Debian-facile

Bienvenue sur Debian-Facile, site d'aide pour les nouveaux utilisateurs de Debian.

Vous n'êtes pas identifié(e).

#1 16-05-2009 15:04:42

jun
Membre
Inscription : 16-05-2009

Controlleur de domaine Ldap / Samba

Bonjour a tous,

Voila j'ai un petit probleme, je configure actuellement un serveur Debian Lenny dans un reseau Windows XP. C'est l'unique serveur du reseau.

Mon serveur gere d'ores et deja DHCP et DNS, et je m'attaque maintenant a SAMBA.
J'ai eu l'idee de mettre en place un annuaire Ldap avant de configurer SAMBA, pour que SAMBA et les autres outils que je vais installer par la suite (Squid, etc...) dispose d'une seule et meme base de comptes.

Voici mon fichier slapd.conf :

[c][small]# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

#######################################################################
# Global Directives:


# Features to permit
allow bind_v2

# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/samba.schema


# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        none

# Where the dynamically loaded modules are stored
modulepath    /usr/lib/ldap
moduleload    back_bdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend        bdb

#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend        <other>

#######################################################################
# Specific Directives for database #1, of type hdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database        bdb

# The base of your directory in database #1
suffix dc=nkb,dc=com

rootdn cn=nkbadmin,dc=nkb,dc=com

# for syncrepl.
# rootdn          "cn=nkbadmin,dc=nkb,dc=com"

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0


# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index           objectClass eq

# Save the time that the entry gets modified, for database #1
lastmod         on

# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint      512 30

# Where to store the replica logs for database #1
# replogfile    /var/lib/ldap/replog


#######################################################################
# Specific Directives for database #2, of type 'other' (can be hdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database        <other>

# The base of your directory for database #2
#suffix        "dc=debian,dc=org"
rootpw kiemnkbarchi[/small][/c]


Voici mon fichier smb.conf :

[small][c][global]
workgroup = NKB
netbios name = nkbserver
server string = Samba-LDAP PDC Server
domain master = Yes
local master = Yes
domain logons = Yes
os level = 40
#passwd program = /usr/sbin/smbldap-passwd ?u %u
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=nkbadmin,dc=nkb,dc=com
ldap suffix = dc=nkb,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=users
#ldap machine suffix = ou=Machines
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = no
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
logon path = \\%L\profile\%U
logon drive = P:
logon home = \\%L\%U
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
case sensitive = No
default case = lower
preserve case = yes
short preserve case = Yes
#character set = iso8859-1
#domain admin group = @admin
dns proxy = No
wins support = Yes
hosts allow = 192.168.1. 127.
winbind use default domain = Yes
nt acl support = Yes
msdfs root = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
### FIN DE LA PARTIE GLOBALE #####
#### LES PARTAGES #####
[netlogon]
path = /home/netlogon
writable = No
browseable = No
write list = Administrateur
#
[profile]
path = /home/export/profile
browseable = No
writeable = Yes
profile acls = yes
create mask = 0700
directory mask = 0700
#
[homes]
comment = Repertoire Personnel
browseable = No
writeable = Yes
#
[partage]
comment = NKB Library
browseable = Yes
writeable = Yes
public = No
path = /media/DiskE/NKBLibrary[/c][/small]

Et voici un extrait du fichier ldif, source de mon annuaire :

[c][small]#Entry 1 : Oranization
dn: dc=nkb,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: nkb.com
dc: nkb

#Entry 2 : Admin
dn: cn=nkbadmin,dc=nkb,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: nkbadmin
userPassword: kiemnkbarchi

#Entry 3 : Users
dn: ou=users,dc=nkb,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users

#Entry 4 : Groups
dn: ou=groups,dc=nkb,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups

#Entry 5 : Denis LaMalice
dn: uid=dlamalice,ou=users,dc=nkb,dc=com
objectClass: inetOrgPerson
objectClass: top
uid: dlamalice
cn: dlamalice
sn: Denis LaMalice
userPassword: 5P8LYKBK
mobile: 0.***.128***
mail: dlamalice@nkb-archi.com

# Entry 47: General Directors
dn: cn=dg,ou=groups,dc=nkb,dc=com
cn: dg
objectClass: groupOfNames
objectClass: top
description: General Directors
member: uid=dlamalice,ou=users,dc=nkb,dc=com[/small]
[/c]


Le souci avec tout ca, est que je n'arrive pas a dire a Samba d'utiliser les users et les groupes de mon annuaire Ldap comme utilisateurs et groupes Samba.

Je suppose que les classes de mes entrees Ldap ne sont pas correctes pour Samba, mais par quoi les remplacer ?

D'avance merci,

Jun.

Hors ligne

#2 06-06-2009 21:23:04

chiwawa
Membre
Distrib. : Débian Satable
Noyau : Celui présent dans la dernière stable
(G)UI : Gnome 3
Inscription : 18-04-2009

Re : Controlleur de domaine Ldap / Samba

juste une question, si tu n'as pas régler déjà ton problème, tu à installer la paquet : smbldap-tools.noarch : User and group administration tools for Samba/OpenLDAP

install le sinon déjà.

Tous mes PC sont sous Débian maintenant.
Poste mobile => ASUS M51S.
Poste fixe => PROC AMD double cœur + 4 go de ram + 3 disques en raid 5 + disque système (un jour ce sera un ssd promis).

Hors ligne

Pied de page des forums