Bonjour,
j'ai donc installé Samba 3 et OpenLdap sur une machine CentOs 5.4
J'ai installer et configuré LDAP avec la configuration suivante :
/etc/openldap/slapd.conf
[code]
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=domaine"
rootdn "cn=root,dc=domaine"
rootpw {SSHA}Q0OhdODhGSFTeCL37o06TcN01nvZCGrP
password-hash {SSHA}
directory /var/lib/ldap
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub
/code
/etc/smbldap-tools/smbldap.conf
[code]
##############################################################################
#
# General Configuration
#
##############################################################################
SID="S-1-5-21-1127876569-2799973132-2733490615"
sambaDomain="domaine"
##############################################################################
#
# LDAP Configuration
#
##############################################################################
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
suffix="dc=domaine"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="3000"
##############################################################################
#
# SAMBA Configuration
#
##############################################################################
userSmbHome="\\PDC-SRV\%U"
userProfile="\\PDC-SRV\profiles\%U"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="domaine"
##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
/code
/etc/smbldap-tools/smbldap_bind.conf
[code]slaveDN="cn=root,dc=domaine"
slavePw="rootroot"
masterDN="cn=root,dc=domaine"
masterPw="rootroot"
/code
Et Samba :
[code][global]
workgroup = domaine
netbios name = PDC-SRV
security = user
enable privileges = yes
#interfaces = 192.168.5.11
server string = Samba Server %v
encrypt passwords = Yes
#pam password change = no
#obey pam restrictions = No
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = yes
ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
log level = 0
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 255
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=root,dc=domaine
#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
ldap suffix = dc=domaine
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
#ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
ldap ssl = off
nt acl support = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
/code
Le testparm est OK, le "net getlocalsid" Idem et le "smbldap-populate" Idem tous marche sans erreur.
J'ai accés a la base LDAP via PHPLdapAdmin (1.2.0.5)
Je connecte un Pc windows Xp sur le meme réseaux, je rentre le domaine, il me demande un mot de passe, je rentre root et le mots de passe et j'ai un message d'erreur.
J'ai changé la clé dans le registre de Windows.
Merci de m'aidé je ne comprend pas.
