Topic: Samba for PDC, giúp mình cấu hình samba với
Chào cả nhà,
Mình đang setup PDC (Open LDAP và SAMBA)
Distro: CentOS 5.3 kernel: 2.6.18-128.2.1.el5
Samba
# rpm -qa | grep samba
samba-common-3.0.33-3.7.el5_3.1
samba_client-3.0.33-3.7.el5_3.1
samba_swat-3.0.33-3.7.el5_3.1
samba-3.0.33-3.7.el5_3.1Mình đã cấu hình LDAP server
/etc/openldap/slapd.conf
Nhưng khi cấu hình samba, sau khi start 1 thời gian sau samba dead
# service smb start
Starting SMB services [OK]
Starting NMB services [OK]
# service smb status
smbd dead but pid file exits
nmbd (pid 3280 3278) is running...Đã thử xoá 2 file smbd.pid và nmbd.pid trong /var/run/
Start SMB lại 1 thời gian sau vẫn như cũ
Test cấu hình smb
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[sysvol]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[Documents]"
Loaded services file OK.
WARNING: Your 'passdb backend' configuration includes multiple backends. This is deprecated since Samba 3.0.23. Please check WHATSNEW.txt or the section 'Passdb Changes' from the ChangeNotes as part of Samba HOWTO collection. Only the first backend (ldapsam:ldap://pdc-svr.domain.com/) is uesd. The rest is ignored.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions- Tại sao lại co WARNING như vậy??
Đây là nội dung smb.conf và smbd log
# # Primary Domain Controller smb.conf
# # Global parameters
[global]
unix charset = LOCALE
workgroup = DOMAIN.COM
netbios name = PDC-SVR
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://pdc-svr.domain.com/
enable privileges = Yes
username map = /etc/samba/smbusers
guest account = root
log level = 10
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon script = scripts\logon.bat
logon path = \\pdc-svr\profiles\%U
logon drive = X:
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
# peformance optimization all users stored in ldap
ldapsam:trusted = yes
ldap suffix = dc=dmain,dc=com
ldap machine suffix = ou=Computers,ou=Users
ldap user suffix = ou=People,ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=domain,dc=com
idmap backend = ldap://pdc-svr.domain.com
idmap uid = 10000-20000
idmap gid = 10000-20000
# printer admin = root
printing = cups
#========================Share Definitions=========================
[homes]
comment = Home Directories
valid users = %S
browseable = yes
writable = yes
create mask = 0600
directory mask = 0700
[sysvol]
path = /data/samba/sysvol
read only = no
[netlogon]
comment = Network Logon Service
path = /data/samba/sysvol/greystonevn.com/scripts
writeable = yes
browseable = yes
read only = no
[profiles]
path = /data/samba/profiles
writeable = yes
browseable = no
read only = no
create mode = 0777
directory mode = 0777
[Documents]
comment = share to test samba
path = /data/documents
writeable = yes
browseable = yes
read only = no
valid users = "@Domain Users"SMBD log
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/07/30 13:15:58, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2009/07/30 13:15:58, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/07/30 13:15:58, 5] lib/smbldap.c:smbldap_search_ext(1182)
smbldap_search_ext: base => [ou=Groups,dc=domain,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2]
[2009/07/30 13:15:58, 10] lib/smbldap.c:smbldap_search_ext(1246)
Failed search for base: ou=Groups,dc=domain,dc=com, error: 32 (No such object) ()
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/07/30 13:15:58, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1287)
LEGACY: mapping failed for sid S-1-5-32-544
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/07/30 13:15:58, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/07/30 13:15:58, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2009/07/30 13:15:58, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/07/30 13:15:58, 5] lib/smbldap.c:smbldap_search_ext(1182)
smbldap_search_ext: base => [ou=Groups,dc=domain,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
[2009/07/30 13:15:58, 10] lib/smbldap.c:smbldap_search_ext(1246)
Failed search for base: ou=Groups,dc=domain,dc=com, error: 32 (No such object) ()
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/07/30 13:15:58, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1287)
LEGACY: mapping failed for sid S-1-5-32-545
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/07/30 13:15:58, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/07/30 13:15:58, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2009/07/30 13:15:58, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/07/30 13:15:58, 5] lib/smbldap.c:smbldap_search_ext(1182)
smbldap_search_ext: base => [ou=Groups,dc=domain,dc=com], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-22-1-0)(sambaSIDList=S-1-5-32-544)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)))], scope => [2]
[2009/07/30 13:15:58, 10] lib/smbldap.c:smbldap_search_ext(1246)
Failed search for base: ou=Groups,dc=domain,dc=com, error: 32 (No such object) ()
[2009/07/30 13:15:58, 10] auth/auth_util.c:add_aliases(708)
pdb_enum_alias_memberships failed: NT_STATUS_UNSUCCESSFUL
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/07/30 13:15:58, 10] lib/util_seaccess.c:se_access_check(233)
se_access_check: requested access 0x000f003f, for NT token with 3 entries and first sid S-1-1-0.
