[Fedora-users-br] Problemas com o samba+ldap

Sérgio Cioban Filho - TECJUMP sergio em tecjump.com.br
Ter Jul 25 14:19:24 UTC 2006


salve galera,

Estou com problemas com o samba integrado com o LDAP.

Os usuários login normalmente normalmente, mas somente o root ou o
administrador conseguem acessar os compartilhamentos no servidor, os
outros usuários (do grupo Usuários do Domínio) não acessam nem as suas
pastas home, fica pedindo senha novamente (no Rwindows).

Segue o LOG do samba com o erro:

[2006/07/25 22:13:08, 0] smbd/service.c:make_connection(800)
  172.16.16.13 (172.16.16.13) couldn't find service arquivos
[2006/07/25 22:13:10, 0] smbd/service.c:make_connection(800)
  172.16.16.13 (172.16.16.13) couldn't find service arquivos
[2006/07/25 22:13:22, 0] smbd/service.c:make_connection_snum(620)
  '/home/PASTA' does not exist or is not a directory, when connecting to
[pasta]


Segue o meu smb.conf:


# Global parameters
[global]
        workgroup = PILOTO
        server string = Servidor Samba LDAP
        netbios name = LDAP
        #unix password sync = yes
        #ldap password sync = yes
        ldap delete dn = yes
        log file = /var/log/samba/samba.log
        max log size = 50
        time server = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#       logon script = %u.bat
        #logon script = login.bat
        #logon path = \\server\profiles\%u
        #logon drive = \\server\profiles\%U
        logon path =
        logon drive =
        domain logons = yes
        os level = 130
        preferred master = yes
        domain master = yes
        dns proxy = no
        wins support = yes
        ldap ssl = no
        keepalive = 60
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
        read raw = no
        name resolve order = lmhosts wins hosts bcast
#       passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        security = user

     passdb backend = ldapsam:ldap://127.0.0.1/
     add user script = /usr/sbin/smbldap-useradd -m "%u"
     delete user script = /usr/sbin/smbldap-userdel "%u"
     add group script = /usr/sbin/smbldap-groupadd -p "%g"
     delete group script = /usr/sbin/smbldap-groupdel "%g"
     add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
     delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
     set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
#     add machine script = /usr/sbin/smbldap-useradd -i -g 515 -w "%u"
     add machine script = /usr/sbin/smbldap-useradd -w -i "%u"

     ldap suffix = dc=ldap,dc=clemar
     ldap machine suffix = ou=Computadores
     ldap user suffix = ou=Usuarios
     ldap group suffix = ou=Grupos
     ldap idmap suffix = ou=Idmap
     ldap admin dn = cn=tecjump,dc=ldap,dc=clemar
     idmap backend = ldap:ldap://127.0.0.1
#     idmap uid = 10000-20000
#     idmap gid = 10000-20000



admin users = administrador root

#winbind enum users = yes
#winbind enum groups = yes


        ### ACL
        inherit acls = Yes
        map acl inherit = Yes
        nt acl support = yes
        #inherit permissions = Yes
        #acl compatibility = win2k

#### Erro "Unable to unmarshall SAMR_Q_SET_USERINFO"
#profile acls = yes
####




[homes]
        comment = Diretorio de Usuarios
        read only = No
        create mask = 0700
        browseable = Yes

#[netlogon]
#       path = /home/samba/netlogon
#       guest ok = Yes


#[profiles]
#    path = /home/samba/profiles
#    browseable = no
#    read only = no
#    guest ok = yes
#    writable = yes
#    directory mask = 0700
#    create mask = 0600
#    profile acls = yes
#    nt acl support = yes
#    csc policy = disable
#    force user = %U
#    valid users = %U @"Domain Admins"


[dados]
        comment = DADOS Compartilhados do Servidor
        path = /arquivos/dados
        browseable = yes
        public = yes
        read only = no
        writable = yes
#       force user = administrador
#        force group = 512
#       create mask = 0770
#       directory mask = 0770


[pasta]
        comment = DADOS Compartilhados do Servidor
        path = /home/PASTA
        browseable = yes
        public = yes
        read only = no
        writable = yes
#       force user = administrador
#        force group = 512
#       create mask = 0770
#       directory mask = 0770
        ### ACL
        #inherit acls = Yes
        #map acl inherit = Yes
        #nt acl support = yes
        #inherit permissions = Yes
        #acl compatibility = win2k






Grato,
########################################
#!/bin/bash
nome="Sergio Cioban Filho"
cargo="Administrador Linux"
email="sergio em tecjump.com.br"
certificacao="Linux Professional Institute - Level 1"
export nome cargo email certificacao
exit 0
########################################
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://listman.redhat.com/archives/fedora-users-br/attachments/20060725/82bbac00/attachment.htm>


Mais detalhes sobre a lista de discussão Fedora-users-br