Discussion :

[dimii]

Bonjour a tous,

J'essaie d'installer OpenLdap en contrôleur de domaine couplé avec Samba, cependant j'ai un problème.
En effet lorsque j'essaie d'ajouter un groupe j'ai le message d'erreur suivant :

No such object at /usr/share/perl5/smbldap_tools.pm line 454.

J'ai cherché un peu partout, j'ai regarder des exemples de smbldap.conf et je ne trouve pas la solution a mon problème ...

En espérant que vous pourrez m'aider ... :grin:

Je vous mets en dessous les fichier de config :

smbldap.conf :

# $Source: /opt/cvs/samba/smbldap-tools/configure.pl,v
# smbldap-tools.conf : Q & D configuration file for smbldap-tools

# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.

# Purpose :
# . be the configuration file for all smbldap-tools scripts

##############################################################################
#
# General Configuration
#
##############################################################################

# Put your own SID. To obtain this number do: "net getlocalsid".
# If not defined, parameter is taking from "net getlocalsid" return
SID="S-1-5-21-1832087512-763905416-3676029977"

# Domain name the Samba server is in charged.
# If not defined, parameter is taking from smb.conf configuration file
# Ex: sambaDomain="IDEALX-NT"
sambaDomain="longwy"

##############################################################################
#
# LDAP Configuration
#
##############################################################################

# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)

# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
slaveLDAP="192.168.0.200"

# Slave LDAP port
# If not defined, parameter is set to "389"
slavePort="389"

# Master LDAP server: needed for write operations
# Ex: masterLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
masterLDAP="192.168.0.200"

# Master LDAP port
# If not defined, parameter is set to "389"
masterPort="389"

# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
# If not defined, parameter is set to "1"
ldapTLS="0"

# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify=""

# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile=""

# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert=""

# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey=""

# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=longwy,dc=local"

# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=Users,${suffix}"

# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
computersdn="ou=Computers,${suffix}"

# Where are stored Groups
# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
groupsdn="ou=Groups,${suffix}"

# Where are stored Idmap entries (used if samba is a domain member server)
# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
idmapdn="ou=Idmap,${suffix}"

# Where to store next uidNumber and gidNumber available for new users and groups
# If not defined, entries are stored in sambaDomainName object.
# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
sambaUnixIdPooldn="sambaDomainName=longwy,${suffix}"

# Default scope Used
scope="sub"

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt="MD5"

# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
crypt_salt_format=""

##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################

# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"

# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"

# Default mode used for user homeDirectory
userHomeDirectoryMode="700"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="513"

# Default Computer (Samba) GID
defaultComputerGid="515"

# Skel dir
skeletonDir="/etc/skel"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"

##############################################################################
#
# SAMBA Configuration
#
##############################################################################

# The UNC path to home drives location (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
# Ex: userSmbHome="\\PDC-SMB3\%U"
userSmbHome="\\SRVPDC\%U"

# The UNC path to profiles locations (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
# Ex: userProfile="\\PDC-SMB3\profiles\%U"
userProfile="\\SRVPDC\profiles\%U"

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: userHomeDrive="H:"
userHomeDrive="H:"

# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: userScript="startup.cmd" # make sure script file is edited under dos
userScript="logon.bat"

# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain="idealx.com"
mailDomain=""

##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################

# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

# comment out the following line to get rid of the default banner
# no_banner="1"

smbldap_bind.conf :

############################
# Credential Configuration #
############################
# Notes: you can specify two differents configuration if you use a
# master ldap for writing access and a slave ldap server for reading access
# By default, we will use the same DN (so it will work for standard Samba
# release)
slaveDN="cn=admin,dc=longwy,dc=local"
slavePw="monmdp"
masterDN="cn=admin,dc=longwy,dc=local"
masterPw="monmdp"

smb.conf :

