[FUG-BR] LDAP AGAIN

William David FUG-BR Thu, 28 Aug 2008 14:00:51 -0700

Boa Tarde
gostaria de pedir a ajuda pra uma cosia que esta me deixando careca.
estou com um maldito erro no Openldap.


no qual ele nao retorna  os  grupos corretamente pelo id e o samba se
perde ao  logar com o usuário não permitindo ele conectar aos
compartilhamentos pela restrição de grupos.

eu estava escrevendo uma artigo sobre o FREBSD + OLDAP + Samba + e
empaquei nisso

vejam o artigo que tem visão completa das configuração e explicações
http://biosystems.ath.cx:8080/wiki/doku.php?id=manuais:sar


# id bio
uid=1013(bio) gid=513(Domain Users) groups=513(Domain Users)

# id teste
uid=1395(teste) gid=513(Domain Users) groups=513(Domain Users)

# id teste1
uid=1396(teste1) gid=513(Domain Users) groups=513(Domain Users)


Aug 28 16:19:33 Bartelby id: nss_ldap: could not search LDAP server -
Server is unavailable


# getent group

teste1:*:1000:teste,bio,teste1
teste2:*:1003:teste,bio
teste3:*:1004:teste,bio
teste4:*:1005:teste,bio


# /usr/local/libexec/slapd -V
@(#) $OpenLDAP: slapd 2.4.11 (Jul 25 2008 13:17:13) $
       [EMAIL 
PROTECTED]:/usr/ports/net/openldap24-server/work/openldap-2.4.11/servers/slapd


# /var/db/pkg/
pam_ldap-1.8.4
db46-4.6.21.1
nss_ldap-1.257
openldap-sasl-client-2.4.11
openldap-sasl-server-2.4.11
smbldap-tools-0.9.5
samba-3.0.31_1,1




############################################
minhas config são:


# /usr/local/etc/nss_ldap.secret <-> /etc/ldap.secret  <->
/usr/local/etc/ldap.secret
teste

# /usr/local/etc/nss_ldap.conf <-> /etc/ldap.conf  <-> /usr/local/etc/ldap.conf
host schwarz-001b

uri ldap://schwarz-001b:389/

port 389

base dc=schwarz

bind_policy soft

rootbinddn cn=Manager,dc=schwarz

pam_password SSHA
ssl no
bind_policy soft

nss_base_passwd         ou=Users,dc=schwarz?one
nss_base_passwd         ou=Computers,dc=schwarz?one
nss_base_group          ou=Groups,dc=schwarz?one



# /usr/local/etc/openldap/ldap.conf
BASE    dc=schwarz
URI     ldap://192.168.1.232 ldap://192.168.2.100

BINDDN cn=manager,dc=schwarz




# /usr/local/etc/openldap/slapd.conf

include  /usr/local/etc/openldap/schema/core.schema
include  /usr/local/etc/openldap/schema/cosine.schema
include  /usr/local/etc/openldap/schema/inetorgperson.schema
include  /usr/local/etc/openldap/schema/nis.schema
include  /usr/local/etc/openldap/schema/samba.schema

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

ServerID 001

modulepath      /usr/local/libexec/openldap
moduleload      back_hdb

loglevel 256

database        hdb

suffix          "dc=schwarz"
rootdn          "cn=Manager,dc=schwarz"

rootpw                  {SSHA}qgsEroh1jPssq3EOKn74TESuVhLm95Wl

directory       /var/db/openldap-sch

checkpoint      1024    5

index  objectClass,uidNumber,gidNumber,entryUUID,entryCSN,contextCSN
            eq
index  cn,sn,uid,displayName
            pres,sub,eq
index  memberUid,mail,givenname
            eq,subinitial
index  sambaSID,sambaPrimaryGroupSID,sambaDomainName,sambaGroupType,sambaSIDList
  eq

overlay syncprov

syncprov-checkpoint 100 10
syncprov-sessionlog 100

lastmod  on

syncrepl   rid=001
          provider=ldap://192.168.1.232
          type=refreshAndPersist
          interval=00:00:00:10
          searchbase="dc=schwarz"
          scope=sub
          schemachecking=off
          bindmethod=simple
          binddn="cn=manager,dc=schwarz"
          credentials=teste
          retry="60 +"

syncrepl   rid=003
          provider=ldap://192.168.2.100
          type=refreshOnly
          interval=00:00:02:00
          searchbase="dc=schwarz"
          scope=sub
          schemachecking=off
          bindmethod=simple
          binddn="cn=manager,dc=schwarz"
          credentials=teste
          retry="60 +"

mirrormode on

access to *
     by self write
     by anonymous auth
     by * none


## /etc/nsswitch.conf
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

# host schwarz-001b
schwarz-001b.schwarz has address 192.168.1.232

# netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0  192.168.1.232.59920    192.168.2.100.389      TIME_WAIT
tcp4       0      0  192.168.1.232.53064    192.168.1.232.389      TIME_WAIT
tcp4       0      0  192.168.1.232.389      192.168.2.100.58975    ESTABLISHED
tcp4       0      0  192.168.1.232.389      192.168.1.232.63562    ESTABLISHED
tcp4       0      0  192.168.1.232.63562    192.168.1.232.389      ESTABLISHED
tcp4       0     52  192.168.1.232.22       192.168.1.246.55668    ESTABLISHED
tcp4       0      0  192.168.1.232.389      192.168.1.232.55105    ESTABLISHED
tcp4       0      0  192.168.1.232.55105    192.168.1.232.389      ESTABLISHED
tcp4       0      0  *.389                  *.*                    LISTEN
tcp6       0      0  *.389                  *.*                    LISTEN



--
-=-=-=-=-=-=-=-=-=-
William David Armstrong <----. Of course it runs
Bio Systems Security Networking <----|==========================
MSN / GT [EMAIL PROTECTED] <----' OpenBSD or FreeBSD
--------------------------------------
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

[FUG-BR] LDAP AGAIN

Responder a