change your password.

# Use backlinks for answering initgroups()
#nss_initgroups backlink

# Enable support for RFC2307bis (distinguished names in group
# members)
#nss_schema rfc2307bis

# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd ou=People,dc=ort,dc=hu
#nss_base_shadow ou=People,dc=ort,dc=hu
#nss_base_group ou=Group,dc=ort,dc=hu
#nss_base_hosts ou=Hosts,dc=ort,dc=hu
#nss_base_services ou=Services,dc=ort,dc=hu
#nss_base_networks ou=Networks,dc=padl,dc=com?one
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=ort,dc=hu

# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attribute mapped_attribute
#nss_map_objectclass rfc2307objectclass mapped_objectclass

# configure --enable-nds is no longer supported.
# NDS mappings
#nss_map_attribute uniqueMember member

# Services for UNIX 3.5 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount User
#nss_map_attribute uid msSFU30Name
#nss_map_attribute uniqueMember msSFU30PosixMember
#nss_map_attribute userPassword msSFU30Password
#nss_map_attribute homeDirectory msSFU30HomeDirectory
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#pam_login_attribute msSFU30Name
#pam_filter objectclass=User
#pam_password ad

# configure --enable-mssfu-schema is no longer supported.
# Services for UNIX 2.0 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad

# RFC 2307 (AD) mappings
#nss_map_objectclass posixAccount user
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid sAMAccountName
#nss_map_attribute homeDirectory unixHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup group
#nss_map_attribute uniqueMember member
#pam_login_attribute sAMAccountName
#pam_filter objectclass=User
xpam_password ad

# configure --enable-authpassword is no longer supported
# AuthPassword mappings
#nss_map_attribute userPassword authPassword

# AIX SecureWay mappings
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear

# For pre-RFC2307bis automount schema
#nss_map_objectclass automountMap nisMap
#nss_map_attribute automountMapName nisMapName
#nss_map_objectclass automount nisObject
#nss_map_attribute automountKey cn
#nss_map_attribute automountInformation nisMapEntry

# Netscape SDK LDAPS
#ssl on

# Netscape SDK SSL options
#sslpath /etc/ssl/certs

# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
#ssl start_tls
ssl on

# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is to use libldap's default behavior, which can be configured in
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
#tls_checkpeer yes

# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs

# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool

# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1

# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key

# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0

# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache

Ez meg lenne az sldap.conf:

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

#######################################################################
# Global Directives:

# Features to permit
allow bind_v2

# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/misc.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel 0

# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend hdb
checkpoint 512 30

#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend

#######################################################################
# Specific Directives for database #1, of type hdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database hdb

# The base of your directory in database #1
suffix "dc=ort,dc=hu"

# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=mmcntr,dc=ort,dc=hu"

# Where the database file are physically stored for database #1
directory "/var/lib/ldap"

# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0

# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index objectClass eq
index uid,uidNumber eq
index cn eq
index SambaSID eq

# Save the time that the entry gets modified, for database #1
lastmod on

rootdn "cn=infg,dc=ort,dc=hu"
rootpw {SSHA}arNrHsokJB8JRSZ4TQf9nDqbMFHbWOJG
#rootpw mm20tt40

# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn="cn=infg,dc=ort,dc=hu" write
by self write
by * compare

access to *
by self write
by users read
by * read

# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
#access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=infg,dc=ort,dc=hu" write
by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=mmcntr,dc=ort,dc=hu" write
# by dnattr=owner write

#######################################################################
# Specific Directives for database #2, of type 'other' (can be hdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database

# The base of your directory for database #2
#suffix "dc=ort,dc=hu"

Ez a smb.conf:

# Global parameters
[global]
;workgroup = ort
;netbios name = MMCNTR
server string = mmcntr.ort.hu
smb ports = 389
security = user
interfaces = eth0 *lo
username map = /etc/samba/smbusers
encrypt passwords = Yes
;min passwd length = 6
pam password change = yes
;obey pam restrictions = No
ldap passwd sync = Yes
unix password sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
passwd chat debug = Yes
log level = 256
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = CP852
Unix charset = ISO8859-2

