Portál AbcLinuxu, 14. července 2025 11:41
Populating LDAP directory for domain DOMA.CZ (S-1-5-21-960292573-1401139834-1827941194)
(using builtin directory structure)
adding new entry: dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 2.
adding new entry: ou=Users,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 3.
adding new entry: ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 4.
adding new entry: ou=Computers,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 5.
adding new entry: ou=Idmap,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 6.
adding new entry: uid=root,ou=Users,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 7.
adding new entry: uid=nobody,ou=Users,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, %> line 8.
adding new entry: cn=Domain Admins,ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 9.
adding new entry: cn=Domain Users,ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 10.
adding new entry: cn=Domain Guests,ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 11.
adding new entry: cn=Domain Computers,ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 12.
adding new entry: cn=Administrators,ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 16.
adding new entry: cn=Account Operators,ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 18.
adding new entry: cn=Print Operators,ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 19.
adding new entry: cn=Backup Operators,ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 20.
adding new entry: cn=Replicators,ou=Groups,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 21.
adding new entry: sambaDomainName=DOMA.CZ,dc=DOMA,dc=CZ
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 471, % line 21.
Please provide a password for the domain root:
No such object at /usr/sbin//smbldap_tools.pm line 341.deb http://ftp.cz.debian.org/debian jessie main contrib non-freedeb http://ftp.cz.debian.org/debian jessie main contrib non-free# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
HOST 127.0.0.1
BASE dc=DOMA, dc=CZ
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
WARNING: No dynamic config support for database ldbm.
ldbm_back_db_open: alock package is unstable; database may be inconsistent!
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schem
abdb_db_open: alock package is unstable
backend_startup_one: bi_db_open failed! (-1)
slapd stopped.
connections_destroy: nothing to destroy.
samba - ups ldap mysql pam python readline xml openldap - berkdb crypt gdbm ipv6 perl readline ssl tcpd samba
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
loglevel 256
database bdb
suffix "dc=DOMA,dc=CZ"
rootdn "cn=root,dc=DOMA,dc=CZ"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}Qyk+JFpJoju7pSU34GoC9w/milDuwEOg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Indices to maintain
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
s tou databází bdb to ani nespustim to ldap..
modulepath /usr/lib/openldap/openldap
moduleload back_bdb.la
to heslo je spravne ??
rootpw {SSHA}Qyk+JFpJoju7pSU34GoC9w/milDuwEOg
Nelibi se mi tam to lomitko Vsechny cesty jsou 100 pro spravne ? Vis jak to byva, rano moudrejsiho vecera ... Nemam ted ty sve konfigurace po ruce. Paklize mas tady overovani SSHA, mas to taky v smbldap.conf ??
modulepath /usr/lib/openldap/openldap moduleload back_bdb.latoto mám zakomentované takže jedinné co můžu zkusit je to odkomentovat helso jsem kopíroval po zadání příkazu slappasswd který vygeneruje tu SSHA šifru a v smbldap.conf ssha je nakonfigurováno.. ale vložím to sem až zítra jak říkáš ráno moudřejší večera takže jdu spát.. když mi použeš i zítra budu zavázán.
Zitra mrknu i na ty svoje konfigy ..
Jiste prikazem smbpasswd -w heslo se nastavi heslo pro SAMBU na pristu do LDAP databaze jinak se samba nespoji, ale to neresi problem pokud databaze neexistuje. Nejprve ji musi vygenerovat. Mimochodem smbldap-populate bere zakladni konfiguraci ze smb.conf i kdyz se samba k ldapu jeste nemuze pripojit. Aby fungovalo mapovani GID a UID na linuxove uzivatele a skupiny v LDAPu je nutno nakonfig.NSSWITCH . Pokud se ma i overit na ldapu pak jeste treba nastavit PAM moduly.
1. na localu je to v pohode
2. Nemam skripty
3. Nemam kdo by je plnil
4. ano prava roota, ale on pouze zada pres webmin par okynek a ma to taky (samozrejme ne s takovymi moznostmi jako LDAP)
5. Nejsem programator jako asi vsichni a zakaznici uz vubec ne
6. LDAP správci toto neumi co pises (dostatecne jednoduse - proto mas skripty)
7. Kdyz nabidnu to co rikas zakaznikovi, tak jediny co rekne (Pokud nekdy videl Wokna): Ale AD a Exchange je o dost jednodussi, ne ?
Abychom si rozumeli, jde mi o jedine o VELMI jednoduchou spravu uzivatelu, klidne to budu mesic pripravovat a konfigurovat, ale sprava uzivatelu musi byt easy a to proste s LDAP dnes nedam. A nemluvme o programovani a skriptovani ....
Omlovam se zapomnel jsem oradkovat tak znova:
Mimochodem fakt nevim co je na tom slozitejsiho nez standartni prikazy:
15.4.2007 13:42
smbldap-useradd -a -n -m -c popisek -g primarniskupina -G sekundarni_skupina pridavany_uzivatel
smbldap-userdel -r odebirany_uzivatel
smbldap-groupadd -a pridavana_skupina
smbldap-groupadd -a pridavana_skupina
smbldap-useradd -w "pridana_masina$"
LDAP je nejjednodusi zpusob sjednoceni hesel jak pro SAMBU tak pro dalsi sluzby linuxoveho serveru. Drive jsem jel taky bez LDApu (uzivatele si mneli heslo do linuxu pres USERMIN) ale pro vetsinu (uzivatelu bylo nepochopitelne a zmatecne jine heslo pro WIN klienty a jine pro postu, ftp apod.
1. Klient by nemel pravo si menit heslo do posty (protoze pak k uctu jana vznikne heslo jana)
2. Login do win stanice at si meni do aleluja (tim padem i FTP) - samozrejme POUZE lokalne
3. Zadny Usermin
Jeste poznamka, ja mluvim o zakaznikach - lidi z kanclu - ty ani nevedi co je to login do domeny, v tom je trochu rozdil.
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.