无法连接到 Samba/LDAP 共享,没有明显错误

无法连接到 Samba/LDAP 共享,没有明显错误

我刚刚在 Debian Squeeze 系统上进行了初始 Samba/LDAP 配置。我在 ldap 目录中添加了一个用户并安装了 libnss-ldap。现在我可以使用新创建的用户成功登录系统,因此看来 Debian 本身在使用 LDAP 进行身份验证时没有问题。

我根据许多教程配置了 Samba,但自从配置了 LDAP 后,我就无法连接到共享。这是 smb.conf:

[global]
    workgroup = ANDROCS
    passdb backend = ldapsam:ldap://127.0.0.1/

    log level = 5
    log file = /var/log/samba/log.%m
    max log size = 100

    time server = Yes

    domain logons = Yes
    preferred master = Yes
    domain master = Yes
    wins support = No

    # LDAP
    ldap admin dn = cn=admin,dc=androcs,dc=com
    ldap group suffix = ou=group
    ldap idmap suffix = ou=Idmap
    ldap machine suffix = ou=Computers
    ldap passwd sync = Yes
    ldap suffix = dc=androcs,dc=com
    ldap user suffix = ou=Users
    ldap ssl = off

    idmap backend = ldap:ldap://127.0.0.1
    idmap uid = 10000-20000
    idmap gid = 10000-20000


# now define some shares
[technical]
    comment = Common Engineering and Technical Material
    path = /export/technical
    force group = technical
    read only = No
    create mask = 0770
    directory mask = 0770
    browseable = No

[development]
    comment = Software Development Repositories
    path = /export/development
    force group = development
    read only = No
    create mask = 0770
    directory mask = 0770
    browseable = No

[business]
    comment = Common Business Material
    path = /export/business
    force group = business
    read only = No
    create mask = 0770
    directory mask = 0770
    browseable = No

因此,我尝试使用 gnome 的“连接到服务器”功能从另一个 Debian 系统登录到共享。同时,我跟踪 syslog 的输出,结果如下:

Jul 29 11:27:34 androserve slapd[3038]: conn=1004 fd=13 ACCEPT from IP=127.0.0.1:53334 (IP=0.0.0.0:389)
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 BIND dn="cn=admin,dc=androcs,dc=com" method=128
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 BIND dn="cn=admin,dc=androcs,dc=com" mech=SIMPLE ssf=0
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 RESULT tag=97 err=0 text=
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SRCH attr=supportedControl
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(?objectClass=sambaSamAccount))"
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 fd=13 closed (connection lost)

我立即想到的一句话是:

conn=1004 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(?objectClass=sambaSamAccount))"

特别是objectClass。我是 LDAP 新手,但我将用户配置为personinetOrgPersonposixAccountshadowAccount

有人知道我应该从哪里开始吗?我可以增加日志记录级别以更好地了解问题所在吗?

谢谢!

答案1

搜索过滤器看起来可疑,因为'?'文本前面有objectClass,但这可能是翻译或粘贴错误。搜索返回零个条目(nentries=0),因为正如您所说,没有条目uidtarcuri 的一个 objectClass sambaSamAccount

相关内容