[FUG-BR] Samba e Ldap

Fabiano Caixeta Duarte fcd.listas em gmail.com
Quarta Janeiro 23 13:03:14 BRST 2008 

Matheus Cucoloto escreveu:
> Ae galéra, pesquisei muito ja e não consegui achar o caminho da pedra
> para resolver este problema:
> Quando gero o populate acontece o seguinte problema
> 
> # smbldap-populate
> Populating LDAP directory for domain DOMINIO
> (S-1-5-21-2976607633-1561974291-3445042700)
> (using builtin directory structure)
> 
> entry dc=dominio,dc=com,dc=br already exist.
> entry ou=People,dc=dominio,dc=com,dc=br already exist.
> entry ou=Group,dc=dominio,dc=com,dc=br already exist.
> entry ou=Computers,dc=dominio,dc=com,dc=br already exist.
> adding new entry: ou=Idmap,dc=dominio,dc=com,dc=br
> entry uid=root,ou=People,dc=dominio,dc=com,dc=br already exist.
> entry uid=nobody,ou=People,dc=dominio,dc=com,dc=br already exist.
> adding new entry: cn=Domain Admins,ou=Group,dc=dominio,dc=com,dc=br
> adding new entry: cn=Domain Users,ou=Group,dc=dominio,dc=com,dc=br
> adding new entry: cn=Domain Guests,ou=Group,dc=dominio,dc=com,dc=br
> adding new entry: cn=Domain Computers,ou=Group,dc=dominio,dc=com,dc=br
> adding new entry: cn=Administrators,ou=Group,dc=dominio,dc=com,dc=br
> adding new entry: cn=Account Operators,ou=Group,dc=dominio,dc=com,dc=br
> adding new entry: cn=Print Operators,ou=Group,dc=dominio,dc=com,dc=br
> adding new entry: cn=Backup Operators,ou=Group,dc=dominio,dc=com,dc=br
> adding new entry: cn=Replicators,ou=Group,dc=domino,dc=com,dc=br
> entry cn=NextFreeUnixId,dc=dominio,dc=com,dc=br already exist. Updating it...
> 
> failed to modify entry: attribute 'sambaNextRid' not allowed at
> /usr/local/sbin/smbldap-populate line 492, <GEN1> line 241.
> 
> Please provide a password for the domain root:
> Changing UNIX and samba passwords for root
> New password:
> Retype new password:
> When run by root:
>     smbpasswd [options] [username]
> otherwise:
>     smbpasswd [options]
> 
> options:
>   -L                   local mode (must be first option)
>   -h                   print this usage message
>   -s                   use stdin for password prompt
>   -c smb.conf file     Use the given path to the smb.conf file
>   -D LEVEL             debug level
>   -r MACHINE           remote machine
>   -U USER              remote username
> extra options when run by root or in local mode:
>   -a                   add user
>   -d                   disable user
>   -e                   enable user
>   -i                   interdomain trust account
>   -m                   machine trust account
>   -n                   set no password
>   -W                   use stdin ldap admin password
>   -w PASSWORD          ldap admin password
>   -x                   delete user
>   -R ORDER             name resolve order
> Failed to modify UNIX password: attribute 'shadowLastChange' not
> allowed at /usr/local/sbin/smbldap-passwd line 285, <STDIN> line 2.
> 
> 
> Aqui eu tento criar uma maquina nova (nao retorna nada)
> 
> # smbldap-useradd -w NOME-DA-MAQUINA2
> 
> Aqui eu tento cria um usuario e nao consigo retorna o erro abaixo
> 
> # smbldap-useradd -m -a NOME-DO-USUARIO2
> Cannot confirm uidNumber 1001 is free: checking for the next one
> Can't call method "get_value" on an undefined value at
> /usr/local/sbin/smbldap-useradd line 204.
> 
> # smbldap-useradd -m -a NOME-DO-USUARIO2
> Can't call method "get_value" on an undefined value at
> /usr/local/sbin/smbldap-useradd line 204.
> 
> # smbldap-passwd NOME-DO-USUARIO2
> /usr/local/sbin/smbldap-passwd: user NOME-DO-USUARIO2 doesn't exist
> 
> Aqui eu tento alterar a senha de um usuario ja cadastrado no ldap
> através do base.ldif
> # smbldap-passwd NOME-DO-USUARIO
> Changing UNIX password for NOME-DO-USUARIO
> New password:
> Retype new password:
> Failed to modify UNIX password: attribute 'shadowLastChange' not
> allowed at /usr/local/sbin/smbldap-passwd line 285, <STDIN> line 2.
> 
> 
> Dando uma espiada no debug.log aparece isso:
> 
> Jan 23 12:16:10 thayse slapd[31124]: conn=48 op=3 MOD
> dn="uid=NOME-DO-USUARIO,ou=People,dc=dominio,dc=com,dc=br"
> Jan 23 12:16:10 thayse slapd[31124]: conn=48 op=3 MOD
> attr=userPassword shadowLastChange shadowMax
> Jan 23 12:16:10 thayse slapd[31124]: Entry
> (uid=NOME-DO-USUARIO,ou=People,dc=dominio,dc=com,dc=br), attribute
> 'shadowLastChange' not allowed
> Jan 23 12:16:10 thayse slapd[31124]: entry failed schema check:
> attribute 'shadowLastChange' not allowed
> Jan 23 12:16:10 thayse slapd[31124]: conn=48 op=3 RESULT tag=103
> err=65 text=attribute 'shadowLastChange' not allowed
> Jan 23 12:16:10 thayse slapd[31124]: conn=48 op=4 UNBIND
> Jan 23 12:16:10 thayse slapd[31124]: conn=48 fd=11 closed
> 
> 
> Ajuda please!
> 

A lógica é que você não configurou a mesma senha no slapd.conf e no 
smbldap_bind.conf

-- 
Fabiano Caixeta Duarte
Especialista em Redes de Computadores
Linux User #195299
Ribeirão Preto - SP

Mais detalhes sobre a lista de discussão freebsd