我刚刚在Debian Squeeze系统上做了一个初始的Samba / LDAPconfiguration。 我将一个用户添加到ldap目录并安装了libnss-ldap。 我现在可以使用新创build的用户成功login到系统,所以看起来Debian本身没有任何问题与LDAPvalidation。
我根据许多教程configuration了Samba,但由于我configuration了LDAP,所以我无法连接到共享。 这里是smb.conf:
[global] workgroup = ANDROCS passdb backend = ldapsam:ldap://127.0.0.1/ log level = 5 log file = /var/log/samba/log.%m max log size = 100 time server = Yes domain logons = Yes preferred master = Yes domain master = Yes wins support = No # LDAP ldap admin dn = cn=admin,dc=androcs,dc=com ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=androcs,dc=com ldap user suffix = ou=Users ldap ssl = off idmap backend = ldap:ldap://127.0.0.1 idmap uid = 10000-20000 idmap gid = 10000-20000 # now define some shares [technical] comment = Common Engineering and Technical Material path = /export/technical force group = technical read only = No create mask = 0770 directory mask = 0770 browseable = No [development] comment = Software Development Repositories path = /export/development force group = development read only = No create mask = 0770 directory mask = 0770 browseable = No [business] comment = Common Business Material path = /export/business force group = business read only = No create mask = 0770 directory mask = 0770 browseable = No
所以我尝试使用gnome的“连接到服务器”functionlogin到另一个Debian系统的共享。 同时我尾巴syslog的输出,这里是结果:
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 fd=13 ACCEPT from IP=127.0.0.1:53334 (IP=0.0.0.0:389) Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 BIND dn="cn=admin,dc=androcs,dc=com" method=128 Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 BIND dn="cn=admin,dc=androcs,dc=com" mech=SIMPLE ssf=0 Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 RESULT tag=97 err=0 text= Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SRCH attr=supportedControl Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(?objectClass=sambaSamAccount))" Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Jul 29 11:27:34 androserve slapd[3038]: conn=1004 fd=13 closed (connection lost)
立即向我伸出的线是:
conn=1004 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(?objectClass=sambaSamAccount))"
特别是objectClass
。 我是LDAP新手,但将用户configuration为person
, inetOrgPerson
, posixAccount
和shadowAccount
。
有谁知道我应该从哪里开始? 我可以增加日志logging级别以获得更好的线索吗?
谢谢!
searchfilter看起来是因为'?'
之前的文字objectClass
但可能是一个翻译或粘贴错误。 search返回零条目( nentries=0
),因为如你所说,没有条目有一个tarcuri
的uid
和一个sambaSamAccount
的objectClass。