[FUG-BR] samba + ldap

Paulo Henrique piqueonline em uol.com.br
Quinta Dezembro 14 13:04:26 BRST 2006


Estou com um problema que esta me atormentando a dias
implantei o samba + ldap + ssl, a implantacao foi perfeita so que todos os micro com windows xp estao apresentando um problema estranho
todos carregam um logon script de padrao para mapear o home, publico e o diretorio do grupo ate ae tudo certo
so que quando clicko em mue computador da um delay de uns 5 segundos para abrir ou seja aparecer as unidades locais e mapeadas.
Retirei o ssl do ldap para ver se resolvia alguma coisa , e nada, coloquei algumas opcoes no samba para performance e nada, nao sei + 
o que pode ser, alguem tem alguma dica ???
vou postar a configuracao do samba e do ldap 

[global]
workgroup = xxx
netbios name = xxx
server string = xxx
security = user
encrypt passwords = yes
load printers = yes
log level = 2
log file = /var/log/samba/%m.log
password level = 0
username level = 0
max log size = 50
os level = 100
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
interfaces = eth0, lo
bind interfaces only = Yes
smb ports = 139
use sendfile = no
oplocks = yes
max xmit = 65535
read raw = Yes
write raw = Yes
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
large readwrite = Yes
deadtime = 15
keepalive = 20
admin users = xxx
logon script = xxx.bat
logon home = \\%L\%U\.profiles
logon path = \\%L\profiles\%U
logon drive = U:
time server = yes
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
dns proxy = no
name resolve order = lmhosts wins host bcast
ldap ssl = off
ldap delete dn = no
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=xxx,dc=xxx,dc=xxx,dc=xx
ldap suffix = dc=xxx,dc=xxx,dc=xxx
ldap group suffix = ou=Grupos
ldap user suffix = ou=Usuarios
ldap machine suffix = ou=Computadores
ldap passwd sync = yes
idmap uid = 10000-15000
idmap gid = 10000-15000
enable privileges = yes
acl compatibility = auto
nt acl support = yes
map acl inherit = Yes
inherit permissions = Yes
passwd chat = *New*password* %n  *Retype*new*password* %n *passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
Unix charset = ISO8859-15
display charset = cp850
preserve case = no
short preserve case = no
default case = lower
cups server = xxxx
message command = csh -c 'xedit %s;rm %s' &
#Lixeira
recycle:exclude = *.tmp *.temp *.o *.obj ~$* cópia*.*
recycle:keeptree = True
recycle:touch = True
recycle:versions = True
recycle:noversions = .doc|.xls|.ppt|.cdr
recycle:repository = .recycle
recycle:maxsize = 1000000

[homes]
comment = Diretorio Home
path = /home/users/%U
browseable = no
writable = yes
guest ok = no
read only = no
create mask = 0700
directory mask = 0700
force user = %U

[profiles]
path = /home/profiles/
browseable = no
read only = no
csc policy = disable
profile acls = yes
nt acl support = no
create mode = 0776
hide files = /desktop.ini/ntuser.ini/NTUSER.*/

[netlogon]
path = /home/netlogon
public = no
browseable = no
writable = no
read only = yes
write list = xxxx

[printers]
comment = Impressoras
path = /var/spool/samba
browseable = yes
guest ok = no
writable = no
printable = yes

[publico]
comment = Area Publica
path = /home/publico/
browseable = yes
guest ok = no
writable = yes
read only = no
create mask = 0777
directory mask = 0777
force user = %U
force group = %G

[grupos]
comment = Grupos
path = /home/grupos/%G
browseable = no
guest ok = no
writable = yes
read only = no
create mask = 0770
directory mask = 0770
force user = %U
force group = %G
vfs objects = recycle

[antivirus]
comment = Antivirus
path = /home/antivirus
browseable = no
guest ok = no
writable = no
readonly = yes
public = no
write list = xxx

[wpkg]
comment = Windows Packager
path = /home/wpkg
read only = yes
browseable = no
public = no
writable = no
write list = xxx



######################################################################################################################################
sldap.conf

#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/qmail.schema
include /usr/local/etc/openldap/schema/pykota.schema
#
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
#
TLSCertificateFile      /usr/local/ssl/server_crt.pem
TLSCertificateKeyFile   /usr/local/ssl/server_key.pem
TLSCACertificateFile    /usr/local/ssl/cacert.pem
#
sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=Usuarios,dc=xxx,dc=xxx,dc=xx
#
database  bdb
suffix "dc=xxx,dc=xxx dc=xxx"
rootdn "cn=xxx,dc=xxx,dc=xxx, dc=xxx"
rootpw xxx
directory /usr/local/var/openldap-data
#
password-hash {CRYPT}
password-crypt-salt-format "$1$.8s"
#
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,mailAlternateAddress,givenname,accountStatus,mailHost,deliveryMode eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index default sub
index pykotaUserName pres,eq,sub
index pykotaGroupName pres,eq,sub
index pykotaPrinterName pres,eq,sub
index pykotaBillingCode pres,eq,sub
index pykotaLastJobIdent eq
#
limits dn="cn=xxx,dc=xxx,dc=xxx,dc=xxx" size.soft=-1 size.hard=soft
limits dn="cn=xxx,dc=xxx,dc=xxx,dc=xxx" size.soft=-1 size.hard=soft
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
        by self write
        by anonymous auth
        by * none
#
access to *
        by * read




Mais detalhes sobre a lista de discussão freebsd