[2009/07/30 13:15:58, 3] lib/util_seaccess.c:se_access_check(250)
[2009/07/30 13:15:58, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-7
se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f
se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026
[2009/07/30 13:15:58, 5] lib/util_seaccess.c:se_access_check(314)
se_access_check: access (f003f) denied.
[2009/07/30 13:15:58, 10] registry/reg_db.c:regdb_close(308)
regdb_close: decrementing refcount (1)
[2009/07/30 13:15:58, 0] services/services_db.c:svcctl_init_keys(420)
svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED)
[2009/07/30 13:15:58, 10] registry/reg_db.c:regdb_close(308)
regdb_close: decrementing refcount (0)
[2009/07/30 13:15:58, 10] printing/nt_printing.c:update_c_setprinter(720)
update_c_setprinter: c_setprinter = 0
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/07/30 13:15:58, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/07/30 13:15:58, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2009/07/30 13:15:58, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/07/30 13:15:58, 6] passdb/pdb_interface.c:pdb_getsampwsid(281)
pdb_getsampwsid: Building guest account
[2009/07/30 13:15:58, 10] passdb/pdb_get_set.c:pdb_set_username(581)
pdb_set_username: setting username root, was
[2009/07/30 13:15:58, 10] passdb/pdb_get_set.c:pdb_set_fullname(650)
pdb_set_full_name: setting full name root, was
[2009/07/30 13:15:58, 10] passdb/pdb_get_set.c:pdb_set_domain(604)
pdb_set_domain: setting domain domain.COM, was
[2009/07/30 13:15:58, 10] passdb/pdb_get_set.c:pdb_set_user_sid(510)
pdb_set_user_sid: setting user sid S-1-5-21-1738631279-3210576300-98868778-501
[2009/07/30 13:15:58, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-1738631279-3210576300-98868778-501 from rid 501
[2009/07/30 13:15:58, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/07/30 13:15:58, 10] lib/util_pw.c:getpwnam_alloc(76)
Got root from pwnam_cache
[2009/07/30 13:15:58, 5] lib/smbldap.c:smbldap_search_ext(1182)
smbldap_search_ext: base => [dc=domain,dc=com], filter => [(&(objectClass=sambaSamAccount)(uid=root))], scope => [2]
[2009/07/30 13:15:58, 10] lib/smbldap.c:smbldap_search_ext(1246)
Failed search for base: dc=domain,dc=com, error: 32 (No such object) ()
[2009/07/30 13:15:58, 10] auth/auth_util.c:make_server_info_sam(639)
pdb_enum_group_memberships failed: NT_STATUS_UNSUCCESSFUL
[2009/07/30 13:15:58, 0] smbd/server.c:main(1059)
ERROR: failed to setup guest info.Mong cả nhà góp ý dùm, em mò cả tuần rồi
Thanks nhiều
.