Всем добрый день!
В сети есть прекрасная статья по настройке связки OpenLDAP + Samba PDC, все делал по инструкции, но в результате slapd не стартует.
OS: FreeBSD 6.2 i386 (на VMWare)
все ставлю из портов от 09.06.2007
ситуация такая:
В зависимости от bind_timelimit в /usr/local/etc/ldap.conf система при попытке старта slapd на это время замирает, и в итоге так и не стартует.
Ошибка такая :nss_ldap: could not search LDAP server - Server is unavailable
В гугле искал, но нашел много подобных проблем, только там после тормозов slapd у людей все же запускался и работал, а у меня нет.
Прошу о помощи
Вот конфиги:
/usr/local/etc/ldap.conf
============================================
host 127.0.0.1
port 389
ldap_version 3
base dc=mydomain,dc=local
uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/
rootbinddn cn=Manager,dc=mydomain,dc=local
scope sub
nss_base_passwd ou=Users,dc=mydomain,dc=local?one
nss_base_passwd ou=Computers,dc=mydomain,dc=local?one
nss_base_group ou=Groups,dc=mydomain,dc=local?one
ssl no
pam_password CRYPT
bind_timelimit 10
bind_policy soft
timelimit 10
logdir /var/log/usr/local/etc/smb.conf
============================================
[global]
workgroup = MYDOMAIN
server string = FreeBSD Samba Server
netbios name = BSD-SERV
enable privileges = yes
interfaces = 192.168.0.1/24
security = user
encrypt passwords = yes
obey pam restrictions = no
ldap passwd sync = yes
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000000
time server = yes
socket options = TCP_NODELAY
mangling method = hash2
display charset = koi8-r
unix charset = koi8-r
dos charset = cp866
logon script logon.cmd
logon drive = X:
logon path =
domain logons = yes
preferred master = yes
domain master = yes
local master = yes
wins support = yes
wins proxy = yes
dns proxy = no
name resolve order = lmhosts wins dns host bcast
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn= cn=Manager,dc=mydomain,dc=local
ldap suffix= dc=mydomain,dc=local
ldap user suffix= ou=Users
ldap group suffix= ou=Groups
ldap machine suffix= ou=Computers
ldap idmap suffix= ou=Users
ldap ssl=off
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
load printers = no
[homes]
comment = Home directories
browseable = No
writable = yes
public = no
valid users = %S
vfs object = recycle
recycle:repository = .лПТЪЙОБ
recycle:keeptree = Yes
recycle:touch = Yes
recycle:version = Yes
recycle:maxsize = 0
recycle:exclude = *.tmp|*.tbi|*.temp|~$*|*.~??
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon/
browseable = no
read only = yes
[Profiles]
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = yes
profile acls = yes
csc policy = disable
force user = %U
valid users = %U @"Domain Admins"
[public]
comment = пВЭЙК ТЕУХТУ
path = /home/samba/public
valid users = @"Domain Admins", @"Domain Users"
browseable = yes
guest ok = yes
read only = no
directory mask = 0777
create mask = 0666
/usr/local/etc/openldap/slapd.conf
============================================
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/local/libexec/openldap
moduleload back_ldap
moduleload back_ldbm
database ldbm
suffix "dc=mydomain,dc=local"
rootdn "cn=Manager,dc=mydomain,dc=local"
#Сгенерировать пароль /usr/local/sbin/slappasswd
rootpw {SSHA}sl7rJXuzYb8BFZJ1XvMdWQ4gEMOpqfva
directory /var/db/openldap-data
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
by dn="cn=Manager,dc=mydomain,dc=local" write
by self write
by anonymous auth
by * none
answer correctlty
access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
by dn="cn=Manager,dc=mydomain,dc=local" write
by * read
access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
by dn dn="cn=Manager,dc=mydomain,dc=local" write
by self write
by * read
access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,
sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,
sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,
sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,
sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,
sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,
sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,
sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
by dn="cn=Manager,dc=mydomain,dc=local" write
by self read
by * none
access to dn.base="dc=mydomain,dc=local"
by dn="cn=Manager,dc=mydomain,dc=local" write
by * none
access to dn="ou=Users,dc=mydomain,dc=local"
by dn="cn=Manager,dc=mydomain,dc=local" write
by * none
access to dn="ou=Groups,dc=mydomain,dc=local"
by dn="cn=Manager,dc=mydomain,dc=local" write
by * none
access to dn="ou=Computers,dc=mydomain,dc=local"
by dn="cn=Manager,dc=mydomain,dc=local" write
by * none
access to *
by self read
by * none
/usr/local/etc/ldap.secret
============================================
12345
/etc/rc.conf
============================================
slapd_enable="YES"
slapd_flags='-u ldap -g ldap -h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldaps://0.0.0.0/"'
slapd_sockets="/var/run/openldap/ldapi"
slapd_sockets_mode="777"
samba_enable="YES"
Все симлинки создал.
# ls -la /usr/local/etc
============================================
-rw-r--r-- 1 root wheel 425 Jun 12 05:40 ldap.conf
-rw------- 1 root wheel 12 Jun 12 05:06 ldap.secret
lrwxr-xr-x 1 root wheel 24 Jun 12 00:45 nss_ldap.conf -> /usr/local/etc/ldap.conf
lrwxr-xr-x 1 root wheel 26 Jun 12 05:06 nss_ldap.secret -> /usr/local/etc/ldap.secret
drwxr-xr-x 3 root wheel 512 Jun 12 00:45 openldap
drwxr-xr-x 2 root wheel 512 Jun 11 16:25 pam.d
drwxr-xr-x 2 root wheel 512 Jun 11 23:16 rc.d
drwx------ 2 root wheel 512 Jun 12 00:39 samba
-r--r--r-- 1 root wheel 2304 Jun 12 00:38 smb.conf
drwxr-xr-x 2 root wheel 512 Jun 11 23:25 smbldap-tools
#ls -la /usr/local/etc/openldap
============================================
lrwxr-xr-x 1 root wheel 24 Jun 12 00:45 ldap.conf -> /usr/local/etc/ldap.conf
lrwxr-xr-x 1 root wheel 26 Jun 12 00:45 ldap.secret -> /usr/local/etc/ldap.secret
drwxr-xr-x 2 root wheel 1024 Jun 12 04:59 schema
-rw-r--r-- 1 root wheel 19424 Jun 11 23:30 shema
-rw-r--r-- 1 ldap ldap 2758 Jun 12 05:43 slapd.conf
Вариант для распечатки
Samba, вопросы интеграции Unix и Windows (Public)
(ok) on 12-Июн-07, 19:40 
