Problema ao inserir máquina em dominio SAMBA+LDAP.

Iniciado por allan_nogueira, 11 de Janeiro de 2010, 00:39

tópico anterior - próximo tópico
Imprimir
Ir para Fim Páginas1
Ações

allan_nogueira

11 de Janeiro de 2010, 00:39
Olá colegas de fórum!

Fiz a configuração do servidor para ser controlador de dominio usando o SAMBA + LDAP. As máquinas clientes acessam os arquivos compartilhados sem problema!
O LDAP e o SAMBA parecem funcionar direitinho! Mas quando eu tento adicionar uma máquina ao dominio, tenho a seguinte mensagem:

"Não são permitidas várias conexões a um servidor ou recurso compartilhado pelo mesmo usuário..."

Segue abaixo o meu smb.conf e o slapd.conf

smb.conf
Citar[global]

workgroup = FONSECASHOP
netbios name = SRVFONSECA
domain logons = Yes
domain master = Yes
wins support = true

obey pam restrictions = Yes
dns proxy = No
os level = 35
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
pam password change = Yes
# Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del
unix password sync = no
ldap passwd sync = yes

# Printing from PCs will go via CUPS ..
load printers = yes
printing = cups
printcap name = cups

# Use LDAP for Samba user accounts and groups ..
passdb backend = ldapsam:ldap://127.0.0.1

# This must match init.ldif ..
ldap suffix = dc=fonsecashop,dc=local
# The password for cn=admin MUST be stored in /etc/samba/secrets.tdb
# This is done by running 'sudo smbpasswd -w'.
ldap admin dn = cn=admin,dc=fonsecashop,dc=local

# 4 OUs that Samba uses when creating user accounts, computer accounts, etc.
# (Because we are using smbldap-tools, call them 'Users', 'Computers', etc.)
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
# Samba and LDAP server are on the same server in this example.
ldap ssl = no

# Scripts for Samba to use if it creates users, groups, etc.
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

# Script that Samba users when a PC joins the domain ..
# (when changing 'Computer Properties' on the PC)
add machine script = /usr/sbin/smbldap-useradd -w '%u'
#add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

# Values used when a new user is created ..
# (Note: '%L' does not work properly with smbldap-tools 0.9.4-1)
logon drive =
logon home =
logon path =
logon script =

# This is required for Windows XP client ..
server signing = auto
server schannel = auto

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
browseable = No

[Profiles]
comment = Roaming Profile Share
# would probably change this to elsewhere in a production system ..
path = /var/lib/samba/profiles
read only = No        profile
acls = Yes
browsable = No

[printers]
comment = All Printers
path = /var/spool/samba
use client driver = Yes
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
public = yes
writable = yes
admin users = root
write list = root

[print$]
comment = Printer Drivers
Share        path = /var/lib/samba/printers
write list = root
create mask = 0664
directory mask = 0775
admin users = root

[sav]
browseable = no
valid users = sav
writeable = yes
path = /sav
guest ok = yes

[allan]
browseable = no
path = /var/www/allan
writeable = yes

slapd.conf:

Citar#allow bind_v2

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/misc.schema

pidfile                      /var/run/slapd/slapd.pid

argsfile                   /var/run/slapd/slapd.args

modulepath               /usr/lib/ldap
moduleload          back_bdb

sizelimit 500

tool-threads 1

backend                   bdb
#checkpoint 512 30

database              bdb

suffix                       "dc=fonsecashop,dc=local"

rootdn  "cn=admin,dc=fonsecashop,dc=local"
rootpw  {SSHA}sh/a6BBz57KUrePF4J4+Qwd/0yATbLKF

directory       "/var/lib/ldap"

dbconfig set_cachesize 0 2097152 0

dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

#index objectClass eq, pres
index ou,cn,sn,mail,givenname eq,pres,sub
index uidNumber,gidNumber,memberUid eq,pres
index loginShell eq,pres
index uniqueMember eq,pres
index uid pres,sub,eq
index displayName pres,sub,eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
#index uid pres,eq,sub

lastmod         on

access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
    by dn="cn=admin,dc=fonsecashop,dc=local"  write
    by anonymous auth
    by self write
    by * none

access to dn.base="" by * read

access to *
    by dn="cn=admin,dc=fonsecashop,dc=local" write
    by * read

O que pode estar errado na minha configuração?

Desde já agradeço pela atenção de todos!

Abraço,

Allan Nogueira
Atenciosamente,
Allan Nogueira
(allan.nogueira@gmail.com)
Imprimir
Ir para Topo Páginas1
Ações