[global]
workgroup = longwy
netbios name = SRVPDC
security = user
server string = Samba Server %v

encrypt passwords = Yes
ldap passwd sync = yes

passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

log level = 3
syslog = 3
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Dos charset = CP932
Unix charset = UTF-8
domain logons = Yes
domain master = Yes
local master = Yes
logon home = \\SRVPDC\%U
logon path = \\SRVPDC\profiles\%U
logon script = logon.bat
logon drive = H:
os level = 65
preferred master = Yes
dns proxy = no
wins support = yes
passdb backend = ldapsam:ldap://192.168.0.200/


ldap admin dn = cn=admin,dc=longwy,dc=local
ldap suffix = dc=longwy,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers

add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

ldap ssl = no
create mask = 0640
directory mask = 0750
guest account = nobody
map to guest = Bad User

[homes]
comment = Dossiers personnels
browseable = no
writable = yes
guest ok = no
valid users = %U, longwy\%U

[netlogon]
path = /home/netlogon/%G
browseable = No
read only = yes
guest ok = no

[profiles]
comment = profils itinerants
path = /home/profiles
browseable = no
writable = yes
guest ok = no
create mask = 0700
directory mask = 0700
valid users = %U, longwy\%U

[public]
comment = Dossier public
path = /home/public
writable = yes
public = yes
create mask = 0777
directory mask = 0777

[Tsukaniki]

Quelle commande tapes tu pour ajouter un groupe ?
L'ajout d'utilisateur fonctionne ?

[dimii]

Bonjour Tsukaniki,

Pour ajouter un groupe, j'utilise la commande :

smbldap-groupadd -a Groupe test

Et la création d'utilisateur ne fonctionne pas non plus ...

smbldap-useradd -a -c "Pierre Dupont" -m -P pdupont

Ça me met :

failed to perform search;no such object at /usr/share/perl5/smbldap_tools.pm line 426.
Error looking for next uid in sambadomainname=longwy,dc=local:no such object at /usr/share/perl5/smbldap_tools.pm line 1174

En te remerciant de l'aide que tu m'apporte ... Je reste a disposition pour tout renseignement complémentaire

[Tsukaniki]

Tu as déjà des utilisateurs/groupes d'ajoutés à LDAP ?
As-tu bien défini le mot de passe admin via la commande "smbpasswd -w tonmotdepasse" ? (optionellement, et de façon plus sécurisée: "smbpasswd -W" puis ton mot de passe)

Essaye ton compte admin avec la commande "ldapsearch -H ldaps:/// -D cn=admin,dc=longwy,dc=local -b dc=longwy,dc=local -W"
Rentre ton mot de passe admin et regarde si ça t'affiche des résultats.

[dimii]

Non je n'est pas encore d'utilisateur/groupe d'ajouter a LDAP. En revanche, j'ai bien défini un mot de passe avec la commande "smbpasswd -W"

Par contre, lorsque je rentre la commande "ldapsearch -H ldaps:/// -D cn=admin,dc=longwy,dc=local -b dc=longwy,dc=local -W", aucun mot de passe ne m'est demandé et j'ai tout ca d'afficher :