;logon script = logon.bat
;logon drive = H:
logon home =
;logon path =

domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://mmcntr.ort.hu/
ldap admin dn = cn=infg,dc=ort,dc=hu
ldap admin dn = cn=infg,ou=Groups,dc=ort,dc=hu
ldap suffix = dc=ort,dc=hu
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
;ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

[netlogon]
path = /samba/netlogon/
browseable = No
read only = yes

[profiles]
path = /samba/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
; next line is a great way to secure the profiles
force user = %U
force group = %G
;next line allows administrator to access all profiles
valid users = %U @infg

[Film]
comment = Film konyvtar
browseable = yes
writable = yes
create mask = 0775
directory mask = 0775
path = /~wshare/Film
guest ok = no
read only = no
valid users = @infg
write list = @infg
force group = infg

[Zene]
comment = Zene konyvtar
browseable = yes
writable = yes
create mask = 0775
directory mask = 0775
path = /~wshare/Zene
guest ok = no
read only = no
valid users = @infg
write list = @infg
force group = infg

[csomagok]
comment = debian csomagok konyvtar
browseable = yes
writable = yes
create mask = 0775
directory mask = 0775
path = /~wshare/csomagok
guest ok = no
read only = no
valid users = @infg
write list = @infg
force group = infg

Ez lenne az smbd.log:

