Quick Links
openSUSE Forums
»
Howto: Sled 10 Auth To Windows Server 2003 R2 Ad
|
||||||
| Forums FAQ | Members List | Search | Today's Posts | Mark Forums Read |
| ARCHIVES - Tips, Tricks & Tweaks Tips and Solutions for SUSE Linux
(Please do not post questions here) |
|
|
|
LinkBack | Thread Tools | Display Modes |
11-Apr-2007, 12:58
|
|||
|
|||
hello again !
how was your Easter weekend? I did modify the files and played with them a bit , and i get that kind of result now: poptarts:/var/log # cat messages Apr 11 10:24:38 poptarts winbindd[28328]: [2007/04/11 10:24:38, 0] nsswitch/winbindd_dual.c:child_read_request(49) Apr 11 10:24:38 poptarts winbindd[28328]: Got invalid request length: 0 Apr 11 10:32:04 poptarts winbindd[28457]: [2007/04/11 10:32:04, 0] param/loadparm.c:map_parameter(2691) Apr 11 10:32:04 poptarts winbindd[28457]: Unknown parameter encountered: "guests" Apr 11 10:32:04 poptarts winbindd[28457]: [2007/04/11 10:32:04, 0] param/loadparm.c:lp_do_parameter(3436) Apr 11 10:32:04 poptarts winbindd[28457]: Ignoring unknown parameter "guests" Apr 11 10:32:04 poptarts winbindd[28457]: [2007/04/11 10:32:04, 0] lib/smbldap.c:smbldap_connect_system(911) Apr 11 10:32:04 poptarts winbindd[28457]: failed to bind to server ldap://willywallers.cartosherb.com with dn="cn=LDAPQUERYUSER,cn=Utilisateurs,dc=cartosherb ,dc=com" Error: Invalid credentials Apr 11 10:32:04 poptarts winbindd[28457]: 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 525, vece Apr 11 10:32:09 poptarts smbd[28468]: [2007/04/11 10:32:09, 0] param/loadparm.c:map_parameter(2691) Apr 11 10:32:09 poptarts smbd[28468]: Unknown parameter encountered: "guests" Apr 11 10:32:09 poptarts smbd[28468]: [2007/04/11 10:32:09, 0] param/loadparm.c:lp_do_parameter(3436) Apr 11 10:32:09 poptarts smbd[28468]: Ignoring unknown parameter "guests" Apr 11 10:32:19 poptarts winbindd[28457]: [2007/04/11 10:32:19, 0] sam/idmap.c:idmap_init(146) Apr 11 10:32:19 poptarts winbindd[28457]: idmap_init: failed to initialize remote backend! Apr 11 10:47:30 poptarts smbd[28510]: [2007/04/11 10:47:30, 0] lib/fault.c:fault_report(36) Apr 11 10:47:30 poptarts smbd[28510]: ================================================== ============= Apr 11 10:47:30 poptarts smbd[28510]: [2007/04/11 10:47:30, 0] lib/fault.c:fault_report(37) Apr 11 10:47:30 poptarts smbd[28510]: INTERNAL ERROR: Signal 11 in pid 28510 (3.0.22-13.27-1162-SUSE-SLES10) Apr 11 10:47:30 poptarts smbd[28510]: Please read the Trouble-Shooting section of the Samba3-HOWTO Apr 11 10:47:30 poptarts smbd[28510]: [2007/04/11 10:47:30, 0] lib/fault.c:fault_report(39) Apr 11 10:47:30 poptarts smbd[28510]: Apr 11 10:47:30 poptarts smbd[28510]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Apr 11 10:47:30 poptarts smbd[28510]: [2007/04/11 10:47:30, 0] lib/fault.c:fault_report(40) Apr 11 10:47:30 poptarts smbd[28510]: ================================================== ============= Apr 11 10:47:30 poptarts smbd[28510]: [2007/04/11 10:47:30, 0] lib/util.c:smb_panic2(1554) Apr 11 10:47:30 poptarts smbd[28510]: PANIC: internal error Apr 11 10:47:30 poptarts smbd[28510]: [2007/04/11 10:47:30, 0] lib/util.c:smb_panic2(1562) Apr 11 10:47:30 poptarts smbd[28510]: BACKTRACE: 5 stack frames: Apr 11 10:47:30 poptarts smbd[28510]: #0 /usr/sbin/smbd(smb_panic2+0x6f) [0x55555573780f] Apr 11 10:47:30 poptarts smbd[28510]: #1 /usr/sbin/smbd [0x55555572480c] Apr 11 10:47:30 poptarts smbd[28510]: #2 /lib64/libc.so.6 [0x2ab05b29ebf0] Apr 11 10:47:30 poptarts smbd[28510]: #3 /lib64/libc.so.6(fseek+0x1) [0x2ab05b2d3a01] Apr 11 10:47:30 poptarts smbd[28510]: #4 [0x555555a53188] Apr 11 10:47:30 poptarts smbd[28510]: Apr 11 10:47:51 poptarts smbd[28511]: [2007/04/11 10:47:51, 0] lib/fault.c:fault_report(36) Apr 11 10:47:51 poptarts smbd[28511]: ================================================== ============= Apr 11 10:47:51 poptarts smbd[28511]: [2007/04/11 10:47:51, 0] lib/fault.c:fault_report(37) Apr 11 10:47:51 poptarts smbd[28511]: INTERNAL ERROR: Signal 11 in pid 28511 (3.0.22-13.27-1162-SUSE-SLES10) Apr 11 10:47:51 poptarts smbd[28511]: Please read the Trouble-Shooting section of the Samba3-HOWTO Apr 11 10:47:51 poptarts smbd[28511]: [2007/04/11 10:47:51, 0] lib/fault.c:fault_report(39) Apr 11 10:47:51 poptarts smbd[28511]: Apr 11 10:47:51 poptarts smbd[28511]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Apr 11 10:47:51 poptarts smbd[28511]: [2007/04/11 10:47:51, 0] lib/fault.c:fault_report(40) Apr 11 10:47:51 poptarts smbd[28511]: ================================================== ============= Apr 11 10:47:51 poptarts smbd[28511]: [2007/04/11 10:47:51, 0] lib/util.c:smb_panic2(1554) Apr 11 10:47:51 poptarts smbd[28511]: