- - PR -
smbldap-toolの設定について
1
投稿者 | 投稿内容 |
---|---|
|
投稿日時: 2004-11-24 21:41
Linux初心者のものですが、どなたかご存知でしたら教えてください。
<環境> Mircalelinux V2.1 samba-3.0.5-16ml smbldap-tools-0.8.2-16ml openldap-clients-2.0.27-2.7.1 openldap-servers-2.0.27-2.7.1 openldap-2.0.27-2.7.1 openldap-devel-2.0.27-2.7.1 perl-Authen-SASL-2.04-2ml.noarch.rpm perl-Convert-ASN1-0.18-2ml.noarch.rpm perl-File-Temp-0.14-2ml.i686.rpm perl-IO-Socket-SSL-0.95-2ml.noarch.rpm perl-Net-SSLeay-1.25-1ml.i686.rpm perl-Test-Simple-0.47-4ml.i686.rpm perl-XML-NamespaceSupport-1.08-3ml.i686.rpm perl-XML-SAX-0.12-3ml.i686.rpm perl-ldap-0.29-2ml.noarch.rpm libiconv-1.8 MiracleのSamba 国際化プロジェクトサイト(http://www.miraclelinux.com/technet/samba30/#download)を参考に、 Linux-samba-ldapにおけるドメイン認証システムを構築中なのですが、 smbldap-toolの設定ができないため、smbldap-populate.plを実行して 初期登録を行おうとすると以下のようなメッセージのエラーがでます。 Using builtin directory structure adding new entry: dc=miraclelinux,dc=com failed to add entry: Insufficient access at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 2. adding new entry: ou=People,dc=miraclelinux,dc=com failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 3. adding new entry: ou=Groups,dc=miraclelinux,dc=com failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 4. adding new entry: ou=Computers,dc=miraclelinux,dc=com failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 5. adding new entry: uid=Administrator,ou=People,dc=miraclelinux,dc=com failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 6. adding new entry: uid=nobody,ou=People,dc=miraclelinux,dc=com failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 7. adding new entry: cn=Domain Admins,ou=Groups,dc=miraclelinux,dc=com failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 8. adding new entry: cn=Domain Users,ou=Groups,dc=miraclelinux,dc=com failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 9. --以下省略 "Insufficient access"ということで、単純なアクセス権限の設定漏れかと思ったのですが 権限を付与してもうまくいきません。また、海外のサイトなどの同様な質問ですと、 "smbldap_conf.pm"の'binddn' and 'bindpassword'の設定と、_USERS_, _GROUPS_,_COMPUTERS_の'Users', 'Groups','Computers'への置き換えなどに注意するように指示 がされていますが、確認して実行してもうまくいきません。 簡単な間違いを犯している可能性が高いのですが、どこをチェックすればよいのか わかりません。情報に不足があれば追記します。ご指導の程、よろしくお願いします。 <追加情報> [root@ldap sbin]# pwd /usr/local/sbin [root@ldap sbin]# ls -la 合計 180 drwxr-xr-x 2 root root 4096 11月 24 15:53 ./ drwxr-xr-x 13 root root 4096 11月 24 13:02 ../ -rwxr-xr-x 1 root root 27881 11月 24 10:27 mkntpwd* -rwxr-xr-x 1 root root 4367 11月 24 10:25 smbldap-groupadd.pl* -rwxr-xr-x 1 root root 2324 11月 24 10:25 smbldap-groupdel.pl* -rwxr-xr-x 1 root root 7869 11月 24 10:25 smbldap-groupmod.pl* -rwxr-xr-x 1 root root 1884 11月 24 10:25 smbldap-groupshow.pl* -rwxr-xr-x 1 root root 7168 11月 24 10:25 smbldap-migrate-accounts.pl* -rwxr-xr-x 1 root root 4974 11月 24 10:25 smbldap-migrate-groups.pl* -rwxr-xr-x 1 root root 5599 11月 24 10:25 smbldap-passwd.pl* -rwxr-xr-x 1 root root 8995 11月 24 10:25 smbldap-populate.pl* -rwxr-xr-x 1 root ldap 16070 11月 24 10:25 smbldap-useradd.pl* -rwxr-xr-x 1 root root 2950 11月 24 10:25 smbldap-userdel.pl* -rwxr-xr-x 1 root root 15085 11月 24 10:25 smbldap-usermod.pl* -rwxr-xr-x 1 root root 1826 11月 24 10:25 smbldap-usershow.pl* -rwxr-x-wx 1 root ldap 8517 11月 24 15:53 smbldap_conf.pm* -rw------- 1 root root 8487 11月 24 10:30 smbldap_conf.pm.orig -rwxr-xr-x 1 root root 18882 11月 24 10:26 smbldap_tools.pm* ○smbldap_conf.pm ############################################################################## # # General Configuration # ############################################################################## # UID and GID starting at... $UID_START = 1000; $GID_START = 1000; # Put your own SID # to obtain this number do: "net getlocalsid" $SID='S-1-5-21-161228499-4068272738-3279649181'; ############################################################################## # # LDAP Configuration # ############################################################################## # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Ex: $slaveLDAP = "127.0.0.1"; $slaveLDAP = "127.0.0.1"; $slavePort = "389"; # Master LDAP : needed for write operations # Ex: $masterLDAP = "127.0.0.1"; $masterLDAP = "127.0.0.1"; $masterPort = "389"; # Use SSL for LDAP # If set to "1", this option will use start_tls for connection # (you should also used the port 389) $ldapSSL = "0"; # LDAP Suffix # Ex: $suffix = "dc=asianux,dc=com"; $suffix = "dc=miraclelinux,dc=com"; # Where are stored Users # Ex: $usersdn = "ou=Users,$suffix"; for