root@SRVPDC:/etc/smbldap-tools# ###########################################################################
root@SRVPDC:/etc/smbldap-tools# ###
root@SRVPDC:/etc/smbldap-tools# #
root@SRVPDC:/etc/smbldap-tools# # LDAP Configuration
root@SRVPDC:/etc/smbldap-tools# #
#
root@SRVPDC:/etc/smbldap-tools# ###########################################################################
root@SRVPDC:/etc/smbldap-tools# ###
root@SRVPDC:/etc/smbldap-tools# # Notes: to use to dual ldap servers backend for Samba, you must patch
root@SRVPDC:/etc/smbldap-tools# # Samba with the dual-head patch from IDEALX. If not using this patch
root@SRVPDC:/etc/smbldap-tools# # just use the same server for slaveLDAP and masterLDAP.
root@SRVPDC:/etc/smbldap-tools# # Those two servers declarations can also be used when you have
root@SRVPDC:/etc/smbldap-tools# # . one master LDAP server where all writing operations must be done
root@SRVPDC:/etc/smbldap-tools# # . one slave LDAP server where all reading operations must be done
root@SRVPDC:/etc/smbldap-tools# # (typically a replication directory)
root@SRVPDC:/etc/smbldap-tools# # Slave LDAP server
root@SRVPDC:/etc/smbldap-tools# # Ex: slaveLDAP=127.0.0.1
root@SRVPDC:/etc/smbldap-tools# # If not defined, parameter is set to "127.0.0.1"
root@SRVPDC:/etc/smbldap-tools# slaveLDAP="192.168.5.149"
o
root@SRVPDC:/etc/smbldap-tools# # Slave LDAP port
root@SRVPDC:/etc/smbldap-tools# # If not defined, parameter is set to "389"
root@SRVPDC:/etc/smbldap-tools# slavePort="389"
root@SRVPDC:/etc/smbldap-tools# # Master LDAP server: needed for write operations
root@SRVPDC:/etc/smbldap-tools# # Ex: masterLDAP=127.0.0.1
root@SRVPDC:/etc/smbldap-tools# # If not defined, parameter is set to "127.0.0.1"
root@SRVPDC:/etc/smbldap-tools# masterLDAP="192.168.5.149"
root@SRVPDC:/etc/smbldap-tools# # Master LDAP port
root@SRVPDC:/etc/smbldap-tools# # If not defined, parameter is set to "389"
root@SRVPDC:/etc/smbldap-tools# masterPort="389"
root@SRVPDC:/etc/smbldap-tools# # Use TLS for LDAP
root@SRVPDC:/etc/smbldap-tools# # If set to 1, this option will use start_tls for connection
root@SRVPDC:/etc/smbldap-tools# # (you should also used the port 389)
root@SRVPDC:/etc/smbldap-tools# # If not defined, parameter is set to "1"
root@SRVPDC:/etc/smbldap-tools# 24
bash: 24 : commande introuvable
root@SRVPDC:/etc/smbldap-tools# ldapTLS="0"
root@SRVPDC:/etc/smbldap-tools# # How to verify the server's certificate (none, optional or require)
root@SRVPDC:/etc/smbldap-tools# # see "man Net::LDAP" in start_tls section for more details
root@SRVPDC:/etc/smbldap-tools# verify=""
root@SRVPDC:/etc/smbldap-tools# # CA certificate
root@SRVPDC:/etc/smbldap-tools# # see "man Net::LDAP" in start_tls section for more details
root@SRVPDC:/etc/smbldap-tools# cafile=""
root@SRVPDC:/etc/smbldap-tools# # certificate to use to connect to the ldap server
root@SRVPDC:/etc/smbldap-tools# # see "man Net::LDAP" in start_tls section for more details
root@SRVPDC:/etc/smbldap-tools# clientcert=""
root@SRVPDC:/etc/smbldap-tools# # key certificate to use to connect to the ldap server
root@SRVPDC:/etc/smbldap-tools# # see "man Net::LDAP" in start_tls section for more details
root@SRVPDC:/etc/smbldap-tools# clientkey=""
root@SRVPDC:/etc/smbldap-tools# # LDAP Suffix
root@SRVPDC:/etc/smbldap-tools# # Ex: suffix=dc=IDEALX,dc=ORG
root@SRVPDC:/etc/smbldap-tools# suffix="dc=clininfo,dc=local"
root@SRVPDC:/etc/smbldap-tools# # Where are stored Users
root@SRVPDC:/etc/smbldap-tools# # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
root@SRVPDC:/etc/smbldap-tools# # Warning: if 'suffix' is not set here, you must set the full dn for usersdn