[2009/02/23 10:34:34, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/02/23 10:34:34, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/02/23 10:34:34, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2009/02/23 10:34:34, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/02/23 10:34:34, 10] groupdb/mapping.c:pdb_create_builtin_alias(1343)
Trying to create builtin alias 544
[2009/02/23 10:34:34, 10] passdb/lookup_sid.c:check_dom_sid_to_level(613)
Accepting SID S-1-5-32 in level 1
[2009/02/23 10:34:34, 10] passdb/lookup_sid.c:lookup_sid(867)
Sid S-1-5-32-544 -> BUILTIN\Administrators(4)
[2009/02/23 10:34:34, 3] groupdb/mapping.c:pdb_create_builtin_alias(1364)
pdb_create_builtin_alias: Could not get a gid out of winbind
[2009/02/23 10:34:34, 0] auth/auth_util.c:create_builtin_administrators(785)
create_builtin_administrators: Failed to create Administrators
[2009/02/23 10:34:34, 2] auth/auth_util.c:create_local_nt_token(899)
create_local_nt_token: Failed to create BUILTIN\Administrators group!
[2009/02/23 10:34:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/02/23 10:34:34, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/02/23 10:34:34, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/02/23 10:34:34, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/02/23 10:34:34, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2009/02/23 10:34:34, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/02/23 10:34:34, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Groups,dc=ort,dc=hu], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
[2009/02/23 10:34:34, 5] lib/smbldap.c:smbldap_close(1080)
The connection to the LDAP server was closed
[2009/02/23 10:34:34, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:34, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:34, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:34, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:34, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 1 try!
[2009/02/23 10:34:35, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:35, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:35, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:35, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:35, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 2 try!
[2009/02/23 10:34:36, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:36, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:36, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:36, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:36, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 3 try!
[2009/02/23 10:34:37, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:37, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:37, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:37, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:37, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 4 try!
[2009/02/23 10:34:38, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:38, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:38, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:38, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:38, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 5 try!
[2009/02/23 10:34:39, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:39, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:39, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:39, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:39, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 6 try!
[2009/02/23 10:34:40, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:40, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:40, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:40, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:40, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 7 try!
[2009/02/23 10:34:41, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:41, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:41, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:41, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:41, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 8 try!
[2009/02/23 10:34:42, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:42, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:42, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:42, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:42, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 9 try!
[2009/02/23 10:34:43, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:43, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:43, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:43, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:43, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 10 try!
[2009/02/23 10:34:44, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:44, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:44, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:44, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:44, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 11 try!
[2009/02/23 10:34:45, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:45, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:45, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:45, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:45, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 12 try!
[2009/02/23 10:34:46, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:46, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:46, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:46, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:46, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 13 try!
[2009/02/23 10:34:47, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:47, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:47, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:47, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:47, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 14 try!
[2009/02/23 10:34:48, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:48, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:48, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:48, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:48, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 15 try!
[2009/02/23 10:34:49, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:49, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:49, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:49, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:49, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/02/23 10:34:49, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/02/23 10:34:49, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/02/23 10:34:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/02/23 10:34:49, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2009/02/23 10:34:49, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/02/23 10:34:49, 10] groupdb/mapping.c:pdb_create_builtin_alias(1343)
Trying to create builtin alias 545
[2009/02/23 10:34:49, 10] passdb/lookup_sid.c:check_dom_sid_to_level(613)
Accepting SID S-1-5-32 in level 1
[2009/02/23 10:34:49, 10] passdb/lookup_sid.c:lookup_sid(867)
Sid S-1-5-32-545 -> BUILTIN\Users(4)
[2009/02/23 10:34:49, 3] groupdb/mapping.c:pdb_create_builtin_alias(1364)
pdb_create_builtin_alias: Could not get a gid out of winbind
[2009/02/23 10:34:49, 0] auth/auth_util.c:create_builtin_users(751)
create_builtin_users: Failed to create Users
[2009/02/23 10:34:49, 2] auth/auth_util.c:create_local_nt_token(926)
create_local_nt_token: Failed to create BUILTIN\Users group!
[2009/02/23 10:34:49, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/02/23 10:34:49, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Groups,dc=ort,dc=hu], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-3961335713-1468094803-2624661774-501)(sambaSIDList=S-1-22-2-65534)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]
[2009/02/23 10:34:49, 5] lib/smbldap.c:smbldap_close(1080)
The connection to the LDAP server was closed
[2009/02/23 10:34:49, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:49, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:49, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:49, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:49, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 1 try!
[2009/02/23 10:34:50, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:50, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:50, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:50, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:50, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 2 try!
[2009/02/23 10:34:51, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:51, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:51, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:51, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:51, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 3 try!
[2009/02/23 10:34:52, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:52, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:52, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:52, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:52, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 4 try!
[2009/02/23 10:34:53, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:53, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:53, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:53, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:53, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 5 try!
[2009/02/23 10:34:54, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:54, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:54, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:54, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:54, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 6 try!
[2009/02/23 10:34:55, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:55, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:55, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:55, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:55, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 7 try!
[2009/02/23 10:34:56, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:56, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:56, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:56, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:56, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 8 try!
[2009/02/23 10:34:57, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:57, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:57, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:57, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:57, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 9 try!
[2009/02/23 10:34:58, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:58, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:58, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:58, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:58, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 10 try!
[2009/02/23 10:34:59, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:34:59, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:34:59, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:34:59, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:34:59, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 11 try!
[2009/02/23 10:35:00, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:35:00, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:35:00, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:35:00, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:35:00, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 12 try!
[2009/02/23 10:35:01, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:35:01, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:35:01, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:35:01, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:35:01, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 13 try!
[2009/02/23 10:35:02, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:35:02, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:35:02, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:35:02, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:35:02, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 14 try!
[2009/02/23 10:35:03, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:35:03, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:35:03, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:35:03, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:35:03, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 15 try!
[2009/02/23 10:35:04, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/23 10:35:04, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/23 10:35:04, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/02/23 10:35:04, 0] lib/smbldap.c:smbldap_connect_system(936)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2009/02/23 10:35:04, 10] auth/auth_util.c:add_aliases(653)
pdb_enum_alias_memberships failed: NT_STATUS_UNSUCCESSFUL
[2009/02/23 10:35:04, 10] auth/auth_util.c:make_new_server_info_guest(1409)
create_local_token failed: NT_STATUS_NO_SUCH_USER
[2009/02/23 10:35:04, 0] smbd/server.c:main(960)
ERROR: failed to setup guest info.

es reszletek az nmbd.log:

