samba ldap登陸的問題 [ 已解決 ]
用smbldap-useradd -m -a -P user 添加的帳號只有儲存在LDAP上,這裏包括了系統帳號及samba帳號。
用useradd username 添加的帳號只儲存在 /etc/passwd 和 /etc/group上。
用smbpasswd -a username 添加的帳號只儲存在 /etc/samba/smbpasswd上。
從另一台linux機器上用smbldap-useradd 添加的帳號可以ssh到samba伺服器,如: it01 ,但卻不能從XP上登陸到samba域,會在xp的日志裡看到提示:
Windows 找不到您的漫遊設定檔伺服器複本,而且正在嘗試讓您用本機設定檔登入。這可能是因為檔案系統權限不正確,或網路發生問題。當您登出後,設定檔的變更將不會複製到伺服器上。這可能是因為網路發生問題,或安全性權限不足。如果這個問題持續存在,請連絡您的網路系統管理員。
詳細資料 - 找不到網路路徑。
Linux的 /var/log/samba/log.smbd 裡看到:
[2007/08/14 16:24:09, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2007/08/14 16:24:10, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2007/08/14 17:02:44, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2007/08/14 17:02:44, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2007/08/14 18:12:08, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2007/08/14 18:12:08, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
profiles的權限如下:
[root@smbldap ~]# ll /usr/local/samba
total 36
drwxr-xr-x 2 root root 4096 Aug 6 18:38 bin
drwxr-xr-x 2 root root 4096 Aug 6 18:38 include
drwxr-xr-x 11 root root 4096 Aug 14 18:40 lib
drwxr-xr-x 2 root root 4096 Aug 13 18:22 private
drwxrwxrwt 9 root Domain Users 4096 Aug 14 17:17 profiles
drwxr-xr-x 2 root root 4096 Aug 6 18:38 sbin
drwxr-xr-x 3 root root 4096 Aug 6 18:38 share
drwxr-xr-x 8 root root 4096 Aug 6 18:38 swat
drwxr-xr-x 4 root root 4096 Aug 13 17:48 var
[root@smbldap ~]# ll /usr/local/samba/profiles/
total 28
drwxrwxr-T 4 it01 Domain Users 4096 Aug 14 16:36 it01
drwxrwxr-T 2 it02 Domain Users 4096 Aug 14 15:01 it02
drwxr-xr-x 2 it03 Domain Users 4096 Aug 14 17:08 it03
drwxrwxr-T 2 it04 it04 4096 Aug 13 19:00 it04
drwxrwxr-T 13 it05 it05 4096 Aug 14 16:35 it05
drwxrwxr-x 2 it06 it06 4096 Aug 14 17:08 it06
而用win98登陸到samba域則一切正常,不會有出錯的提示。
從另一台linux機器上用useradd 和 smbpasswd -a 添加的帳號不可以ssh到samba伺服器,但能從XP上登陸到samba域,不會有出錯的提示,如: it04 , 會有提示:
Aug 15 10:52:04 smbldap sshd(pam_unix)[4939]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.73 user=it04
如果用 it01 ssh 到samba域,那麼messages會有如下提示:
Ssh it01@192.168.16.25
Aug 15 10:52:55 smbldap sshd(pam_unix)[4941]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.73 user=it01
Aug 15 10:52:55 smbldap sshd(pam_unix)[4943]: session opened for user it01 by (uid=0)
但還算是ssh成功的
在 /var/log/messages裡時不時的看到有這樣的提示:
Aug 14 18:48:59 smbldap nscd: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP server
Aug 14 18:48:59 smbldap nscd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server
Aug 14 18:48:59 smbldap nscd: nss_ldap: could not search LDAP server - Server is unavailable
Aug 14 18:48:59 smbldap nscd: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP server
Aug 14 18:48:59 smbldap nscd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server
Aug 14 18:48:59 smbldap nscd: nss_ldap: could not search LDAP server - Server is unavailable
這是什麼原因?是openldap沒有整合到系統?
openldap隻是整合了samba,卻無法整合到系統?
Pam_ldap設置有錯誤?