root@SRVPDC:/etc/smbldap-tools# usersdn="ou=Users,${suffix}"
root@SRVPDC:/etc/smbldap-tools# # Where are stored Computers
root@SRVPDC:/etc/smbldap-tools# # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
root@SRVPDC:/etc/smbldap-tools# # Warning: if 'suffix' is not set here, you must set the full dn for computersdn
root@SRVPDC:/etc/smbldap-tools# computersdn="ou=Computers,${suffix}"
root@SRVPDC:/etc/smbldap-tools# # Where are stored Groups
root@SRVPDC:/etc/smbldap-tools# # Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
root@SRVPDC:/etc/smbldap-tools# # Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
root@SRVPDC:/etc/smbldap-tools# groupsdn="ou=Groups,${suffix}"
root@SRVPDC:/etc/smbldap-tools# # Where are stored Idmap entries (used if samba is a domain member server)
root@SRVPDC:/etc/smbldap-tools# # Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
root@SRVPDC:/etc/smbldap-tools# # Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
root@SRVPDC:/etc/smbldap-tools# idmapdn="ou=Idmap,${suffix}"
root@SRVPDC:/etc/smbldap-tools# # Where to store next uidNumber and gidNumber available for new users and groups
root@SRVPDC:/etc/smbldap-tools# # If not defined, entries are stored in sambaDomainName object.
root@SRVPDC:/etc/smbldap-tools# # Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
root@SRVPDC:/etc/smbldap-tools# # Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
root@SRVPDC:/etc/smbldap-tools# 25
bash: 25 : commande introuvable
root@SRVPDC:/etc/smbldap-tools# sambaUnixIdPooldn="sambaDomainName=clininfo,${suffix}"
root@SRVPDC:/etc/smbldap-tools# # Default scope Used
root@SRVPDC:/etc/smbldap-tools# scope="sub"
root@SRVPDC:/etc/smbldap-tools# # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
root@SRVPDC:/etc/smbldap-tools# hash_encrypt="MD5"
root@SRVPDC:/etc/smbldap-tools# # if hash_encrypt is set to CRYPT, you may set a salt format.
root@SRVPDC:/etc/smbldap-tools# # default is "%s", but many systems will generate MD5 hashed
root@SRVPDC:/etc/smbldap-tools# # passwords if you use "$1$%.8s". This parameter is optional!
root@SRVPDC:/etc/smbldap-tools# crypt_salt_format=""
root@SRVPDC:/etc/smbldap-tools# ###########################################################################
root@SRVPDC:/etc/smbldap-tools# ###
root@SRVPDC:/etc/smbldap-tools# #
root@SRVPDC:/etc/smbldap-tools# # Unix Accounts Configuration
root@SRVPDC:/etc/smbldap-tools# #
root@SRVPDC:/etc/smbldap-tools# ###########################################################################
root@SRVPDC:/etc/smbldap-tools# ###
root@SRVPDC:/etc/smbldap-tools# # Login defs
root@SRVPDC:/etc/smbldap-tools# # Default Login Shell
root@SRVPDC:/etc/smbldap-tools# # Ex: userLoginShell="/bin/bash"
root@SRVPDC:/etc/smbldap-tools# userLoginShell="/bin/bash"
root@SRVPDC:/etc/smbldap-tools# # Home directory
root@SRVPDC:/etc/smbldap-tools# # Ex: userHome="/home/%U"
root@SRVPDC:/etc/smbldap-tools# userHome="/home/%U"
root@SRVPDC:/etc/smbldap-tools# # Default mode used for user homeDirectory
root@SRVPDC:/etc/smbldap-tools# userHomeDirectoryMode="700"
root@SRVPDC:/etc/smbldap-tools# # Gecos
root@SRVPDC:/etc/smbldap-tools# userGecos="System User"
root@SRVPDC:/etc/smbldap-tools# # Default User (POSIX and Samba) GID
root@SRVPDC:/etc/smbldap-tools# defaultUserGid="513"
root@SRVPDC:/etc/smbldap-tools# # Default Computer (Samba) GID
root@SRVPDC:/etc/smbldap-tools# defaultComputerGid="515"
root@SRVPDC:/etc/smbldap-tools# # Skel dir
root@SRVPDC:/etc/smbldap-tools# skeletonDir="/etc/skel"
root@SRVPDC:/etc/smbldap-tools# # Default password validation time (time in days) Comment the next line if
