[Sarlug] FDS, PDC и все все все :)

zOrg zorg1331 на gmail.com
Ср Янв 23 11:28:01 MSK 2008 

Здравствуйте!

Вот хотел спросить у сообщества: кто-то заводил связку Fedora
Directory Server и Samba в качестве PDC?

Я уж некоторое время мучаюсь, но что то не клеится. :(
Вопросов много возникает, но для начала спрошу только один насущный. В
очередной раз, настраивая с нуля все это хозяйство (новым способом),
делаю smbpasswd winroot для задания созданному уже пользователю
winroot пароля и другой атрибутики.
smbpasswd ругается (как я напишу ниже), но создает запись самого
домена dn: sambaDomianName=TANTAL,dc=tantal,dc=org.

Вот вывод smbpasswd, может кто подскажет, где собака порылась..

-bash-3.1# smbpasswd -D 10 winroot
Netbios name list:-
my_netbios_names[0]="SMB"
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to find an passdb backend to match
ldapsam:ldap://fds.tantal.org/ (ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=TANTAL))]
smbldap_search_ext: base => [dc=tantal,dc=org], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=TANTAL))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://fds.tantal.org/
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://fds.tantal.org/ as
"cn=directory manager"
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does not support paged results
The LDAP server is succesfully connected
pdb backend ldapsam:ldap://fds.tantal.org/ has a valid init
New SMB password:
Retype new SMB password:
smbldap_search_ext: base => [dc=tantal,dc=org], filter =>
[(&(uid=winroot)(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: winroot
pdb_set_username: setting username winroot, was
pdb_set_domain: setting domain TANTAL, was
pdb_set_nt_username: setting nt username winroot, was
pdb_set_user_sid_from_string: setting user sid
S-1-5-21-3954618794-1045869161-2900433472-500
pdb_set_user_sid: setting user sid S-1-5-21-3954618794-1045869161-2900433472-500
smbldap_get_single_attribute: [displayName] = [<does not exist>]
pdb_set_full_name: setting full name winroot, was
pdb_set_dir_drive: setting dir drive Z:, was NULL
pdb_set_homedir: setting home dir \\SMB\homes, was
smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>]
pdb_set_logon_script: setting logon script , was
pdb_set_profile_path: setting profile path \\SMB\Profiles\winroot, was
smbldap_get_single_attribute: [description] = [<does not exist>]
smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>]
smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>]
Opening cache file at /var/lib/samba/gencache.tdb
Cache entry with key = ACCT_POL/password history couldn't be found
ldapsam_get_account_policy_from_ldap
smbldap_search_ext: base => [sambaDomainName=TANTAL,dc=tantal,dc=org],
filter => [(objectclass=*)], scope => [0]
cache_account_policy_set: updating account pol cache
Adding cache entry with key = ACCT_POL/password history; value = 0
 and timeout = Tue Jan  8 14:32:40 2008
 (60 seconds ahead)
smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>]
smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>]
smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>]
Opening cache file at /var/lib/samba/login_cache.tdb
Looking up login cache for user winroot
No cache entry found
No cache entry, bad count = 0, bad time = 0
Returning expired cache entry: key = ACCT_POL/maximum password age,
value = 4294967295
, timeout = Tue Jan  8 14:22:22 2008
ldapsam_get_account_policy_from_ldap
smbldap_search_ext: base => [sambaDomainName=TANTAL,dc=tantal,dc=org],
filter => [(objectclass=*)], scope => [0]
cache_account_policy_set: updating account pol cache
Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295
 and timeout = Tue Jan  8 14:32:40 2008
 (60 seconds ahead)
Finding user winroot
Trying _Get_Pwnam(), username as lowercase is winroot
Get_Pwnam_internals did find user [winroot]!
smbldap_search_ext: base => [ou=Groups,dc=tantal,dc=org], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=1000))], scope => [2]
ldapsam_getgroup: Did not find group
Returning valid cache entry: key = ACCT_POL/password history, value = 0
, timeout = Tue Jan  8 14:32:40 2008
pdb_set_username: setting username winroot, was
pdb_set_domain: setting domain TANTAL, was
pdb_set_nt_username: setting nt username winroot, was
pdb_set_full_name: setting full name winroot, was
pdb_set_homedir: setting home dir \\SMB\homes, was
pdb_set_dir_drive: setting dir drive Z:, was NULL
pdb_set_logon_script: setting logon script , was
pdb_set_profile_path: setting profile path \\SMB\Profiles\winroot, was
pdb_set_workstations: setting workstations , was
Returning valid cache entry: key = ACCT_POL/password history, value = 0
, timeout = Tue Jan  8 14:32:40 2008
pdb_set_user_sid: setting user sid S-1-5-21-3954618794-1045869161-2900433472-500
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-3954618794-1045869161-2900433472-500
from rid 500
Returning valid cache entry: key = ACCT_POL/password history, value = 0
, timeout = Tue Jan  8 14:32:40 2008
ldapsam_update_sam_account: user winroot to be modified has dn:
uid=winroot,ou=People,dc=tantal,dc=org
init_ldap_from_sam: Setting entry for user: winroot
Returning valid cache entry: key = ACCT_POL/maximum password age,
value = 4294967295
, timeout = Tue Jan  8 14:32:40 2008
smbldap_make_mod: attribute |sambaLMPassword| not changed.
smbldap_make_mod: attribute |sambaNTPassword| not changed.
Returning valid cache entry: key = ACCT_POL/password history, value = 0
, timeout = Tue Jan  8 14:32:40 2008
smbldap_make_mod: attribute |sambaPasswordHistory| not changed.
smbldap_make_mod: deleting attribute |sambaPwdLastSet| values |1199791282|
smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1199791900|
smbldap_make_mod: attribute |sambaAcctFlags| not changed.
smbldap_modify: dn => [uid=winroot,ou=People,dc=tantal,dc=org]
Extended operation failed with error: 13 (Confidentiality required)
(Operation requires a secure connection.
)
ldapsam_modify_entry: LDAP Password could not be changed for user
winroot: Confidentiality required
        Operation requires a secure connection.

Failed to modify entry for user winroot.
Failed to modify password entry for user winroot
-bash-3.1#

-- 
                                                                  zOrg

Подробная информация о списке рассылки Sarlug