PANIC: internal error Apr 11 10:47:51 poptarts smbd[28511]: [2007/04/11 10:47:51, 0] lib/util.c:smb_panic2(1562) Apr 11 10:47:51 poptarts smbd[28511]: BACKTRACE: 5 stack frames: Apr 11 10:47:51 poptarts smbd[28511]: #0 /usr/sbin/smbd(smb_panic2+0x6f) [0x55555573780f] Apr 11 10:47:51 poptarts smbd[28511]: #1 /usr/sbin/smbd [0x55555572480c] Apr 11 10:47:51 poptarts smbd[28511]: #2 /lib64/libc.so.6 [0x2ab05b29ebf0] Apr 11 10:47:51 poptarts smbd[28511]: #3 /lib64/libc.so.6(fseek+0x1) [0x2ab05b2d3a01] Apr 11 10:47:51 poptarts smbd[28511]: #4 [0x555555a53188] Apr 11 10:47:51 poptarts smbd[28511]: --- looks like a Samba internal error and i can't find any info in the official Samba documentation. and nice post in RH forums. i am just thinking... Even if we paid for the Server version of SUSE, should i just switch to another distro and make this misery end for me??? |
|
11-Apr-2007, 18:16
|
|||
|
|||
|
Ghys,
Easter was great!! Thanks! Did a bit of snow skiing on Saturday too, so that was fun. As for the winbind error concerning "guests", that may be related to the "usershare allow guests = no" directive in the /etc/smb.conf. Try using the command "testparm" to test your smb.conf file and show any related errors. As for the /etc/ldap.conf file, please disregard my previuos posting as that configuration is specific to Windows Server 2003 R2 version. Sorry for the misdirection on that. I really haven't tested this whole thing on plain vanilla Server 2003 (non-R2) version so if I get a chance to do that I'll let you know what I come up with. The major difference that I know of for 2003 vs. 2003 R2 is that with R2 the AD schema has the Unix Attributes built-in to the AD schema, whereas the plain 2003 version needs Services For Unix to be installed to extend the schema. So this is why the ldap.conf mappings will be different. I'll do some looking around to see what I can come up with in terms of how to map to Server 2003 non-R2 and post what I find. The search term I'm using on the Internet is "ldap.conf for SFU". Example ldap.conf for Windows Server 2003 with SFU (untested by me at this time): ######### #/etc/ldap.conf for connection with SFU ######### host 10.10.10.5 #ip addr of Windows Server 2003 base cn=Users,dc=coolcompany,dc=com binddn cn=cool-ldap-user,cn=Users, dc=coolcompany,dc=com bindpw somepassword scope sub ssl no nss_base_passwd cn=Users,dc=coolcompany,dc=com?sub nss_base_shadow cn=Users,dc=coolcompany,dc=com?sub nss_base_group cn=Users,dc=coolcompany,dc=com?sub nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute uidNumber msSFU30UidNumber nss_map_attribute gidNumber msSFU30GidNumber nss_map_attribute loginShell msSFU30LoginShell nss_map_attribute gecos name nss_map_attribute userPassword msSFU30Password nss_map_attribute homeDirectory msSFU30HomeDirectory nss_map_objectclass posixGroup Group nss_map_attribute uniqueMember msSFU30PosixMember nss_map_attribute cn cn pam_login_attribute sAMAccountName pam_filter objectclass=user pam_member_attribute msSFU30PosixMember pam_groupdn cn=unixusergroup,dc=lanrx,dc=com pam_password ad Checkout this link for more information: http://enterprise.linux.com/print.pl.../12/09/2318244 Happy LDAPing Shannon |
|
14-Jun-2007, 05:26
|
|||
|
|||
|
Shannon,
thanks for your very detailed and straightforward HOWTO Article. I've been using NIS on the UNIX side to authenticate Windows/AD users, with SFU 3.5 on our domain controllers. Now our domain admins are trying to convince me to drop NIS altogether in favor of PAM/LDAP. They claim that this should be very easy and straightforward, but no luck so far. One of their claims is that pam_ldap should be all that's necessary; no Kerberos, Samba or Winbind involved. However, so far all of the instructions I have been able to find on this topic require at least two out of those three. But still the domain admin who is trying to help me to get this working insists that these should only be necessary when Windows shares need to be mounted from Linux, which is not the case in our environment. All Linux users have a home directory on an NFS share; what I need is just a replacement for NIS to get users authenticated and have their uids and gids resolved against AD. Our environment: Linux machines running SLES10, AD domain using W2003 domain controllers, SFU 3.5 schema extensions in place. Any idea of how to get this running using just plain LDAP? Regards, Richard |
h34r:
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
© 2007 Novell, Inc. All Rights Reserved.
This site uses the YAML CSS framework.
All times are GMT -6. The time now is 20:49.
About openSUSE | Disclaimers | Feedback
About openSUSE | Disclaimers | Feedback
