Re: ldap e samba
caio ferreira wrote:
...
Eu testei o smbpasswd e cadastrei o usuario caio. Consegui logar
normalmente no win98. O problema eh que o que eu estou querendo eh que o
samba va consultar os dados do usuario no ldap e nao smbpasswd. Para
isso eu coloquei o seguinte parametro no arquivo smb.conf
passdb backend = ldapsam:ldap://192.168.1.3
Quer dizer, o samba ira consultar a base de dados do ldap e nao o
smbpasswd.
Saudações,
Sim, se só houver uma opção "passdb" e for essa mencionada, o samba só irá
fazer procuras no OpenLDAP.
Um detalhe: leia atentamente o manual do samba sobre a parte com OpenLDAP,
depois você poderá com um "Navegador de LDAP" (eu gosto do phpLdapAdmin)
verificar se o seu usuário tem o atributo "SambaSAMAccount" e uns outros
(no manual fala), e um destes atributos deve ter uma flag "U" (User) marcada.
Segue abaixo um exemplo do meu /etc/slapd.conf, apenas ignore os opções
TLS*, pois no meu servidor agora utilizo criptografia.
Espero que ajude, boa sorte.
=== inicio do /etc/slapd.conf ===
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Esquema para habilitar o SAMBA no LDAP...
include /etc/ldap/schema/samba.schema
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCertificateFile /etc/ldap/slapd.pem
#TLSCertificateKeyFile /etc/ldap/slapd.pem
#TLSVerifyClient demand
TLSCACertificateFile /etc/ssl/ca.pem
TLSCertificateFile /etc/ssl/slapd.pem
TLSCertificateKeyFile /etc/ldap/slapd.key
#TLSVerifyClient try
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
loglevel 256
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #1
suffix "dc=docaespacial,dc=org"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# Definição dos indices para o banco de dados nro.1
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
# Save the time that the entry gets modified, for database #1
lastmod on
rootdn "dc=docaespacial,dc=org"
rootpw {MD5}blablabla==
password-hash {crypt}
password-crypt-salt-format "$1$.8s"
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
# Um erro aqui, e a vaca vai pro brejo cantando pagode...
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=docaespacial,dc=org" write
by anonymous auth
by self write
by * none
access to dn=".*,dc=docaespacial,dc=org" attr=mail
by dn="cn=admin,dc=docaespacial,dc=org" write
by self write
by * read
access to *
by dn="cn=admin,dc=docaespacial,dc=org" write
by dn="cn=nss,dc=docaespacial,dc=org" read
by * read
access to dn=".*,dc=docaespacial,dc=org"
by self write
by * read
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,ou=Roaming,o=morsnet"
by dn="cn=admin,dc=docaespacial,dc=org" write
by dnattr=owner write
#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
#suffix "dc=dominium,dc=org"
=== fim do /etc/slapd.conf
--
[]s
Pedro
Desenvolvedor, Mestre Jedi, Slackwarrior
Usuário Linux Registro no. 274710
Usuário Debian-BR GNU/Linux no. 606
'E que os fontes estejam com você !'
Reply to: