Проблема с Samba-сервером в Samba-домене
У меня сложилась такая ситуация:Есть домен Samba+Ldap (TESTY), нужно ввести в него сервер-файлопомойку на samba(SHARE). Оба сервера Debain Lenny Samba3.2.5 , оба являются виртуальными окружениями Xen, если это важно.
Виндовые машины (WinXP) входят в домен без проблем, как в родной, но я не могу завести не одну nix-машину.
Выглядит следующим образом
Код:
share:~# net rpc join -S PDC -D TESTY -U admin
Enter admin's password:
Joined domain TESTY.
share:~#
то есть говорит что все ок.
Но в логах на PDC
Код:
[2009/11/27 16:37:33, 0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
get_md4pw: Workstation SHARE$: no account in domain
[2009/11/27 16:37:33, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
_netr_ServerAuthenticate2: failed to get machine password for account SHARE$: NT_STATUS_ACCESS_DENIED
[2009/11/27 16:37:33, 0] rpc_server/srv_netlog_nt.c:get_md4pw(306)
get_md4pw: Workstation SHARE$: no account in domain
[2009/11/27 16:37:33, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
_netr_ServerAuthenticate2: failed to get machine password for account SHARE$: NT_STATUS_ACCESS_DENIED
Естественно, пользователей домена не видит и не авторизует.
smb.conf на PDC
Код:
[global]
dos charset = cp866
unix charset = UTF8
display charset = UTF8
workgroup = TESTY
realm = TESTY.LOCAL
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://pdc.testy.local:389
passwd program = /usr/sbin/smbldap-passwd "%u"
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 1000
smb ports = 139
acl compatibility = win2k
name resolve order = bcast hosts
time server = Yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = logon.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\home\%u
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=testy,dc=local
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Users
ldap suffix = dc=testy,dc=local
ldap ssl = no
ldap user suffix = ou=Users
idmap backend = ldap:ldap://pdc.testy.local
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = admin
hosts allow = 10.125.3., 127.
map acl inherit = Yes
[home]
comment = Home Directories
path = /var/lib/samba/usershares/
read only = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = No
guest ok = Yes
browseable = No
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
guest ok = Yes
profile acls = Yes
browseable = No
slapd.conf на PDC
Код:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
moduleload back_hdb
sizelimit 500
tool-threads 1
backend hdb
database hdb
suffix "dc=testy,dc=local"
rootdn "cn=admin,dc=testy,dc=local"
rootpw {SSHA}bXENLjYunB+IOrpGDjJ2Bo1+Uv1WkTvG
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
index cn eq,subinitial
index sn eq,subinitial
index uid eq,subinitial
index displayName eq,subinitial
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
lastmod on
checkpoint 512 30
access to dn.base=""
by self write
by * auth
access to attrs=userPassword
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to attrs=sambaLMPassword,sambaNTPassword
by dn="dc=admin,dc=testy,dc=local" write
by * auth
access to *
by * read
by anonymous auth
smb.conf на Share
Код:
[global]
workgroup = TESTY
netbios name = SHARE
server string = FileServer
interfaces = eth0, lo
security = DOMAIN
auth methods = winbind, ntdomain
password server = 10.125.3.230
pam password change = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
load printers = No
dns proxy = No
wins server = 10.125.3.230
panic action = /usr/share/samba/panic-action %d
username = @"Domain users"
[users]
comment = Личные Папки
path = /mnt/users
read only = No
profile acls = Yes
Помогите пожалуйста, уже неделю немогу решить эту проблему, даже не ясно куда копать. |
