Erro ao recuperar o SID local

1

O que é bom:

O LDAP está bem e pode ser acessado com o phpLdapadmin sem problemas.
LDAP hybris95home.local contém o valor "dn = admin, dc = hybris95home, dc = local".

O que está errado:

Usar net getlocalsid fornece esta saída:

smbldap_search_domain_info: Adding domain info for RASPBERRYPI failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. pdb backend ldapsam:"ldap://raspberrypi.hybris95home.local/" did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) WARNING: Could not open passdb

Além disso, smbd não é iniciado corretamente. (Veja abaixo para mais detalhes)

Versões usadas:

SO:

Linux raspberrypi.hybris95home.local 4.4.34-v7 + # 930 SMP Qua Nov 23 15:20:41 GMT 2016 armv7l GNU / Linux (Raspbian)

Ldap:

@ (#) $ OpenLDAP: slapd (15 de abril de 2015 10:45:41) $
        buildd @ bm-wb-04: /build/openldap-omOdCq/openldap-2.4.40+dfsg/debian/build/servers/slapd

Samba:

Samba v4.2.10-Debian

Informações adicionais

/ etc / hostname

raspberrypi.hybris95home.local

/ etc / hosts

127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

127.0.1.1 raspberrypi.hybris95home.local raspberrypi

/etc/samba/smb.conf

[global]
workgroup = HYBRIS95HOME
netbios name = RASPBERRYPI
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
ldap passwd sync = Yes
passdb backend = ldapsam:"ldap://raspberrypi.hybris95home.local/"
ldap admin dn = cn=admin,dc=hybris95home,dc=local
ldap suffix = dc=hybris95home,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
logon path =
logon home =
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
case sensitive = No
default case = lower
preserve case = yes
short preserve case = Yes
socket options = TCP_NODELAY
ldap ssl = off

/etc/smbldap-tools/smbldap.conf

sambaDomain="hybris95home"
masterLDAP="RASPBERRYPI"
masterPort="389"
slaveLDAP="RASPBERRYPI"
slavePort="389"
suffix="dc=hybris95home,dc=local"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
password_hash="SSHA"
password_crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
shadowAccount="1"
defaultMaxPasswordAge="45"
userSmbHome="\PDC-SRV\%U"
userProfile="\PDC-SRV\profiles\%U"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="example.com"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

/etc/smbldap-tools/smbldap_bind.conf

slaveDN="cn=admin,dc=hybris95home,dc=local"
slavePw="HIDDEN"
masterDN="cn=admin,dc=hybris95home,dc=local"
masterPw="HIDDEN"

samba.schema

samba.schema é adicionado corretamente e reconhecido pelo phpLdapAdmin

Lançamento interativo smbd detalhado

root@raspberrypi:/usr/sbin# ./smbd --interactive --debuglevel=3
Maximum core file size limits now 16777216(soft) -1(hard)
smbd version 4.2.10-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2014
uid=0 gid=0 euid=0 egid=0
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[homes]"
adding IPC service
added interface wlan0 ip=2a01:e34:ecf8:77e0:fa9e:f79f:4f7c:c821 bcast= netmask=ffff:ffff:ffff:ffff::
added interface wlan0 ip=192.168.1.38 bcast=192.168.1.255 netmask=255.255.255.0
loaded services
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=RASPBERRYPI))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
smbldap_search_domain_info: Got no domain info entries for domain
add_new_domain_info: Adding new domain
add_new_domain_info: failed to add domain dn= sambaDomainName=RASPBERRYPI,dc=hybris95home,dc=local with: Invalid DN syntax
invalid DN
smbldap_search_domain_info: Adding domain info for RASPBERRYPI failed with NT_STATUS_UNSUCCESSFUL
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
pdb backend ldapsam:"ldap://raspberrypi.hybris95home.local/" did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)

    
por Hybris95 06.12.2016 / 15:03

1 resposta

1

Eu acho que esta linha

sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

deve ser apenas

sambaUnixIdPooldn="${sambaDomain},${suffix}"
    
por 08.12.2016 / 09:42