009/02/23 11:13:11, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(454)
process_name_query_request: Name query from 10.1.0.133 on subnet 10.1.3.127 for name FR3BDF.ort.HU<20>
[2009/02/23 11:13:11, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(133)
find_name_on_subnet: on subnet 10.1.3.127 - name FR3BDF.ort.HU<20> NOT FOUND
[2009/02/23 11:13:11, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for WORKGROUP on subnet 10.1.3.127: found.
[2009/02/23 11:13:11, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382)
announce_myself_to_domain_master_browser: t (1235387590) - last(1235387357) < 900
[2009/02/23 11:13:11, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for WORKGROUP on subnet UNICAST_SUBNET: found.
[2009/02/23 11:13:11, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for WORKGROUP on subnet UNICAST_SUBNET: found.
[2009/02/23 11:13:11, 10] lib/util_sock.c:read_udp_socket(294)
read_udp_socket: lastip 10.1.0.141 lastport 137 read: 50
[2009/02/23 11:13:11, 10] libsmb/nmblib.c:parse_nmb(506)
parse_nmb: packet id = 32828
[2009/02/23 11:13:11, 5] libsmb/nmblib.c:read_packet(755)
Received a packet of len 50 from (10.1.0.141) port 137
[2009/02/23 11:13:11, 4] libsmb/nmblib.c:debug_nmb_packet(112)
nmb packet from 10.1.0.141(137) header: id=32828 opcode=Query(0) response=No
header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No
header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
question: q_name=FR3BDF.ort.HU<20> q_type=32 q_class=1
[2009/02/23 11:13:11, 10] nmbd/nmbd_winsserver.c:packet_is_for_wins_server(492)
packet_is_for_wins_server: failing WINS test #1.
[2009/02/23 11:13:11, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(454)
process_name_query_request: Name query from 10.1.0.141 on subnet 10.1.3.127 for name FR3BDF.ort.HU<20>
[2009/02/23 11:13:11, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(133)
find_name_on_subnet: on subnet 10.1.3.127 - name FR3BDF.ort.HU<20> NOT FOUND
[2009/02/23 11:13:11, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for WORKGROUP on subnet 10.1.3.127: found.
[2009/02/23 11:13:11, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382)
announce_myself_to_domain_master_browser: t (1235387591) - last(1235387357) < 900
[2009/02/23 11:13:11, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282)
dump_workgroups()
dump workgroup on subnet 10.1.3.127: netmask= 255.255.252.0:
ort(5) current master browser = FR3BDF
MUNKACSOPORT(4) current master browser = ITFO-916B5B84C8
MSHOME(3) current master browser = 09FSD131
ortOKT(2) current master browser = ort-NR-OKT
WORKGROUP(1) current master browser = MMCNTR
MMCNTR 408c9b2b (mmcntr.ort.hu)
GWCL2-W 40819a03 (Samba 3.0.26a-0.7-1616-SUSE-SLES9)
GWCL1-W 40819a03 (Samba 3.0.26a-0.7-1616-SUSE-SLES9)
XRX0000AAAC2764 40402203 ()
XRX0000AAAC27F8 40402203 ()
XRX0000AAAC2784 40412203 ()
KMBT4A9123 40000303 ()
XRX0000AAAC2787 40412203 ()
BARNA-HPN 40011003 ()
VM02 40011003 ()
CX3-10-SPA 40001402 ()
CX3-10-SPB 40001402 ()
NPI8F4C49 40000003 ()
NPI899052 40000003 ()
NPI8F8CEF 40000003 ()
NPI89C007 40000003 ()
KMBT4AF410 40000303 ()
KMBT4A7D10 40000303 ()
[2009/02/23 11:13:11, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(282)
dump_workgroups()
dump workgroup on subnet UNICAST_SUBNET: netmask= 127.0.0.1:
WORKGROUP(1) current master browser = UNKNOWN
MMCNTR 40899b2b (mmcntr.ort.hu)
[2009/02/23 11:13:11, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for WORKGROUP on subnet UNICAST_SUBNET: found.
[2009/02/23 11:13:11, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for WORKGROUP on subnet UNICAST_SUBNET: found.
[2009/02/23 11:13:12, 10] lib/util_sock.c:read_udp_socket(294)
read_udp_socket: lastip 10.1.0.141 lastport 137 read: 50
[2009/02/23 11:13:12, 10] libsmb/nmblib.c:parse_nmb(506)
parse_nmb: packet id = 32828
[2009/02/23 11:13:12, 5] libsmb/nmblib.c:read_packet(755)
Received a packet of len 50 from (10.1.0.141) port 137
[2009/02/23 11:13:12, 4] libsmb/nmblib.c:debug_nmb_packet(112)
nmb packet from 10.1.0.141(137) header: id=32828 opcode=Query(0) response=No
header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No
header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
question: q_name=FR3BDF.ort.HU<20> q_type=32 q_class=1
[2009/02/23 11:13:12, 10] nmbd/nmbd_winsserver.c:packet_is_for_wins_server(492)
packet_is_for_wins_server: failing WINS test #1.
[2009/02/23 11:13:12, 3] nmbd/nmbd_incomingrequests.c:process_name_query_request(454)
process_name_query_request: Name query from 10.1.0.141 on subnet 10.1.3.127 for name FR3BDF.ort.HU<20>
[2009/02/23 11:13:12, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(133)
find_name_on_subnet: on subnet 10.1.3.127 - name FR3BDF.ort.HU<20> NOT FOUND
[2009/02/23 11:13:12, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for WORKGROUP on subnet 10.1.3.127: found.
[2009/02/23 11:13:12, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382)
announce_myself_to_domain_master_browser: t (1235387591) - last(1235387357) < 900
[2009/02/23 11:13:12, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for WORKGROUP on subnet UNICAST_SUBNET: found.
[2009/02/23 11:13:12, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(171)
find_workgroup_on_subnet: workgroup search for WORKGROUP on subnet UNICAST_SUBNET: found.

