[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problemas de Integracion Samba+LDAP



2006/12/28, Alien Torres <alien@ipicfg.rimed.cu>:
X-IPI Cienfuegos-MailScanner: Found to be clean
X-IPI Cienfuegos-MailScanner-From: alien@ipicfg.rimed.cu

Estoy usando Debian Etch Kernel 2.6.18

Samba Version 3.0.23d (apt-get install)
$OpenLDAP: slapd 2.3.29 (Nov 11 2006 10:35:52) $
root@monster:/tmp/buildd/openldap2.3-2.3.29/debian/build/servers/slapd
(apt-get install too)

Tanto Samba como LDAP estan en la misma PC

Instale y configure libpam-ldap, libnss-ldap via:
dpkg-reconfigure --priority=low nombre_pakete

La Version y la informacion de estos paquetes es la siguiente:
#######################################################################
Paquete: libpam-ldap
Nuevo: sí
Estado: instalado
Instalado automáticamente: no
Versión: 180-1.4
Prioridad: extra
Sección: admin
Desarrollador: Stephen Frost < sfrost@debian.org>
Tamaño sin comprimir: 324k
Depende de: libc6 (>= 2.3.6-6), libldap2 (>= 2.1.17-1), libpam0g (>=
0.76), debconf (>= 0.5) | debconf-2.0
Sugiere: libnss-ldap
Descripción: Pluggable Authentication Module allowing LDAP interfaces
This module let's you use you LDAP server to authenticate users with
programs that utilize PAM. If used along with libnss-ldap, you can
replace your entire flat file (/etc/*) structure or NIS with LDAP.
########################################################################

AND:

########################################################################
Paquete: libnss-ldap
Nuevo: sí
Estado: instalado
Instalado automáticamente: no
Versión: 251-7
Prioridad: extra
Sección: net
Desarrollador: Stephen Frost <sfrost@debian.org>
Tamaño sin comprimir: 279k
Depende de: libc6 (>= 2.3.6-6), libkrb53 (>= 1.4.2), libldap2 (>=
2.1.17-1), debconf | debconf-2.0
Recomienda: nscd, libpam-ldap
Descripción: NSS module for using LDAP as a naming service
This package provides a Name Service Switch that allows your LDAP
server act as a name service. This means providing user account
information, group id's, host information, aliases, netgroups, and
basically anything else that you would normally get from /etc flat files
or NIS.

If used with glibc 2.1's nscd (Name Service Cache Daemon) it will help
reduce your network traffic and speed up lookups for entries.
##########################################################################


En el fichero de configuracion /etc/nsswitch.conf tengo lo siguiente:

#########################################################################
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
##########################################################################

/etc/pam.d/common-account en este otro tengo esto:
############################################
account         required        pam_unix.so
account         sufficient      pam_ldap.so
############################################

/etc/pam.d/common-auth:
###################################################
auth     sufficient     pam_unix.so
auth     sufficient     pam_ldap.so try_first_pass
auth     required       pam_env.so
auth     required       pam_securetty.so
auth     required       pam_unix_auth.so
auth     required       pam_warn.so
auth     required       pam_deny.so
####################################################

/etc/pam.d/common-session:
####################################################################
session required        pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required        pam_limits.so
session required        pam_unix.so
session optional        pam_ldap.so
####################################################################

/etc/pam.d/common-password:
#################################################################
password required       pam_cracklib.so retry=3 minlen=8 difok=4
password sufficient     pam_unix.so use_authtok md5 shadow
password sufficient     pam_ldap.so use_authtok
password required       pam_warn.so
password required       pam_deny.so
#################################################################


cuando hago una prueba a ver si funciona bien la configuracion de
PAM:(asumiendo que "user" existe en el Servidor LDAP con el ObjectClass
posixAccount)
$/usr/bin/pamtest passwd "user"
Trying to authenticate <user> for service <passwd>.
Password:[password]
Authentication successful.

$/usr/bin/pamtest ssh "user"
Trying to authenticate <user> for service <ssh>.
Password:[password]
Authentication successful.

Pero si intento desde otra PC conectarme a esta via SSH, no me puedo
conectar.
Si en otra consola de esa misma aquina intento entrar con un usuario que
esta en LDAP me dice que ese usuario: user don't understand under-line
authentication o algo parecido...

Entonces intento:
getent password or getent group y solo se me muestran los usuarios
Locales o los Grupos locales, no se me muestra nada del LDAP al parecer
la configuracion que he hecho de los modulos PAM no funciona correctamente.

