1
Problem: Samba-PDC mit LDAP - Client PDC anmeldung
Hi,
mein Problem:
ich hab nen Samba-PDC mit nem ldap-backend welches auch wunderbar funktioniert, aber nur als Fileserver...
Sobald ich versuch mich am PDC einzuloggen kommt eine Fehlermeldung...Client konnte ich aber in die Domain einbinden.
Daten:
Client:
--> Client läuft unter VMware auf Ubuntu (Windows XP SP2)
--> Fehlermeldung nr1: vor dem einloggen: "Name bereits im Netzwerk vorhanden"
--> Fehlermeldung nr2: beim einloggen: "Domaine LAN ist nicht verfügbar"
Server:
smb.conf:
[global]
workgroup = LAN
realm = LAN
netbios name = LAN
server string = Samba server on %h (v. %v)
passdb backend = ldapsam:ldap://localhost
log file = /var/log/samba/log.%m
max log size = 50
time server = Yes
add user script = /usr/sbin/smbldap-useradd -a -m %u
delete user script = /usr/sbin/smbldap-userdel -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %m
domain logons = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=localdomain
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = o=LAN,dc=localdomain
ldap user suffix = ou=users
preload = homes
[homes]
comment = Home Directory for '%u'
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
browseable = No
Logfiles:
log.lan(domain):
[2007/03/15 20:40:37, 0] smbd/service.c:make_connection(1111)
lan (192.168.0.4) couldn't find service
[2007/03/15 20:40:42, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 20:40:42, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 20:40:42, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 20:40:42, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 20:40:42, 0] smbd/service.c:make_connection(1111)
lan (192.168.0.4) couldn't find service
[2007/03/15 20:40:52, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 20:40:52, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 20:40:52, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 20:40:52, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 20:40:52, 1] smbd/service.c:make_connection_snum(950)
lan (192.168.0.4) connect to service englischja initially as user englischja (uid=1002, gid=1001) (pid 27564)
[2007/03/15 20:40:54, 1] smbd/service.c:close_cnum(1150)
lan (192.168.0.4) closed connection to service englischja
log.misterx(client):
[2007/03/15 23:07:02, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 23:07:02, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 23:07:02, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
sh: /var/lib/samba/sbin/smbldap-useradd: No such file or directory
[2007/03/15 23:07:02, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/var/lib/samba/sbin/smbldap-useradd -w misterx' gave 127
[2007/03/15 23:19:29, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 192.168.0.9. Error = Connection reset by peer
[2007/03/15 23:42:20, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 192.168.0.9. Error = No route to host
sh: /var/lib/samba/sbin/smbldap-useradd: No such file or directory
[2007/03/16 16:17:54, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/var/lib/samba/sbin/smbldap-useradd -w misterx' gave 127
log.pdc ist leer
System:
Debian 4.0(testing)
Samba Version 3.0.24
Sollte noch was fehlen bitte posten
Danke
Mister-X
mein Problem:
ich hab nen Samba-PDC mit nem ldap-backend welches auch wunderbar funktioniert, aber nur als Fileserver...
Sobald ich versuch mich am PDC einzuloggen kommt eine Fehlermeldung...Client konnte ich aber in die Domain einbinden.
Daten:
Client:
--> Client läuft unter VMware auf Ubuntu (Windows XP SP2)
--> Fehlermeldung nr1: vor dem einloggen: "Name bereits im Netzwerk vorhanden"
--> Fehlermeldung nr2: beim einloggen: "Domaine LAN ist nicht verfügbar"
Server:
smb.conf:
[global]
workgroup = LAN
realm = LAN
netbios name = LAN
server string = Samba server on %h (v. %v)
passdb backend = ldapsam:ldap://localhost
log file = /var/log/samba/log.%m
max log size = 50
time server = Yes
add user script = /usr/sbin/smbldap-useradd -a -m %u
delete user script = /usr/sbin/smbldap-userdel -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %m
domain logons = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=localdomain
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = o=LAN,dc=localdomain
ldap user suffix = ou=users
preload = homes
[homes]
comment = Home Directory for '%u'
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
browseable = No
Logfiles:
log.lan(domain):
[2007/03/15 20:40:37, 0] smbd/service.c:make_connection(1111)
lan (192.168.0.4) couldn't find service
[2007/03/15 20:40:42, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 20:40:42, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 20:40:42, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 20:40:42, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 20:40:42, 0] smbd/service.c:make_connection(1111)
lan (192.168.0.4) couldn't find service
[2007/03/15 20:40:52, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 20:40:52, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 20:40:52, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 20:40:52, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 20:40:52, 1] smbd/service.c:make_connection_snum(950)
lan (192.168.0.4) connect to service englischja initially as user englischja (uid=1002, gid=1001) (pid 27564)
[2007/03/15 20:40:54, 1] smbd/service.c:close_cnum(1150)
lan (192.168.0.4) closed connection to service englischja
log.misterx(client):
[2007/03/15 23:07:02, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
[2007/03/15 23:07:02, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
[2007/03/15 23:07:02, 1] passdb/pdb_ldap.c:ldapsam_getgroup(2238)
ldapsam_getgroup: init_group_from_ldap failed for group filter (&(objectClass=sambaGroupMapping)(gidNumber=1001))
sh: /var/lib/samba/sbin/smbldap-useradd: No such file or directory
[2007/03/15 23:07:02, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/var/lib/samba/sbin/smbldap-useradd -w misterx' gave 127
[2007/03/15 23:19:29, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 192.168.0.9. Error = Connection reset by peer
[2007/03/15 23:42:20, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 192.168.0.9. Error = No route to host
sh: /var/lib/samba/sbin/smbldap-useradd: No such file or directory
[2007/03/16 16:17:54, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/var/lib/samba/sbin/smbldap-useradd -w misterx' gave 127
log.pdc ist leer
System:
Debian 4.0(testing)
Samba Version 3.0.24
Sollte noch was fehlen bitte posten
Danke
Mister-X
Auf Facebook teilen
Auf Twitter teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 54279
Url: https://administrator.de/contentid/54279
Ausgedruckt am: 24.11.2024 um 18:11 Uhr
1 Kommentar
falls das thema noch aktuell ist....
wies aussieht hast du keine groupmaps, oder?
poste mal die ausgabe von "net groupmap list" hier rein
SID 513 sind eigentlich die domain users... falls du dort überall "-> -1" stehen hast und keine unixgruppennamen, dann mach mal folgendes...
net groupmap modify ntgroup="windowsgruppe" unixgroup="unixgruppe"
in deinem beispiel halt
net groupmap modify ntgroup="Domain Users" unixgroup="users"
wobei "users" deine gruppe in linux ist, zu der deine benutzerkonten gehören...
falls du lust hast kannst du mir auch ne nachricht schreiben
[2007/03/15 20:40:42, 1] passdb/pdb_ldap.c:init_group_from_ldap(2152)
SID string [-513] could not be read as a valid SID
SID string [-513] could not be read as a valid SID
wies aussieht hast du keine groupmaps, oder?
poste mal die ausgabe von "net groupmap list" hier rein
SID 513 sind eigentlich die domain users... falls du dort überall "-> -1" stehen hast und keine unixgruppennamen, dann mach mal folgendes...
net groupmap modify ntgroup="windowsgruppe" unixgroup="unixgruppe"
in deinem beispiel halt
net groupmap modify ntgroup="Domain Users" unixgroup="users"
wobei "users" deine gruppe in linux ist, zu der deine benutzerkonten gehören...
falls du lust hast kannst du mir auch ne nachricht schreiben