________________________________________________________________________________________________________________________________-
Az optimizmus nem azt jelenti, hogy valaki nem látja a problémákat, hanem hogy hisz abban, hogy mindig létezik egy megoldás.


passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!

Khmm... smbpasswd -w 'EzAzLDAPAdminDNJelszava'

Maskor tessek figyelmesebben olvasni a doksikat. Ez az smb.conf modositasa utan rogton megteendo dolgok egyike.

Azt mindenkepp ellenorizd, hogy az 'id' parancs megtalalja-e a felvett usereket. Ha nem, akkor meg PAM/NSS LDAP lookup problema is lehet.

-- 


()=() Ki oda vagyik,
('Y') hol szall a galamb
C . C elszalasztja a
()_() kincset itt alant.

mmcntr:~# smbpasswd -w 'LDAPJELSZO'
Setting stored password for "cn=mmcntr,ou=Groups,dc=ort,dc=hu" in secrets.tdb
mmcntr:~# ps ax

mmcntr:~# id
uid=0(root) gid=0(root) csoportok=0(root)
mmcntr:~#

Nem igazan latom megtalalja a csoportokat es usereket.:(
Meg most mar az is problema, hogy valmit nagyon elconfigolhattam, rebootnal nagyon lassan indul par alkalmazas el, vana mi el sem indul.

Meg ha be ssh zok 1-2 perc mire beadja a password mezot, es megitn par perc mire rootra valtok.:(

Es van ket alkalmazas is ami eleve sleep, es kis em birom loni.

__________________________________________________________________________________________________________________________
Az optimizmus nem azt jelenti, hogy valaki nem látja a problémákat, hanem hogy hisz abban, hogy mindig létezik egy megoldás.

Oke, eloszor is talan probald meg a man id-t... :-)

Az id paranccsal nem csak a sajat accountod infoit kerdezheted le, hanem mas usereket is.
Peldaul: 


waffel:~# id hron
uid=1000(hron) gid=1000(hron) groups=1000(hron),4(adm)
waffel:~#

Ennek segitsegevel (es az LDAP-ba belepakolt userek nevevel) fel lehet fedezni, miket lat az NSS.

A masik tipp: erdemes az LDAP szerver konfigjaban beallitani a logolast, mert ilyenkor a syslog-ba lelogolja, milyen query-k tortentek, es milyen reakciok szulettek ra.

Ne vard, hogy elsore megoldod, mert nem trivialis. Mindenkepp ajanlom a man es a Google-ban lelheto tutorialok tobbszoros atnezeset, mert szinte biztos, hogy eltolsz valamit, viszont csak te latod at a rendszer beallitasait, hogy rajojj, mit tolsz el.