ou=Users,dc=IDEALX,dc=ORG $usersou = q(People); $usersdn = "ou=$usersou,$suffix"; # Where are stored Computers # Ex: $computersdn = "ou=Computers,$suffix"; for ou=Computers,dc=IDEALX,dc=ORG $computersou = q(Computers); $computersdn = "ou=$computersou,$suffix"; # Where are stored Groups # Ex $groupsdn = "ou=Groups,$suffix"; for ou=Groups,dc=IDEALX,dc=ORG $groupsou = q(Groups); $groupsdn = "ou=$groupsou,$suffix"; # Default scope Used #$scope = "sub"; # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) $hash_encrypt="MD5"; ############################ # Credential Configuration # ############################ # Bind DN used # Ex: $binddn = "cn=Manager,$suffix"; for cn=Manager,dc=IDEALX,dc=org $binddn = "cn=Manager,$suffix"; # Bind DN passwd used # Ex: $bindpasswd = 'secret'; for 'secret' $bindpasswd = "secret"; # Notes: if using dual ldap patch, you can specify to different configuration # By default, we will use the same DN (so it will work for standard Samba # release) $slaveDN = $binddn; $slavePw = $bindpasswd; $masterDN = $binddn; $masterPw = $bindpasswd; ############################################################################## # # Unix Accounts Configuration # ############################################################################## # Login defs # Default Login Shell # Ex: $_userLoginShell = q(/bin/bash); $_userLoginShell = q(/bin/bash/); # Home directory prefix (without username) # Ex: $_userHomePrefix = q(/home/); $_userHomePrefix = q(/home); # Gecos #$_userGecos = q(System User); # Default User (POSIX and Samba) GID #$_defaultUserGid = 513; # Default Computer (Samba) GID #$_defaultComputerGid = 553; # Skel dir #$_skeletonDir = q(/etc/skel); # Default password validation time (time in days) Comment the next line if # you don't want password to be enable for $_defaultMaxPasswordAge days (be # careful to the sambaPwdMustChange attribute's value) $_defaultMaxPasswordAge = 45; ############################################################################## # # SAMBA Configuration # ############################################################################## # The UNC path to home drives location without the username last extension # (will be dynamically prepended) # Ex: q(\\\\My-PDC-netbios-name\\homes) for \\My-PDC-netbios-name\homes # Just comment this if you want to use the smb.conf 'logon home' directive # and/or desabling roaming profiles $_userSmbHome = q(\\\\_PDCNAME_\\homes); # The UNC path to profiles locations without the username last extension # (will be dynamically prepended) # Ex: q(\\\\My-PDC-netbios-name\\profiles\\) for \\My-PDC-netbios-name\profiles # Just comment this if you want to use the smb.conf 'logon path' directive # and/or desabling roaming profiles $_userProfile = q(\\\\_PDCNAME_\\profiles\\); # The default Home Drive Letter mapping # (will be automatically mapped at logon time if home directory exist) # Ex: q(U:) for U: $_userHomeDrive = q(X:); # The default user netlogon script name # if not used, will be automatically username.cmd # $_userScript = q(startup.cmd); # make sure script file is edited under dos ############################################################################## # # SMBLDAP-TOOLS Configuration (default are ok for a RedHat) # ############################################################################## # Allows not to use smbpasswd (if $with_smbpasswd == 0 in smbldap_conf.pm) but # prefer mkntpwd... most of the time, it's a wise choice $with_smbpasswd = 1; $smbpasswd = "/usr/bin/smbpasswd"; $mk_ntpasswd = "/usr/sbin/mkntpwd"; # those next externals commands are kept fot the migration scripts and # for the populate script: this will be updated as soon as possible $slaveURI = "ldap://$slaveLDAP:$slavePort"; $masterURI = "ldap://$masterLDAP:$masterPort"; $ldap_path = "/usr/bin"; if ( $ldapSSL eq "0" ) { $ldap_opts = "-x"; } elsif ( $ldapSSL eq "1" ) { $ldap_opts = "-x -Z"; } else { die "ldapSSL option must be either 0 or 1.\n"; } #$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'"; #$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI"; $ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; #$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; #$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; #$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; #$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; 1; # - The End [ メッセージ編集済み 編集者: nemurin 編集日時 2004-11-25 09:38 ] |
1