« -: Mar 05, 2012, 12:59 »
Инсталирал съм Solaris - OpenIndiana 151a, SAMBA 3.5.5 и OpenLDAP 2.4.13
SAMBA работи, LDAP сървъра също - мога да се логна в него и дори си създадох няколко профила вътре (posixAccount).
SAMBA обаче не взима на доверие UID от свойствата на профила в LDAP, ами пробва с Get_PwNam и не успява.
getent passwd ldap_user не ми показва нищо.
/etc/openldap/slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/solaris.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=domain,dc=com"
rootdn "cn=admin,dc=domain,dc=com"
rootpw my-secret
password-hash {CLEARTEXT}
directory /var/openldap
monitoring off
authz-regexp uid=([^,]*),cn=[^,]*,cn=[^,]*,cn=auth uid=$1,OU=users,DC=domain,DC=com
authz-regexp uid=([^,]*),cn=[^,]*,cn=auth uid=$1,OU=users,DC=domain,DC=com
authz-regexp uid=([^,]*),cn=[^,]*,cn=auth cn=$1,DC=domain,DC=com
authz-policy to
access to attrs=userPassword,shadowLastChange by anonymous auth by self write by * none
access to attrs=sambaLMPassword,sambaNTPassword by dn="uid=samba_admin,dc=domain,dc=com" read by * none
access to dn.base="" by * read
/etc/openldap/init.ldif:
dn: dc=domain,dc=com
dc: domain
o: Office
objectclass: dcObject
objectclass: organization
objectclass: top
dn: cn=admin,dc=domain,dc=com
cn: admin
objectclass: organizationalRole
dn: ou=groups,dc=domain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: groups
dn: ou=machines,dc=domain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: machines
dn: ou=users,dc=domain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: users
dn: sambaDomainName=domain,dc=domain,dc=com
objectclass: sambaDomain
objectclass: top
sambaalgorithmicridbase: 10000
sambadomainname: domain
sambasid: S-1-5-21-1
dn: uid=samba_admin,dc=domain,dc=com
objectclass: account
objectclass: simpleSecurityObject
objectclass: top
uid: samba_admin
userpassword: {SSHA}V4aSjZpxJs0jroIXrKAZKYRdDf7+M9H/
/etc/nsswitch.conf:
passwd: files ldap
group: files ldap
hosts: files dns mdns
ipnodes: files dns mdns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: files
automount: files
aliases: files
services: files
printers: user files
auth_attr: files
prof_attr: files
project: files
tnrhtp: files
tnrhdb: files
Добавил съм в /etc/pam.conf:
login auth sufficient pam_ldap.so.1
other auth sufficient pam_ldap.so.1
other account sufficient pam_ldap.so.1
Настроил съм профил USER с nwamcfg:
activation-mode manual
enabled true
nameservices files,dns,ldap
nameservices-config-file "/etc/nsswitch.conf"
dns-nameservice-configsrc manual
dns-nameservice-domain "domain.com"
dns-nameservice-servers "192.168.2.1"
dns-nameservice-search "domain.com"
ldap-nameservice-configsrc manual
ldap-nameservice-servers "127.0.0.1"
default-domain "domain.com"
/var/ldap/ldap_client_cred:
NS_LDAP_BINDDN= cn=admin,dc=domain,dc=com
NS_LDAP_BINDPASSWD= my-secret
/var/ldap/ldap_client_file:
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 127.0.0.1
NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com
NS_LDAP_CACHETTL= 0
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=users,dc=domain,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=domain,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=users,dc=domain,dc=com
Това ми е първи сблъсък със SOLARIS и съм като в небрано лозе.