root@SRVPDC:/etc/smbldap-tools# 26
bash: 26 : commande introuvable
root@SRVPDC:/etc/smbldap-tools# # you don't want password to be enable for defaultMaxPasswordAge days (be
root@SRVPDC:/etc/smbldap-tools# # careful to the sambaPwdMustChange attribute's value)
root@SRVPDC:/etc/smbldap-tools# defaultMaxPasswordAge="45"
root@SRVPDC:/etc/smbldap-tools# ##########
root@SRVPDC:/etc/smbldap-tools# ###
root@SRVPDC:/etc/smbldap-tools# #
root@SRVPDC:/etc/smbldap-tools# # SAMBA Configuration
root@SRVPDC:/etc/smbldap-tools# #
root@SRVPDC:/etc/smbldap-tools# ###########################################################################
root@SRVPDC:/etc/smbldap-tools# ###
root@SRVPDC:/etc/smbldap-tools# # The UNC path to home drives location (%U username substitution)
root@SRVPDC:/etc/smbldap-tools# # Just set it to a null string if you want to use the smb.conf 'logon home'
root@SRVPDC:/etc/smbldap-tools# # directive and/or disable roaming profiles
root@SRVPDC:/etc/smbldap-tools# # Ex: userSmbHome="\\PDC-SMB3\%U"
root@SRVPDC:/etc/smbldap-tools# userSmbHome="\\ci-ldap1\%U"
root@SRVPDC:/etc/smbldap-tools# # The UNC path to profiles locations (%U username substitution)
root@SRVPDC:/etc/smbldap-tools# # Just set it to a null string if you want to use the smb.conf 'logon path'
root@SRVPDC:/etc/smbldap-tools# # directive and/or disable roaming profiles
root@SRVPDC:/etc/smbldap-tools# # Ex: userProfile="\\PDC-SMB3\profiles\%U"
root@SRVPDC:/etc/smbldap-tools# userProfile="\\ci-ldap1\profiles\%U"
root@SRVPDC:/etc/smbldap-tools# # The default Ho
root@SRVPDC:/etc/smbldap-tools# # (will be automatically mapped at logon time if home directory exist)
root@SRVPDC:/etc/smbldap-tools# # Ex: userHomeDrive="H:"
root@SRVPDC:/etc/smbldap-tools# userHomeDrive="H:"
root@SRVPDC:/etc/smbldap-tools# # The default user netlogon script name (%U username substitution)
root@SRVPDC:/etc/smbldap-tools# # if not used, will be automatically username.cmd
root@SRVPDC:/etc/smbldap-tools# # make sure script file is edited under dos
root@SRVPDC:/etc/smbldap-tools# # Ex: userScript="startup.cmd" # make sure script file is edited under dos
root@SRVPDC:/etc/smbldap-tools# userScript=
root@SRVPDC:/etc/smbldap-tools# # Domain appended to the users "mail"-attribute
root@SRVPDC:/etc/smbldap-tools# # when smbldap-useradd -M is used
root@SRVPDC:/etc/smbldap-tools# # Ex: mailDomain="idealx.com"
root@SRVPDC:/etc/smbldap-tools# mailDomain=""
root@SRVPDC:/etc/smbldap-tools# ###########################################################################
root@SRVPDC:/etc/smbldap-tools# ###
root@SRVPDC:/etc/smbldap-tools# #
root@SRVPDC:/etc/smbldap-tools# # SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
root@SRVPDC:/etc/smbldap-tools# #
root@SRVPDC:/etc/smbldap-tools# 27
bash: 27 : commande introuvable
root@SRVPDC:/etc/smbldap-tools# ###########################################################################
root@SRVPDC:/etc/smbldap-tools# ###
root@SRVPDC:/etc/smbldap-tools# # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
root@SRVPDC:/etc/smbldap-tools# # prefer Crypt::SmbHash library
root@SRVPDC:/etc/smbldap-tools# with_smbpasswd="0"
root@SRVPDC:/etc/smbldap-tools# smbpasswd="/usr/bin/smbpasswd"
root@SRVPDC:/etc/smbldap-tools# # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
root@SRVPDC:/etc/smbldap-tools# # but prefer Crypt:: libraries
root@SRVPDC:/etc/smbldap-tools# with_slappasswd="0"
root@SRVPDC:/etc/smbldap-tools# slappasswd="/usr/sbin/slappasswd"
root@SRVPDC:/etc/smbldap-tools# # comment out the following line to get rid of the default banner
root@SRVPDC:/etc/smbldap-tools# # no_banner="1"