Btw. erdemes az ldap szerverre mindenutt IP-vel hivatkozni, hogy 1) esetleg egy DNS szerver elszallasa eseten a LDAP ne szalljon vele 2) a lekerdezesek gyorsabbak, ha nincs DNS lookup elotte.
-- 


()=() Ki oda vagyik,
('Y') hol szall a galamb
C . C elszalasztja a
()_() kincset itt alant.

Köszi, igazad van a man...:) Alapvetoen hasznalom is...:)

Nos:

mmcntr:~# id hadm
uid=1001(hadm) gid=1001 csoportok=1001,1002(infg)
mmcntr:~#

mmcntr:~# id infc
uid=1008(infc) gid=1010(infc) csoportok=1010(infc),1002(infg)
mmcntr:~#

Ezek stimmelnek is.

Azt hiszem ez alpvetoen jo, egyet nem ertek miert rakja a csoport azonositoba bele a uid ot is?:) Amugy van meg mit configolnom, de kezedek rajonni hogy mukodik, sajna az elejen ilyen illegal seek eket ir meg valamit nem is talal, biztos config problema, csak meg nem tudom hol rontottam el, de sokat segitettel, es ezt nagyon szepen koszonom. (Rajottem, hogy sok oda nem illo folyamat futott ezert apt-get --purge remove csomaggal eltavolitottam oket, igy mar gyorsan felall a rendszer, kiveve a bind amivel kicsit elszorakozik.)

Fut is az ldap, de valami meg nem oke, mert windows alol total commanderrel, cstalkozni probal, de nem tud, akkor valoszinua smb.conf ba lesz a hiba?
Meg valamit nem ertek, ez esetben a smb.conf ban van egy logon script ami egy bat fajlt indit el, ezt mindekeppen hazsnalnom kell (en ezt kicommenteztem)?
2787 ? Ss 0:00 /sbin/syslogd
2793 ? Ss 0:00 /sbin/klogd -x
2805 ? Ssl 0:00 /usr/sbin/named -u bind
2837 ? Ssl 0:00 /usr/sbin/lwresd
2865 ? Ssl 0:00 /usr/sbin/slapd -g openldap -u openldap
2939 ? Ss 0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
2954 ? S 0:00 /usr/sbin/atalkd
2958 ? S 0:00 /usr/sbin/papd
2960 ? S 0:00 /usr/sbin/afpd -U uams_dhx.so,uams_clrtxt.so,uams_randnum.so -g nobody -c 50 -n mmcntr
2962 ? S 0:00 /usr/sbin/cnid_metad

_______________________________________________________________________________________________________________________
Az optimizmus nem azt jelenti, hogy valaki nem látja a problémákat, hanem hogy hisz abban, hogy mindig létezik egy megoldás.

Ez a debug logja:

Feb 25 10:59:54 mmcntr slapd[2876]: ^IEQUALITY
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_filter_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_list_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_filter_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_list_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_filter_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_list_candidates: id=0 first=1 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_filter_candidates: id=0 first=1 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: begin get_filter
Feb 25 10:59:54 mmcntr slapd[2876]: AND
Feb 25 10:59:54 mmcntr slapd[2876]: begin get_filter_list
Feb 25 10:59:54 mmcntr slapd[2876]: begin get_filter
Feb 25 10:59:54 mmcntr slapd[2876]: EQUALITY
Feb 25 10:59:54 mmcntr slapd[2876]: end get_filter 0
Feb 25 10:59:54 mmcntr slapd[2876]: begin get_filter
Feb 25 10:59:54 mmcntr slapd[2876]: EQUALITY
Feb 25 10:59:54 mmcntr slapd[2876]: end get_filter 0
Feb 25 10:59:54 mmcntr slapd[2876]: end get_filter_list
Feb 25 10:59:54 mmcntr slapd[2876]: end get_filter 0
Feb 25 10:59:54 mmcntr slapd[2876]: => bdb_filter_candidates
Feb 25 10:59:54 mmcntr slapd[2876]: ^IAND
Feb 25 10:59:54 mmcntr slapd[2876]: => bdb_list_candidates 0xa0
Feb 25 10:59:54 mmcntr slapd[2876]: => bdb_filter_candidates
Feb 25 10:59:54 mmcntr slapd[2876]: ^IOR
Feb 25 10:59:54 mmcntr slapd[2876]: => bdb_list_candidates 0xa1
Feb 25 10:59:54 mmcntr slapd[2876]: => bdb_filter_candidates
Feb 25 10:59:54 mmcntr slapd[2876]: ^IEQUALITY
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_filter_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: => bdb_filter_candidates
Feb 25 10:59:54 mmcntr slapd[2876]: ^IAND
Feb 25 10:59:54 mmcntr slapd[2876]: => bdb_list_candidates 0xa0
Feb 25 10:59:54 mmcntr slapd[2876]: => bdb_filter_candidates
Feb 25 10:59:54 mmcntr slapd[2876]: ^IEQUALITY
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_filter_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_list_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_filter_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_list_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_filter_candidates: id=0 first=0 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_list_candidates: id=0 first=1 last=0
Feb 25 10:59:54 mmcntr slapd[2876]: <= bdb_filter_candidates: id=0 first=1 last=0

