- PR -

smbldap-toolの設定について

1
投稿者投稿内容
nemurin
会議室デビュー日: 2003/01/20
投稿数: 2
投稿日時: 2004-11-24 21:41
Linux初心者のものですが、どなたかご存知でしたら教えてください。

<環境>
Mircalelinux V2.1
samba-3.0.5-16ml
smbldap-tools-0.8.2-16ml
openldap-clients-2.0.27-2.7.1
openldap-servers-2.0.27-2.7.1
openldap-2.0.27-2.7.1
openldap-devel-2.0.27-2.7.1
perl-Authen-SASL-2.04-2ml.noarch.rpm
perl-Convert-ASN1-0.18-2ml.noarch.rpm
perl-File-Temp-0.14-2ml.i686.rpm
perl-IO-Socket-SSL-0.95-2ml.noarch.rpm
perl-Net-SSLeay-1.25-1ml.i686.rpm
perl-Test-Simple-0.47-4ml.i686.rpm
perl-XML-NamespaceSupport-1.08-3ml.i686.rpm
perl-XML-SAX-0.12-3ml.i686.rpm
perl-ldap-0.29-2ml.noarch.rpm
libiconv-1.8


MiracleのSamba 国際化プロジェクトサイト(http://www.miraclelinux.com/technet/samba30/#download)を参考に、
Linux-samba-ldapにおけるドメイン認証システムを構築中なのですが、
smbldap-toolの設定ができないため、smbldap-populate.plを実行して
初期登録を行おうとすると以下のようなメッセージのエラーがでます。

Using builtin directory structure
adding new entry: dc=miraclelinux,dc=com
failed to add entry: Insufficient access at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 2.
adding new entry: ou=People,dc=miraclelinux,dc=com
failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 3.
adding new entry: ou=Groups,dc=miraclelinux,dc=com
failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 4.
adding new entry: ou=Computers,dc=miraclelinux,dc=com
failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 5.
adding new entry: uid=Administrator,ou=People,dc=miraclelinux,dc=com
failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 6.
adding new entry: uid=nobody,ou=People,dc=miraclelinux,dc=com
failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 7.
adding new entry: cn=Domain Admins,ou=Groups,dc=miraclelinux,dc=com
failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 8.
adding new entry: cn=Domain Users,ou=Groups,dc=miraclelinux,dc=com
failed to add entry: parent does not exist at /usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 9.
--以下省略

"Insufficient access"ということで、単純なアクセス権限の設定漏れかと思ったのですが
権限を付与してもうまくいきません。また、海外のサイトなどの同様な質問ですと、
"smbldap_conf.pm"の'binddn' and 'bindpassword'の設定と、_USERS_, _GROUPS_,_COMPUTERS_の'Users', 'Groups','Computers'への置き換えなどに注意するように指示
がされていますが、確認して実行してもうまくいきません。
簡単な間違いを犯している可能性が高いのですが、どこをチェックすればよいのか
わかりません。情報に不足があれば追記します。ご指導の程、よろしくお願いします。

<追加情報>
[root@ldap sbin]# pwd
/usr/local/sbin
[root@ldap sbin]# ls -la
合計 180
drwxr-xr-x 2 root root 4096 11月 24 15:53 ./
drwxr-xr-x 13 root root 4096 11月 24 13:02 ../
-rwxr-xr-x 1 root root 27881 11月 24 10:27 mkntpwd*
-rwxr-xr-x 1 root root 4367 11月 24 10:25 smbldap-groupadd.pl*
-rwxr-xr-x 1 root root 2324 11月 24 10:25 smbldap-groupdel.pl*
-rwxr-xr-x 1 root root 7869 11月 24 10:25 smbldap-groupmod.pl*
-rwxr-xr-x 1 root root 1884 11月 24 10:25 smbldap-groupshow.pl*
-rwxr-xr-x 1 root root 7168 11月 24 10:25 smbldap-migrate-accounts.pl*
-rwxr-xr-x 1 root root 4974 11月 24 10:25 smbldap-migrate-groups.pl*
-rwxr-xr-x 1 root root 5599 11月 24 10:25 smbldap-passwd.pl*
-rwxr-xr-x 1 root root 8995 11月 24 10:25 smbldap-populate.pl*
-rwxr-xr-x 1 root ldap 16070 11月 24 10:25 smbldap-useradd.pl*
-rwxr-xr-x 1 root root 2950 11月 24 10:25 smbldap-userdel.pl*
-rwxr-xr-x 1 root root 15085 11月 24 10:25 smbldap-usermod.pl*
-rwxr-xr-x 1 root root 1826 11月 24 10:25 smbldap-usershow.pl*
-rwxr-x-wx 1 root ldap 8517 11月 24 15:53 smbldap_conf.pm*
-rw------- 1 root root 8487 11月 24 10:30 smbldap_conf.pm.orig
-rwxr-xr-x 1 root root 18882 11月 24 10:26 smbldap_tools.pm*