Sur ce qui est affiché, j'ai bien vu certaines erreurs mais je ne vois pas a quel fichier de config ca correspond j'ai vérifié dans le smb.conf et le smbldap.conf mais je n'est pas la même chose ...

[Tsukaniki]

Normalement, tu dois peupler un minimum LDAP pour que ça fonctionne avec Samba (tu peux faire ça avec "smbldap-populate -e samba.ldif" pour ensuite l'importer à ta base de donnée LDAP).

Concernant ce que ça t'affiche, normalement ça ne devrait te mettre que le contenu de la base de donnée, c'est étrange qu'il te ressorte un fichier de conf... En tout cas, as-tu essayé de relancer slapd ? Et sinon essaye de voir si tu as plusieurs occurrences du fichier smbldap.conf (via un locate ou un find).

La première chose à faire est de vérif que tu as bien la bonne config, après de peupler LDAP via les bases nécessaires pour Samba.

[dimii]

Pourtant j'ai bien utiliser la commande "smbldap-populate" sans aucun message d'erreur ...

Concernant ce que ça t'affiche, normalement ça ne devrait te mettre que le contenu de la base de donnée, c'est étrange qu'il te ressorte un fichier de conf... En tout cas, as-tu essayé de relancer slapd ? Et sinon essaye de voir si tu as plusieurs occurrences du fichier smbldap.conf (via un locate ou un find).

La première chose à faire est de vérif que tu as bien la bonne config, après de peupler LDAP via les bases nécessaires pour Samba.

Je suis pas sur d'avoir bien compris :s a priori j'ai pas d’occurrence du fichier smbldap.conf mais je vois pas ce que c'est "locate ou find" et comment vérifier que j'ai bien la bonne config ? J'ai vérifié plusieurs fois mon fichier smb.conf et a priori je ne trouve pas d'erreur.

[dimii]

Apres plusieur modification, j'ai réessayer la commande "ldapsearch -H ldaps:/// -D cn=admin,dc=longwy,dc=local -b dc=longwy,dc=local -W"

Qui m'a afficher ca :

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Apparemment on ne peux pas contacter mon serveur LDAP ...

J'ai egalement remarque que mon /etc/ldap/ldap.conf etait vide je ne sais pas si c'est normal ?

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

[Tsukaniki]

Tu peux aussi essayer sans sécurisation (j'aurai pas du te mettre ldaps dans la commande que je t'ai donné) :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

ldapsearch -H ldap:/// -D cn=admin,dc=longwy,dc=local -b dc=longwy,dc=local -W

Le contenu du fichier ldap.conf est destiné à lorsque ton serveur joue le rôle de "client" (pour contacter slapd), il doit, en effet, contenir deux trois trucs, mais ce fichier n'entre en jeu que lorsque tu te connectes en mode "ldapi", ce que tu ne fais pas là. Il n'est donc pas nécessaire de le remplir.

Pour t'expliquer la ligne de commande, le -H va spécifier le serveur ainsi que la méthode d'accès (ldaps:/// = LDAP en mode secure sur localhost, c'est équivalent à ldaps://127.0.0.1/), le -D correspond à l'utilisateur avec lequel tu fais la commande ; le -b est la base de la recherche (le chemin dans l'arbre) et le -W pour qu'il te demande le mot de passe plutôt que d'avoir à le lui spécifier dans la ligne de commande.


Concernant "locate" et "find", ce sont deux commandes linux pour chercher un fichier. locate fonctionne avec un système de base de donnée mise à jour automatique et est donc plus rapide, find fonctionne tout simplement avec un scan des dossiers...
Essaye de taper la commande

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

locate smbldap.conf

et si tu n'as pas locate d'installé (ça peut arriver), essaye

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

sudo find / -type f -name smbldap.conf

C'est le fait de vérifier que tu n'as bien qu'un seul smbldap.conf et qu'il contient les bonnes données qui te diras si tu as la bonne configuration.

[moradinddn]

Salut,

as tu ajouter le schema samba a ton annuaire ldap?