ez pedig a samba log.wb-WORKGROUP:
[2009/02/25 11:06:25, 4] nsswitch/winbindd_dual.c:fork_domain_child(809)
child daemon request 18
[2009/02/25 11:06:25, 10] nsswitch/winbindd_dual.c:child_process_request(395)
process_request: request fn LIST_TRUSTDOM
[2009/02/25 11:06:25, 3] nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_domains(121)
[ 3078]: list trusted domains
[2009/02/25 11:06:25, 18] tdb/tdbutil.c:tdb_search_keys(853)
checking SECRETS/SID/MMCNTR for match to pattern SECRETS/$DOMTRUST.ACC/*
[2009/02/25 11:06:25, 18] tdb/tdbutil.c:tdb_search_keys(853)
checking SECRETS/SID/WORKGROUP for match to pattern SECRETS/$DOMTRUST.ACC/*
[2009/02/25 11:06:25, 18] tdb/tdbutil.c:tdb_search_keys(853)
checking SECRETS/LDAP_BIND_PW/cn=mmcntr,ou=Groups,dc=ort,dc=hu for match to pattern SECRETS/$DOMTRUST.ACC/*
[2009/02/25 11:06:25, 18] tdb/tdbutil.c:tdb_search_keys(853)
checking SECRETS/LDAP_BIND_PW/cn=infg,dc=ort,dc=hu for match to pattern SECRETS/$DOMTRUST.ACC/*
[2009/02/25 11:06:25, 5] passdb/secrets.c:secrets_trusted_domains(756)
secrets_get_trusted_domains: got 0 domains
[2009/02/25 11:06:25, 10] nsswitch/winbindd_cache.c:cache_store_response(1966)
Storing response for pid 3106, len 3240
[2009/02/25 11:06:25, 11] lib/events.c:run_events(87)
run_events: No events

es ez a smb.log:

[2009/02/25 10:59:54, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 15 try!
[2009/02/25 10:59:55, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
smb_ldap_setup_connection: ldap://mmcntr.ort.hu/
[2009/02/25 10:59:55, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2009/02/25 10:59:55, 10] lib/smbldap.c:smbldap_connect_system(947)
ldap_connect_system: Binding to ldap server ldap://mmcntr.ort.hu/ as "cn=mmcntr,ou=Groups,dc=ort,dc=hu"
[2009/02/25 10:59:55, 2] lib/smbldap.c:smbldap_connect_system(977)
failed to bind to server ldap://mmcntr.ort.hu/ with dn="cn=mmcntr,ou=Groups,dc=ort,dc=hu" Error: Invalid credentials

[2009/02/25 10:59:55, 10] auth/auth_util.c:add_aliases(653)
pdb_enum_alias_memberships failed: NT_STATUS_UNSUCCESSFUL
[2009/02/25 10:59:55, 10] auth/auth_util.c:make_new_server_info_guest(1409)
create_local_token failed: NT_STATUS_NO_SUCH_USER
[2009/02/25 10:59:55, 0] smbd/server.c:main(960)
ERROR: failed to setup guest info.

Nem tudom, a slapd loggolast beallitottam megsem loggol...

_____________________________________________________________________________________________________________________________
Az optimizmus nem azt jelenti, hogy valaki nem látja a problémákat, hanem hogy hisz abban, hogy mindig létezik egy megoldás.