我刚刚在 Debian Squeeze 系统上进行了初始 Samba/LDAP 配置。我在 ldap 目录中添加了一个用户并安装了 libnss-ldap。现在我可以使用新创建的用户成功登录系统,因此看来 Debian 本身在使用 LDAP 进行身份验证时没有问题。
我根据许多教程配置了 Samba,但自从配置了 LDAP 后,我就无法连接到共享。这是 smb.conf:
[global]
workgroup = ANDROCS
passdb backend = ldapsam:ldap://127.0.0.1/
log level = 5
log file = /var/log/samba/log.%m
max log size = 100
time server = Yes
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = No
# LDAP
ldap admin dn = cn=admin,dc=androcs,dc=com
ldap group suffix = ou=group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=androcs,dc=com
ldap user suffix = ou=Users
ldap ssl = off
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
# now define some shares
[technical]
comment = Common Engineering and Technical Material
path = /export/technical
force group = technical
read only = No
create mask = 0770
directory mask = 0770
browseable = No
[development]
comment = Software Development Repositories
path = /export/development
force group = development
read only = No
create mask = 0770
directory mask = 0770
browseable = No
[business]
comment = Common Business Material
path = /export/business
force group = business
read only = No
create mask = 0770
directory mask = 0770
browseable = No
因此,我尝试使用 gnome 的“连接到服务器”功能从另一个 Debian 系统登录到共享。同时,我跟踪 syslog 的输出,结果如下:
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 fd=13 ACCEPT from IP=127.0.0.1:53334 (IP=0.0.0.0:389)
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 BIND dn="cn=admin,dc=androcs,dc=com" method=128
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 BIND dn="cn=admin,dc=androcs,dc=com" mech=SIMPLE ssf=0
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=0 RESULT tag=97 err=0 text=
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SRCH attr=supportedControl
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(?objectClass=sambaSamAccount))"
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jul 29 11:27:34 androserve slapd[3038]: conn=1004 fd=13 closed (connection lost)
我立即想到的一句话是:
conn=1004 op=2 SRCH base="dc=androcs,dc=com" scope=2 deref=0 filter="(&(uid=tarcuri)(?objectClass=sambaSamAccount))"
特别是objectClass。我是 LDAP 新手,但我将用户配置为person、inetOrgPerson、posixAccount和shadowAccount。
有人知道我应该从哪里开始吗?我可以增加日志记录级别以更好地了解问题所在吗?
谢谢!
答案1
搜索过滤器看起来可疑,因为'?'文本前面有objectClass,但这可能是翻译或粘贴错误。搜索返回零个条目(nentries=0),因为正如您所说,没有条目uid有tarcuri 和的一个 objectClass sambaSamAccount。