Por otra parte si hago:(asumiendo que "user" existe en el Servidor LDAP
con el ObjectClass posixAccount)
smbpasswd -a "user"
New SMB password:
Retype new SMB password:
Can't find the Unix entry for user user

entonces lo creo localmente:
useradd -m "user" -s /bin/false

y intento nuevamente:
smbpasswd -a "user"
New SMB password:
Retype new SMB password:
Added user "user"

El nuevo usuario es creado en LDAP mediante smbpasswd con la siguientes
caracteristicas:
ObjectClass(ldif out):
###########################################################
dn: uid="user",ou=people,dc=ipicfg
uid: "user"
sambaSID: S-1-5-21-573714341-576857396-1135712947-3014
sambaPwdCanChange: 1167232762
sambaPwdMustChange: 2147483647
sambaLMPassword: AB6A8270E7EDCA48AAD3B435B51404EE
sambaNTPassword: 4702176798019EEB6557E5C1579798B2
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1167232762
sambaAcctFlags: [U          ]
objectClass: sambaSamAccount
objectClass: account
structuralObjectClass: account
entryUUID: 60009290-2a09-102b-9f67-21b829726389
creatorsName: cn=admin,dc=ipicfg
createTimestamp: 20061227151922Z
entryCSN: 20061227151922Z#000000#00#000000
modifiersName: cn=admin,dc=ipicfg
modifyTimestamp: 20061227151922Z
#############################################################

El problema real es que:

que si creo un usuario desde un LDIF, con cualquier tipo de ObjectClass:
he probado de muchas formas, simplemente SAMBA no ve a ese usuario de
LDAP y cuando intento iniciar Seccion desde una WindowsBOX me dice que
verifique nombre de usuario y contraseña.
He probado añadir el usuario con ObjectClass de Gosa, PosixAccount and
SambaSamAccount por suspuesto de muchas formas, muchos intentos.

Solo los usuarios agregados con smbpasswd pueden iniciar seccion en el
dominio, el problema con esto es que no quiero tener los usuario
locales, sino solo en LDAP, y por otra parte quiero que los usuario en
LDAP tengan otras caracteristicas ademas de las que le crea samba cuando
los añade via smbpasswd, por ejemplo quiero que tengan posixAccount and
GosaAccount entre otros..

Si intento añadir usuarios al LDAP con cualquier WebFront-End ya sea
GOSA o LAM o PHPLDAPAdmin obtengo los mismos resultados, solo los
usuarios agregados mediante smbpasswd pueden iniciar seccion en el dominio.
Algo curioso es que cuando el usuario es creado en LDAP mediante
smbpasswd este no tiene ningun campo de contraseña... solo la
informacion que les mostre antes.

Si intento hacer:
net groupmap list

Para ver el Mapeo de los grupos sencillamente no me devuelve nada, asi
que cree 3 grupos en LDAP mediante el siguiente LDIF:
#################################################
dn: cn=domain_admins,ou=groups,dc=ipicfg
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: gosaObject
gosaSubtreeACL: :all
gidNumber: 512
cn: domain_admins
memberUid: alien2
description: Netbios Domain Administrators
sambaSID: S-1-5-21-573714341-576857396-1135712947
sambaGroupType: 2
displayName: Domain Admins

dn: cn=domain_users,ou=groups,dc=ipicfg
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: gosaObject
gosaSubtreeACL: :all
gidNumber: 513
cn: domain_users
description: Netbios Domain Users
sambaSID: S-1-5-21-573714341-576857396-1135712947
sambaGroupType: 2
displayName: Domain Users

dn: cn=domain_guests,ou=groups,dc=ipicfg
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: gosaObject
gosaSubtreeACL: :all
gidNumber: 514
cn: domain_guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-573714341-576857396-1135712947
sambaGroupType: 2
displayName: Domain Guests
##################################################

Ahora cuando hago
net groupmap list

Me devuelve esto:
Domain Admins (S-1-5-21-573714341-576857396-1135712947) -> 512
Domain Users (S-1-5-21-573714341-576857396-1135712947) -> 513
Domain Guests (S-1-5-21-573714341-576857396-1135712947) -> 514


Entonces ahora cuando un usuario en agregado a ldap mediante smbpasswd
le cambio el sambaSID y le coloco al final 512 o 513 o 514 por ejemplo:
sambaSID: S-1-5-21-573714341-576857396-1135712947-514

Entonces cuando inicio seccion en el dominio con ese usuario coje los
permisos de Domain Guest y eso esta de cierta forma bastante bien...


