具有远程 LDAP 身份验证的 Samba 无法正确查看用户

具有远程 LDAP 身份验证的 Samba 无法正确查看用户

我正在尝试设置由远程 LDAP 服务器验证的 samba 服务器,但遇到了一些问题,不知道如何解决。

我能够getent passwd在 samba 服务器上创建一个,并且可以看到 上的所有用户ldapserver,但是当我尝试访问\\SAMBASERVER我的 Windows 机器时,我看到了以下内容/var/log/samba/log.mywindowsbox

<...snip...>
[2012/10/19 13:05:22.449684,  2] smbd/sesssetup.c:1413(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2012/10/19 13:05:22.449692,  3] smbd/sesssetup.c:1212(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2012/10/19 13:05:22.449701,  3] smbd/sesssetup.c:1254(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/10/19 13:05:22.449717,  3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
  Got user=[lucas] domain=[BUSINESS] workstation=[MYWINDOWSBOX] len1=24 len2=24
[2012/10/19 13:05:22.449747,  3] auth/auth.c:216(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [BUSINESS]\[lucas]@[MYWINDOWSBOX] with the new password interface
[2012/10/19 13:05:22.449759,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  mapped user is: [SAMBASERVER]\[lucas]@[MYWINDOWSBOX]
[2012/10/19 13:05:22.449773,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/10/19 13:05:22.449783,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/10/19 13:05:22.449791,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/10/19 13:05:22.449922,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2012/10/19 13:05:23.001517,  3] lib/smbldap.c:1166(smbldap_connect_system)
  ldap_connect_system: successful connection to the LDAP server
[2012/10/19 13:05:23.007713,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/10/19 13:05:23.007733,  3] auth/auth_sam.c:399(check_sam_security)
  check_sam_security: Couldn't find user 'lucas' in passdb.
[2012/10/19 13:05:23.007743,  2] auth/auth.c:314(check_ntlm_password)
  check_ntlm_password:  Authentication for user [lucas] -> [lucas] FAILED with error NT_STATUS_NO_SUCH_USER
[2012/10/19 13:05:23.007760,  3] smbd/error.c:80(error_packet_set)
  error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2012/10/19 13:05:23.010469,  3] smbd/process.c:1489(process_smb)
  Transaction 3 of length 142 (0 toread)
<...snip...>

/etc/samba/smb.conf文件如下:

[global]
dos charset = 850
unix charset = LOCALE

workgroup = BUSINESS
netbios name = SAMBASERVER

bind interfaces only = true
interfaces = lo eth0 eth1
smb ports = 139
hosts deny = All
hosts allow = 192.168.78. 192.168.255. 127.0.0.1 10.149.122. 192.168.0.
name resolve order = wins bcast hosts

log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000 

domain logons = No
wins support = Yes
wins proxy = No
client ntlmv2 auth = Yes
lanman auth = Yes
ntlm auth = Yes
dns proxy = Yes
time server = Yes

security = user
encrypt passwords = Yes
obey pam restrictions = Yes
ldap password sync = Yes
unix password sync = Yes

passdb backend = ldapsam:"ldap://192.168.78.206"
ldap ssl = off
ldap admin dn = uid=root,ou=Users,dc=business,dc=intranet

ldap suffix =
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap delete dn = Yes


add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -W -t5 "%u"

idmap backend = ldap:"ldap://192.168.78.206"
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431

load printers = No
printcap name = /dev/null

map acl inherit = Yes
map untrusted to domain = Yes
enable privileges = Yes

veto files = /lost+found/ /publicftp/

因此,\\SAMBASERVER他说他找不到我的用户,但我可以通过查看getent passwd。我该怎么做才能SAMBASERVER查看和验证我的用户?

提前致谢!

答案1

我发现了问题所在。我只是把这个配置放进去了:

ldap admin dn = uid=root,ou=Users,dc=business,dc=intranet

并执行了service smb restart,我能够通过 看到所有用户smbldap-userlist。身份验证也运行正常。

相关内容