openldap-2.2.15 + samba-3.0.10.1 = pdc

strejiok · Отправлено: **16:21, 11-02-2005** | #10

Ну млин народ... ПОЖАЛУЙСТА!!! ЕСЛИ МОЖЕТЕ! ОБЬЯСНИТЕ!
Я понимаю что гугл маны и оффсайты рулят... я прошу рассказать как сделать самый простенький Pdc именно P БЕЗ B!!! мне нужен просто PrimaryDC!
Еще раз повторю мне НЕ нужен ПОЛНОЦЕННЫЙ АктивДиректори. НЕ нужно предлагать винду и флеймить...

Нужно:
компы (winxp) добавить в домен.
юзера могли логинится в домен.
ВСЕ!

Вот что у меня получается:
-------------------------------------smb.conf-------------------------------------
[global]
workgroup = POEVM
server string = Samba Server with full LDAP support
netbios name = main
announce version = 5.1
hide unreadable = yes
dos charset = CP866
unix charset = KOI8-R
display charset = KOI8-R
os level = 255
local master = yes
domain master = yes
preferred master = yes
wins support = yes
dns proxy = yes
security = user
password server = *
encrypt passwords = yes
null passwords = yes
invalid users = nobody
domain logons = yes
logon path = \\%L\Profiles\9x\%m\%U
logon home = \\%L\%U
logon drive = H:
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = "ou=samba,dc=poevm,dc=kture"
ldap suffix = "ou=samba,dc=poevm,dc=kture"
ldap ssl = off
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
winbind uid = 10000-65000
winbind gid = 10000-65000
winbind separator = +
socket options = TCP_NODELAY
log file = //var/logs/samba/log.%m
log level = 1
max log size = 50
[netlogon]
path = /opt/samba/var/netlogon
locking = no
read only = yes
[profiles]
path = /opt/samba/var/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700
[homes]
comment = user homes
browsable = no
read only = no
writeable = yes
create mask = 0600
directory mask = 0700
-----------------------------------------------------------------------------------

-----------------------------------sldap.conf------------------------------------------------
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
allow bind_v2
access to dn="ou=samba,dc=poevm,dc=kture"
by dn="cn=admin,dc=poevm,dc=kture" write
by dn="ou=samba,dc=poevm,dc=kture" write
by self write
by anonymous auth
access to dn="ou=NIS,dc=poevm,dc=kture"
by dn="cn=admin,dc=poevm,dc=kture" write
by dn="ou=samba,dc=poevm,dc=kture" write
by self write
by anonymous auth
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=admin,dc=poevm,dc=kture" write
by * none
access to *
by dn="cn=admin,dc=poevm,dc=kture" write
by self write
by anonymous auth
TLSCertificateFile /usr/local/etc/openldap/keys/slapd.pem
TLSCertificateKeyFile /usr/local/etc/openldap/keys/slapd.pem
database bdb
suffix "dc=poevm,dc=kture"
rootdn "cn=admin,dc=poevm,dc=kture"
rootpw {CRYPT}T.vaLqrO2k6f3
directory /var/db/openldap-data
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
---------------------------------------------------------------------------------------------

--------------------------------------ldap.conf--------------------------------------------
BASE dc=poevm,dc=kture
URI ldap://127.0.0.1
TLS hard
TLS_CERT /usr/local/etc/openldap/keys/ldap.pem
TLS_KEY /usr/local/etc/openldap/keys/ldap.pem
TLS_REQCERT allow
----------------------------------------------------------------------------------------------

--------------------------------------base.ldif----------------------------------------------
dn: dc=poevm,dc=kture
objectClass: dcObject
objectclass: organization
dc: poevm
o: poevm
dn: ou=Users,dc=poevm,dc=kture
objectClass: organizationalUnit
ou: Users
dn: ou=Groups,dc=poevm,dc=kture
objectClass: organizationalUnit
ou: Groups
dn: ou=Computers,dc=poevm,dc=kture
objectClass: organizationalUnit
ou: Computers
-------------------------------------------------------------
$ pdbedit -L
failed to add domain dn= sambaDomainName=POEVM,ou=samba,dc=poevm,dc=kture with: Insufficient access
no write access to entry
Adding domain info for POEVM failed with NT_STATUS_UNSUCCESSFUL
failed to add domain dn= sambaDomainName=POEVM,ou=samba,dc=poevm,dc=kture with: Insufficient access
no write access to entry
Adding domain info for POEVM failed with NT_STATUS_UNSUCCESSFUL
Administrator:4294967295:Administrator

$ smbpasswd -w lalala
Setting stored password for "ou=samba,dc=poevm,dc=kture" in secrets.tdb

$ smbpasswd
failed to add domain dn= sambaDomainName=POEVM,ou=samba,dc=poevm,dc=kture with: Insufficient access
no write access to entry
Adding domain info for POEVM failed with NT_STATUS_UNSUCCESSFUL
New SMB password:
Retype new SMB password:
Failed to find entry for user root.
Failed to modify password entry for user root

-------------------------smbpasswd-----------------------------------
root:0:671EF74D684816252105B18654FE47C2:94AB183A6C9DCC7AE0FJF48354A4138A:[U ]:LCT-420B846E:
user:1003:22124EV690B43BFBAGD3B435B51414EE:57D583AA46D571502AAD4BB7AEA09C70:[U ]:LCT-420B8682:
ws-287-3$:1004:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E96C3CC3F953E20CFEC78979B1880642:[W ]:LCT-420B872E:
--------------------------------------------------------------------------

Ну вот примерно и все... как вы понимаете ничего не работает

)))
Я догадываюсь что половина того бреда что я написал никому не нужна...
Если кто нибудь может понять что да как... пишите плиз в чем баг

Если можно подредактируйте мои конфиги... или может у кого есть готовые

рабочие...
Зараннее спасиб за помощь... (хотя бы за то что прочитали этот пост до конца

)

З.Ы. Если у меня заработает ПДЦ ...

) отблагодарю чем смогу

)