○smbldap_conf.pm

##############################################################################
#
# General Configuration
#
##############################################################################

# UID and GID starting at...
$UID_START = 1000;
$GID_START = 1000;

# Put your own SID
# to obtain this number do: "net getlocalsid"
$SID='S-1-5-21-161228499-4068272738-3279649181';

##############################################################################
#
# LDAP Configuration
#
##############################################################################

# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)

# Ex: $slaveLDAP = "127.0.0.1";
$slaveLDAP = "127.0.0.1";
$slavePort = "389";

# Master LDAP : needed for write operations
# Ex: $masterLDAP = "127.0.0.1";
$masterLDAP = "127.0.0.1";
$masterPort = "389";

# Use SSL for LDAP
# If set to "1", this option will use start_tls for connection
# (you should also used the port 389)
$ldapSSL = "0";

# LDAP Suffix
# Ex: $suffix = "dc=asianux,dc=com";
$suffix = "dc=miraclelinux,dc=com";


# Where are stored Users
# Ex: $usersdn = "ou=Users,$suffix"; for ou=Users,dc=IDEALX,dc=ORG
$usersou = q(People);
$usersdn = "ou=$usersou,$suffix";

# Where are stored Computers
# Ex: $computersdn = "ou=Computers,$suffix"; for ou=Computers,dc=IDEALX,dc=ORG
$computersou = q(Computers);
$computersdn = "ou=$computersou,$suffix";

# Where are stored Groups
# Ex $groupsdn = "ou=Groups,$suffix"; for ou=Groups,dc=IDEALX,dc=ORG
$groupsou = q(Groups);
$groupsdn = "ou=$groupsou,$suffix";

# Default scope Used
#$scope = "sub";

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)
$hash_encrypt="MD5";

############################
# Credential Configuration #
############################
# Bind DN used
# Ex: $binddn = "cn=Manager,$suffix"; for cn=Manager,dc=IDEALX,dc=org
$binddn = "cn=Manager,$suffix";

# Bind DN passwd used
# Ex: $bindpasswd = 'secret'; for 'secret'
$bindpasswd = "secret";

# Notes: if using dual ldap patch, you can specify to different configuration
# By default, we will use the same DN (so it will work for standard Samba
# release)
$slaveDN = $binddn;
$slavePw = $bindpasswd;
$masterDN = $binddn;
$masterPw = $bindpasswd;

##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################

# Login defs
# Default Login Shell
# Ex: $_userLoginShell = q(/bin/bash);
$_userLoginShell = q(/bin/bash/);

# Home directory prefix (without username)
# Ex: $_userHomePrefix = q(/home/);
$_userHomePrefix = q(/home);

# Gecos
#$_userGecos = q(System User);

# Default User (POSIX and Samba) GID
#$_defaultUserGid = 513;

# Default Computer (Samba) GID
#$_defaultComputerGid = 553;

# Skel dir
#$_skeletonDir = q(/etc/skel);

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for $_defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
$_defaultMaxPasswordAge = 45;

##############################################################################
#
# SAMBA Configuration
#
##############################################################################

# The UNC path to home drives location without the username last extension
# (will be dynamically prepended)
# Ex: q(\\\\My-PDC-netbios-name\\homes) for \\My-PDC-netbios-name\homes
# Just comment this if you want to use the smb.conf 'logon home' directive
# and/or desabling roaming profiles
$_userSmbHome = q(\\\\_PDCNAME_\\homes);

# The UNC path to profiles locations without the username last extension
# (will be dynamically prepended)
# Ex: q(\\\\My-PDC-netbios-name\\profiles\\) for \\My-PDC-netbios-name\profiles
# Just comment this if you want to use the smb.conf 'logon path' directive
# and/or desabling roaming profiles
$_userProfile = q(\\\\_PDCNAME_\\profiles\\);

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: q(U:) for U:
$_userHomeDrive = q(X:);

# The default user netlogon script name
# if not used, will be automatically username.cmd
# $_userScript = q(startup.cmd); # make sure script file is edited under dos


##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################

# Allows not to use smbpasswd (if $with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer mkntpwd... most of the time, it's a wise choice
$with_smbpasswd = 1;
$smbpasswd = "/usr/bin/smbpasswd";
$mk_ntpasswd = "/usr/sbin/mkntpwd";

# those next externals commands are kept fot the migration scripts and
# for the populate script: this will be updated as soon as possible
$slaveURI = "ldap://$slaveLDAP:$slavePort";
$masterURI = "ldap://$masterLDAP:$masterPort";

$ldap_path = "/usr/bin";

if ( $ldapSSL eq "0" ) {
$ldap_opts = "-x";
} elsif ( $ldapSSL eq "1" ) {
$ldap_opts = "-x -Z";
} else {
die "ldapSSL option must be either 0 or 1.\n";
}

#$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'";
#$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI";
$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";



1;

# - The End


[ メッセージ編集済み 編集者: nemurin 編集日時 2004-11-25 09:38 ]
1

スキルアップ/キャリアアップ(JOB@IT)