Lista
Estou seguindo alguns textos que encontrei na internet sobre a
integração do openldap com o samba.
Eu estou tendo problemas com o comando "smbldap-populate".
quando executo o comando esta aparecendo as seguintes mensagens de erro.
Populating LDAP directory for domain particula
(S-1-5-21-1993900916-2692806690-969127028)
(using builtin directory structure)
entry dc=particula,dc=local already exist.
entry ou=People,dc=particula,dc=local already exist.
entry ou=Groups,dc=particula,dc=local already exist.
entry ou=People,dc=particula,dc=local already exist.
entry ou=Idmap,dc=particula,dc=local already exist.
entry uid=root,ou=People,dc=particula,dc=local already exist.
entry uid=nobody,ou=People,dc=particula,dc=local already exist.
adding new entry: cn=Domain Admins,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 101.
adding new entry: cn=Domain Users,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 112.
adding new entry: cn=Domain Guests,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 123.
adding new entry: cn=Domain Computers,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 134.
adding new entry: cn=Administrators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 179.
adding new entry: cn=Account Operators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 201.
adding new entry: cn=Print Operators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 212.
adding new entry: cn=Backup Operators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 223.
adding new entry: cn=Replicators,ou=Groups,dc=particula,dc=local
failed to add entry: objectClass: value #2 invalid per syntax at
/usr/sbin/smbldap-populate line 498, <GEN1> line 234.
adding new entry: sambaDomainName=particula,dc=particula,dc=local
failed to add entry: invalid DN at /usr/sbin/smbldap-populate line 498,
<GEN1> line 242.
Please provide a password for the domain root:
Changing UNIX password for root
New password:
Retype new password:
Failed to modify UNIX password: attribute 'shadowLastChange' not allowed
at /usr/sbin/smbldap-passwd line 285, <STDIN> line 2.
Por acaso alguém na lista já teve um problema como esse?
O que eu fiz até agora foi:
3 - Dados Tecnicos
Distribuicao - gnu/linux debian stable
Dominio - particula.local
IP do servidor ldap e samba - 192.168.0.7
dc=particula,dc=local
4.1-Instalacao
$ aptitude install slapd ldap-utils migrationtools
$ aptitude install phpldapadmin libnet-ldap-perl
$ aptitude install samba samba-doc winbind libnss-ldap libmhash2 sysutils libcrypt-smbhash-perl smbldap-tools
4.2-Configuracao do LDAP
$ vi /etc/ldap/ldap.conf
host 192.168.0.7
base dc=particula,dc=local
rootbinddn cn=admin,dc=particula,dc=local
$ slappasswd -h {SSHA} -s <SENHA>
{SSHA}JSqnZ+f4RN9UBdtjNBJti9NXdN5zkrst
$ vi /etc/ldap/slapd.conf
# Read slapd.conf(5) for possible values
loglevel 256
# The base of your directory in database #1
suffix "dc=particula,dc=local"
rootdn "cn=admin,dc=particula,dc=local"
rootpw {SSHA}JSqnZ+f4RN9UBdtjNBJti9NXdN5zkrst
$ vi /etc/syslog.conf
local4.* /var/log/ldap.log
$ cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/
$ gunzip /etc/ldap/schema/samba.schema.gz
$ vi /etc/ldap/slapd.conf
include /etc/ldap/schema/samba.schema
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
$ /etc/init.d/sysklogd restart
$ /etc/init.d/slapd restart
4.3-Migracao dos usuarios, grupos e hosts do linux para o LDAP
$ vi /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "particula.local";
$DEFAULT_BASE = "dc=particula,dc=local";
$ cd /usr/share/migrationtools/
# Migrar a base do ldap
$ ./migrate_base.pl | ldapadd -xD cn=admin,dc=particula,dc=local -c -h 192.168.0.7 -w SENHA
# Migrar os grupos para a base de dados do ldap
$ ./migrate_group.pl /etc/group | ldapadd -xD cn=admin,dc=particula,dc=local -c -h 192.168.0.7 -w SENHA
# Migrar os usuario para a base de dados do ldap
$ ./migrate_passwd.pl /etc/passwd | ldapadd -xD cn=admin,dc=particula,dc=local -c -h 192.168.0.7 -w SENHA
# Migrar os hosts para a base de dados do ldap
# Exemplo do arquivo /etc/hosts
# 192.168.0.7 server.particula.local server
$ ./migrate_hosts.pl /etc/hosts | ldapadd -xD cn=admin,dc=particula,dc=local -c -h 192.168.0.7 -w SENHA
4.4-Configuracao do PhpLdapAdmin
$ vi /usr/share/phpldapadmin/config/config.php
$servers[$i]['name'] = 'Particula LDAP Server';
$servers[$i]['host'] = '192.168.0.7';
4.5-Configuracao do SMB-LDAP Tools
$ cd /tmp
$ wget http://www.nomis52.net/data/mkntpwd.tar.gz
$ cd /usr/local/src
$ tar -xzvf /tmp/mkntpwd.tar.gz
$ cd /usr/local/src/mkntpwd
$ make
$ cp mkntpwd /usr/local/sbin/
$ net getlocalsid
SID for domain AKIRA is: S-1-5-21-422933630-3355374061-2294550427
$ cd /etc/smbldap-tools/
$ cp /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz .
$ gunzip smbldap.conf.gz
$ vi smbldap.conf
ID="S-1-5-21-1304105363-4135810921-3996400691"
slaveLDAP="192.168.0.7"
masterLDAP="192.168.0.7"
ldapTLS="0"
suffix="dc=particula,dc=local"
usersdn="ou=People,${suffix}"
computersdn="ou=People,${suffix}"
groupsdn="ou=Group,${suffix}"
userSmbHome="\\srv3\home\%U"
userProfile="\\srv3\profiles\%U"
userScript="%U.bat"
mailDomain="particula"
$ cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf .
$ vi smbldap_bind.conf
slaveDN="cn=admin,dc=particula,dc=local"
slavePw="SENHA"
masterDN="cn=admin,dc=particula,dc=local"
masterPw="SENHA"
$ ./smbldap-populate
--
.''`. Caio Abreu Ferreira
: :' : abreuferr@gmail.com
`. `'` Debian User
`- Key fingerprint = 97F8 61AC 605F 8A8B 3BA1 D479 8C9A 52E8 6478 601F
Attachment:
signature.asc
Description: Digital signature