当我sudo smbldap-groupadd -a u3时出错

Web、Mail、Ftp、DNS、Proxy、VPN、Samba、LDAP 等基础网络服务
回复
sincos2007
帖子: 32
注册时间: 2016-06-19 17:17
系统: Ubuntu Kylin 14.04

当我sudo smbldap-groupadd -a u3时出错

#1

帖子 sincos2007 » 2016-11-15 2:13

安装命令:

sudo apt-get install samba slapd ldap-utils

OS: Ubuntu 14.04

当我

sudo smbldap-groupadd -a u1

时出错:

Failed to find sambaDomain object to get sambaAlgorithmicRidBase

当我

sudo smbldap-useradd -a -g 1005 u1

时出错:

Error: SID not set for unix group 1005
check if your unix group is mapped to an NT group


我执行smbldap-populate是成功的

smb.conf:

代码: 全选

[global]
	workgroup = DOMSMB
	netbios name = PDC-SRV

	deadtime = 10

	log level = 1
	log file = /var/log/samba/log.%m
	max log size = 5000
	debug pid = yes
	debug uid = yes
	syslog = 0
	utmp = yes

	security = user
	domain logons = yes
	os level = 64
	logon path =
	logon home =
	logon drive =
	logon script =

	passdb backend = ldapsam:"ldap://ldap.example.com/"
	ldap ssl = start tls
	ldap admin dn = cn=Manager,dc=example,dc=com
	ldap delete dn = no

	## Sync UNIX password with Samba password
	## Method 1:
	ldap password sync = yes
	## Method 2:
	;ldap password sync = no
	;unix password sync = yes
	;passwd program = /usr/sbin/smbldap-passwd -u '%u'
	;passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

	ldap suffix = dc=example,dc=com
	ldap user suffix = ou=Users
	ldap group suffix = ou=Groups
	ldap machine suffix = ou=Computers
	ldap idmap suffix = ou=Idmap

	add user script = /usr/sbin/smbldap-useradd -m '%u' -t 1
	rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
	delete user script = /usr/sbin/smbldap-userdel '%u'
	set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
	add group script = /usr/sbin/smbldap-groupadd -p '%g'
	delete group script = /usr/sbin/smbldap-groupdel '%g'
	add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
	delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
	add machine script = /usr/sbin/smbldap-useradd -w '%u' -t 1

	server role = classic primary domain controller
	domain master = yes

[NETLOGON]
	path = /var/lib/samba/netlogon
	browseable = no
	share modes = no

[PROFILES]
	path = /var/lib/samba/profiles
	browseable = no
	writeable = yes
	create mask = 0611
	directory mask = 0700
	profile acls = yes
	csc policy = disable
	map system = yes
	map hidden = yes

[share]
	comment = share
	path = /home/xxx/data/share
	valid users = xxx
	write list = xxx
	force user = xxx
	create mask = 0754
	sync always = Yes
;	hide dot files = yes
;	writeable = no
;	browseable = yes
smbldap.conf:

代码: 全选

# $Id: smbldap.conf 139 2012-08-07 11:11:37Z fumiyas $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools

#  This code was developped by IDEALX (http://IDEALX.org/) and
#  contributors (their names can be found in the CONTRIBUTORS file).
#
#                 Copyright (C) 2001-2002 IDEALX
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; either version 2
#  of the License, or (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
#  USA.

#  Purpose :
#       . be the configuration file for all smbldap-tools scripts

##############################################################################
#
# General Configuration
#
##############################################################################

# Put your own SID. To obtain this number do: "net getlocalsid".
# If not defined, parameter is taking from "net getlocalsid" return
SID="S-1-5-21-705612041-1564776041-3365041612"

# Domain name the Samba server is in charged.
# If not defined, parameter is taking from smb.conf configuration file
# Ex: sambaDomain="IDEALX-NT"
#sambaDomain="DOMSMB"

##############################################################################
#
# LDAP Configuration
#
##############################################################################

# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
#   (typically a replication directory)

# Slave LDAP server URI
# Ex: slaveLDAP=ldap://slave.ldap.example.com/
# If not defined, parameter is set to "ldap://127.0.0.1/"
slaveLDAP="ldap://127.0.0.1/"

# Master LDAP server URI: needed for write operations
# Ex: masterLDAP=ldap://master.ldap.example.com/
# If not defined, parameter is set to "ldap://127.0.0.1/"
masterLDAP="ldap://127.0.0.1/"

# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you must also used the LDAP URI "ldap://...", not "ldaps://...")
# If not defined, parameter is set to "0"
ldapTLS="0"

# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="none"

# CA certificate
# see "man Net::LDAP" in start_tls section for more details
#cafile="/etc/smbldap-tools/ca.pem"
cafile=""

# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
#clientcert="/etc/smbldap-tools/smbldap-tools.example.com.pem"
clientcert=""

# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
#clientkey="/etc/smbldap-tools/smbldap-tools.example.com.key"
clientkey=""

# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=du,dc=com"

# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=Users,${suffix}"

# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
computersdn="ou=Computers,${suffix}"

# Where are stored Groups
# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
groupsdn="ou=Groups,${suffix}"

# Where are stored Idmap entries (used if samba is a domain member server)
# Ex: idmapdn="ou=Idmap,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
idmapdn="ou=Idmap,${suffix}"

# Where to store next uidNumber and gidNumber available for new users and groups
# If not defined, entries are stored in sambaDomainName object.
# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

# Default scope Used
scope="sub"

# Unix password hash scheme (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
# If set to "exop", use LDAPv3 Password Modify (RFC 3062) extended operation.
password_hash="SSHA"

# if password_hash is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
password_crypt_salt_format="%s"

##############################################################################
# 
# Unix Accounts Configuration
# 
##############################################################################

# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"

# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"

# Default mode used for user homeDirectory
userHomeDirectoryMode="700"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="513"

# Default Computer (Samba) GID
defaultComputerGid="515"

# Skel dir
skeletonDir="/etc/skel"

# Treat shadowAccount object or not
shadowAccount="1"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"

##############################################################################
#
# SAMBA Configuration
#
##############################################################################

# The UNC path to home drives location (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
# Ex: userSmbHome="\\PDC-SMB3\%U"
userSmbHome="\\PDC-SRV\%U"

# The UNC path to profiles locations (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
# Ex: userProfile="\\PDC-SMB3\profiles\%U"
userProfile="\\PDC-SRV\profiles\%U"

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: userHomeDrive="H:"
userHomeDrive="H:"

# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: userScript="startup.cmd" # make sure script file is edited under dos
userScript="logon.bat"

# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain="idealx.com"
mailDomain="example.com"

##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################

# Allows not to use smbpasswd (if with_smbpasswd="0" in smbldap.conf) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

# comment out the following line to get rid of the default banner
# no_banner="1"
谢谢帮助!
poloshiao
论坛版主
帖子: 18279
注册时间: 2009-08-04 16:33

Re: 当我sudo smbldap-groupadd -a u3时出错

#2

帖子 poloshiao » 2016-11-15 7:12

Failed to find sambaDomain object to get sambaAlgorithmicRidBase
https://lists.samba.org/archive/samba/2 ... 03393.html
[Samba] Failed to find sambaDomain object to get sambaAlgorithmicRidBase
按下 Next message 可以續看下一篇討論
Error: SID not set for unix group 1005
check if your unix group is mapped to an NT group
https://lists.samba.org/archive/samba/2 ... 08340.html
[Samba] NT4 migration errors
按下 Next message 可以續看下一篇討論
sincos2007
帖子: 32
注册时间: 2016-06-19 17:17
系统: Ubuntu Kylin 14.04

Re: 当我sudo smbldap-groupadd -a u3时出错

#3

帖子 sincos2007 » 2016-11-17 2:45

问题已解决,谢谢!
回复