Les envio mis ficheros de configuracion de Samba y demas, espero alguien
me pueda ayudar, ya que no entiendo que sucede....

SAMBA CONFIG:
#######################################################################
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = IPICFG
        realm = STALLMAN.IPICFG.RIMED.CU
        netbios aliases = stallman
        server string = Servidor del Dominio IPICFG!
        interfaces = bond0
        bind interfaces _only_ = Yes
        passdb backend = ldapsam:ldap://localhost
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        username map = /etc/samba/smbusers
        unix password sync = Yes
        log level = 3 passdb:5 auth:10 winbind:2
        syslog = 0
        log file = /var/log/samba/%m.log
        max log size = 50
        announce version = 5.0
        time server = Yes
        max disk size = 2048
        max open files = 10
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add user script = /usr/sbin/useradd -m '%u'
        delete user script = /usr/sbin/userdel -r '%u'
        add group script = /usr/sbin/groupadd '%g'
        delete group script = /usr/sbin/groupdel '%g'
        add user to group script = /usr/sbin/usermod -G '%g' '%u'
        add machine script = /usr/sbin/useradd -d /dev/null -s
/bin/false -d /var/lib/nobody %u
        logon script = scripts\login.bat
        logon path = \\%L\%U\profile
        logon drive = z:
        domain logons = Yes
        os level = 95
        preferred master = Yes
        domain master = Yes
        ldap admin dn = cn=admin,dc=ipicfg
        ldap group suffix = ou=groups
        ldap machine suffix = ou=machines
        ldap suffix = dc=ipicfg
        ldap ssl = no
        ldap user suffix = ou=people
        map acl inherit = Yes
        case sensitive = Yes

[homes]
        comment = Home Directories
        path = /home/%U
        valid users = %S
        read _only_ = No
        directory mask = 0775
        browseable = No


[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        guest ok = Yes
        browseable = No
        locking = No
        share modes = No

[profiles]
        comment = User profiles share
        path = /home/%U/profile
        read _only_ = No
        create mask = 0775
        directory mask = 0775
        browseable = No
#######################################################



