Mình đang muốn đựng 1 Domain Controller trên CentOS 5 để cho các client Windows join vào, tiện
cho việc quản lý.
Đây là các file cấu hình của Server.
/etc/openldap/slapd.conf
Code:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=lab,dc=local"
rootdn "cn=Manager,dc=lab,dc=local"
rootpw secret
rootpw {MD5}xMpCOKC5I4INzFCab3WEmw==
directory /var/lib/ldap
index objectClass
eq,pres
index ou,cn,mail,surname,givenname
eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid
eq,pres,sub
index nisMapName,nisMapEntry
eq,pres,sub
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by dn="cn=Manager,dc=lab,dc=local" write
by anonymous auth
by * none
access to *
by self write
by dn="cn=Manager,dc=lab,dc=local" write
by * read
/etc/samba/smb.conf
Code:
[global]
workgroup = lab.local
netbios name = PDC-SRV
security = user
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = yes
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
log level = 0
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = CP932
Unix charset = UTF-8
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
# passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com"
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=lab,dc=local
#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
ldap suffix = dc=lab,dc=local
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Hosts
#ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
admin users = admin
# printers configuration
#printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[netlogon]
path = /home/samba/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
[printers]
comment = Network Printers
#printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
# print command = /usr/bin/lpr -U%U@%M -P%p -r %s
# lpq command = /usr/bin/lpq -U%U@%M -P%p
# lprm command = /usr/bin/lprm -U%U@%M -P%p %j
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
path = /tmp
guest ok = yes
browseable = Yes
writable = yes
Kiểm tra thông tin user
#smbldap-usershow admin
Code:
dn: uid=admin,ou=People,dc=lab,dc=local
objectClass:
top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
cn: admin
sn: admin
givenName: admin
uid: admin
uidNumber: 1002
gidNumber: 1000
homeDirectory: /home/admin
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: admin
sambaSID: S-1-5-21-3318209565-1745193784-2994391004-3004
sambaLMPassword: C2265B23734E0DACAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 69943C5E63B4D2C104DBBCC15138B72B
sambaPwdLastSet: 1340115378
sambaPwdMustChange: 1344003378
userPassword: {MD5}xMpCOKC5I4INzFCab3WEmw==
shadowLastChange: 15510
shadowMax: 45
Nhưng trên máy client (Win XP và Win7) đều không thể join được. Sau khi điền thông tin về domain,
nhập username và password thì hiện ra thông báo lỗi.
Cho mình hỏi làm thế nào khắc phục lỗi trên? Xin cám ơn.