Samba LOG:
#################################################################
[2006/12/27 10:51:22, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/12/27 10:51:22, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2006/12/27 10:51:22, 3] smbd/server.c:exit_server_common(675)
  Server exit (normal exit)
[2006/12/27 10:51:22, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/12/27 10:51:22, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2006/12/27 10:51:22, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does
not exist.
[2006/12/27 10:51:22, 3] smbd/server.c:exit_server_common(675)
  Server exit (normal exit)
[2006/12/27 10:51:24, 2] lib/interface.c:add_interface(81)
  added interface ip=10.10.0.1 bcast=10.10.255.255 nmask=255.255.0.0
[2006/12/27 10:51:24, 0] smbd/files.c:file_init(198)
  PANIC: assert failed at smbd/files.c(198)
[2006/12/27 10:51:24, 3] smbd/server.c:main(877)
  loaded services
[2006/12/27 10:51:24, 3] smbd/server.c:main(892)
  Becoming a daemon.
[2006/12/27 10:51:24, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
  Registered MSG_REQ_POOL_USAGE
[2006/12/27 10:51:24, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend ldapsam
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'ldapsam'
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend ldapsam_compat
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'ldapsam_compat'
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend NDS_ldapsam
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'NDS_ldapsam'
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend NDS_ldapsam_compat
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'NDS_ldapsam_compat'
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend smbpasswd
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'smbpasswd'
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(105)
  Attempting to register passdb backend tdbsam
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:smb_register_passdb(118)
  Successfully added passdb backend 'tdbsam'
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:make_pdb_method_name(158)
  Attempting to find an passdb backend to match ldapsam:ldap://localhost
(ldapsam)
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:make_pdb_method_name(179)
  Found pdb backend ldapsam
[2006/12/27 10:51:24, 2] lib/smbldap_util.c:smbldap_search_domain_info(219)
  smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=IPICFG))]
[2006/12/27 10:51:24, 2] lib/smbldap.c:smbldap_open_connection(788)
  smbldap_open_connection: connection opened
[2006/12/27 10:51:24, 3] lib/smbldap.c:smbldap_connect_system(992)
  ldap_connect_system: succesful connection to the LDAP server
[2006/12/27 10:51:24, 5] passdb/pdb_interface.c:make_pdb_method_name(190)
  pdb backend ldapsam:ldap://localhost has a valid init
[2006/12/27 10:51:24, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/12/27 10:51:24, 3] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/12/27 10:51:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/12/27 10:51:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: root
[2006/12/27 10:51:24, 5] passdb/login_cache.c:login_cache_init(41)
  Opening cache file at /var/cache/samba/login_cache.tdb
[2006/12/27 10:51:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/12/27 10:51:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2006/12/27 10:51:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2006/12/27 10:51:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2006/12/27 10:51:24, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-573714341-576857396-1135712947-1000]
[2006/12/27 10:51:24, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2006/12/27 10:51:24, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(250)
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-573714341-576857396-1135712947-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(250)
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-573714341-576857396-1135712947-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(250)
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-573714341-576857396-1135712947-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(250)
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-573714341-576857396-1135712947-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(250)
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-573714341-576857396-1135712947-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(250)
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-573714341-576857396-1135712947-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(250)
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-573714341-576857396-1135712947-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(250)
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-573714341-576857396-1135712947-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(250)
[2006/12/27 10:51:24, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-573714341-576857396-1135712947-1000
  se_access_check: also S-1-5-32-544
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/12/27 10:51:24, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/12/27 10:51:24, 3] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/12/27 10:51:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/12/27 10:51:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/12/27 10:51:24, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/12/27 10:51:24, 3] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/12/27 10:51:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/12/27 10:51:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/12/27 10:51:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2006/12/27 10:51:24, 5] auth/auth_util.c:make_server_info_sam(625)
  make_server_info_sam: made server info for user nobody -> nobody
[2006/12/27 10:51:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2006/12/27 10:51:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2006/12/27 10:51:24, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-573714341-576857396-1135712947-501]
[2006/12/27 10:51:24, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-22-2-65534]
[2006/12/27 10:51:24, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2006/12/27 10:51:24, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2006/12/27 10:51:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2006/12/27 10:51:24, 10] auth/auth_util.c:create_local_token(1023)
  Could not convert SID S-1-1-0 to gid, ignoring it
[2006/12/27 10:51:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2006/12/27 10:51:24, 10] auth/auth_util.c:create_local_token(1023)
  Could not convert SID S-1-5-2 to gid, ignoring it
[2006/12/27 10:51:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2006/12/27 10:51:24, 10] auth/auth_util.c:create_local_token(1023)
  Could not convert SID S-1-5-32-546 to gid, ignoring it
[2006/12/27 10:51:24, 10] auth/auth_util.c:debug_nt_user_token(454)
  NT user token of user S-1-5-21-573714341-576857396-1135712947-501
  contains 5 SIDs
  SID[  0]: S-1-5-21-573714341-576857396-1135712947-501
  SID[  1]: S-1-22-2-65534
  SID[  2]: S-1-1-0
  SID[  3]: S-1-5-2
  SID[  4]: S-1-5-32-546
  SE_PRIV  0x0 0x0 0x0 0x0
[2006/12/27 10:51:24, 3] printing/printing.c:start_background_queue(1386)
  start_background_queue: Starting background LPQ thread
[2006/12/27 10:51:24, 2] smbd/server.c:open_sockets_smbd(384)
  waiting for a connection
#############################################################################

Salu2 Alien!

--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
Nodo de Comunicaciones del IPI Cienfuegos


--
To UNSUBSCRIBE, email to debian-user-spanish-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Bueno que te puedo decir bastante largo tu mail :P pero es una broma esta todo bien explicado, ahora te digo que a mi me funciono todo pero tuve que documentarme aproximadamente un par de semanas para que todo funcionara bien, y ahora levanto los servicios en 1 o 2 horas dependiendo de la velocidad de la red, ahora bien te aconsejo que primero pruebes instalando solamente ldap y viendo si te conectan bien los usuarios desde otro cliente con linux para eso solamente tienes que instalar

slapd, ldap-utils y phpldapadmin con eso creas los grupos y usuarios y no es necesario que crees las ldif

despues viene la instalacion de samba y la configuracion que por lo que veo la tienes buena, eso si yo tuve que instalar samba de debian stable ya que con la version que trae etch se me caia y no me dejaba hacer nada, todo lo demas lo tengo con etch

saludos
Reply to: