Samba 3 ldap nss Fehler

steppke

New Member
folgenden Fehler bringt:
$pdbedit -L

Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=bildem))]
ldap_initialize: Time limit exceeded

Connection to LDAP Server failed for the 1 try!
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Time limit exceeded)
Problem during LDAPsearch: Time limit exceeded
Query was: dc=bildem,dc=local, (&(objectClass=sambaDomain)(sambaDomainName=bildem))
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=bildem))]
ldap_initialize: Time limit exceeded
Connection to LDAP Server failed for the 1 try!
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Time limit exceeded)
Problem during LDAPsearch: Time limit exceeded
Query was: dc=bildem,dc=local, (&(objectClass=sambaDomain)(sambaDomainName=bildem))
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs
ldap_initialize: Time limit exceeded
Connection to LDAP Server failed for the 1 try!
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Time limit exceeded)
ldapsam_setsampwent: LDAP search failed: Time limit exceeded
###
Versionen: openldap-server-2.1.30+samba3.0.4+pam_ldap-1.6.9+nss_ldap-1.204_5

[global]
workgroup = bildem
netbios name = ddsrv01
server string = FreeBSD running Samba PDC %v %h
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
ldap suffix = "dc=bildem,dc=local"
ldap filter = (&(objectclass=sambaaccount) (uid=%u))
ldap admin dn = "cn=admin,dc=bildem,dc=local"
ldap ssl = no
ldap machine suffix = "ou=computers,dc=bildem,dc=local"
ldap group suffix = "ou=groups,dc=bildem,dc=local"
ldap user suffix = "ou=users,dc=bildem,dc=local"
ldap delete dn = no
passdb backend = ldapsam://localhost:389
ldap passwd sync = yes
passwd chat debug = Yes
passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
delete user script = /usr/local/sbin/smbldap-userdel.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl %g
delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
printcap name = /etc/printcap
load printers = yes
printing = cups
printer admin = @wheel
log file = /var/log/samba/log.%m
lock directory = /var/lock
max log size = 4096
log level = 2
hosts allow = 127.0.0.1 192.168.111.0/255.255.255.0
username map = /usr/local/etc/user.map
os level = 65
admin users = root, ste
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=4096 SO_SNDBUF=4096
short preserve case = yes
preserve case = yes
kernel oplocks = false
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65535
dead time = 15
getwd cache = yes
wins support = yes
directory mask = 0777
create mask = 0666
interfaces = 192.168.111.0/24
logon script = logon.bat
logon path = \\%L\profiles\%U\%a
logon drive = U:
logon home = \\%L\%U\win
case sensitive = no
unix charset = ISO-8859-1
display charset = ISO8859-1
dos charset = 850
[homes]
comment = Home's von %u auf %a
browseable = no
writable = yes
create mask = 1750

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
browseable = yes
write list = @wheel
create mode = 0755

[profiles]
path = /home/samba/profiles
browseable = no
writeable = yes
create mode = 0700
directory mask = 0700
guest ok = no

#file:ldap.conf
BASE dc=bildem, dc=local
URI ldap://ddsrv01.bildem.local

#file:sldap.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=bildem,dc=local"
rootdn "cn=admin,dc=bildem,dc=local"
rootpw {SSHA}joooooooooooooooo
directory /var/db/openldap-data
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index mail eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index objectClass eq
index default sub
#######bei einem rid Eintrag startet slapd nicht mehr :-((
lastmod on
loglevel 296
access to attribute=userPassword,sambaLMPassword,sambaNTPassword
by dn="cn=admin,dc=bildem,dc=local" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=bildem,dc=local" write
by * read

#file:nss_ldap.conf
host 127.0.0.1
base dc=bildem,dc=local
uri ldap://127.0.0.1/
ldap_version 3
binddn cn=admin,dc=bildem,dc=local
bindpw daddiiduu
port 389
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd dc=bildem,dc=local
nss_base_group ou=users,dc=bildem,dc=local

#file:/etc/pam.d/system
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
account required pam_login_access.so
account required pam_unix.so
account sufficient pam_ldap.so
session required pam_lastlog.so no_fail
session optional pam_ldap.so
password required pam_unix.so no_warn try_first_pass
password sufficient pam_ldap.so use_authtok

#file:nsswitch.conf
passwd: files [notfound=return] ldap
group: files [notfound=return] ldap
hosts: files dns

#file:/usr/local/sbin/smbldap_conf.pm
$UID_START = 1000;
$GID_START = 1000;

$SID='S-1-5-21-1004546206-2460503548-3824654602';
$slaveLDAP = "127.0.0.1";
$slavePort = "389";

$masterLDAP = "127.0.0.1";
$masterPort = "389";
$ldapSSL = "0";
$suffix = "dc=bildem,dc=local";
$usersou = q(users);
$usersdn = "ou=$usersou,$suffix";
$computersou = q(computers);
$computersdn = "ou=$computersou,$suffix";
$groupsou = q(groups);
$groupsdn = "ou=$groupsou,$suffix";
$scope = "sub";
#$hash_encrypt="SSHA";
$hash_encrypt="md5";
$binddn = "cn=admin,$suffix";
$bindpasswd = "daddiiduu";
$slaveDN = $binddn;
$slavePw = $bindpasswd;
$masterDN = $binddn;
$masterPw = $bindpasswd;
$_userLoginShell = q(/bin/bash);
$_userHomePrefix = q(/home/);
$_userGecos = q(admin);
# Default User (POSIX and Samba) GID
$_defaultUserGid = 513;
# Default Computer (Samba) GID
$_defaultComputerGid = 553;
$_skeletonDir = q(/etc/skel);
$_defaultMaxPasswordAge = 45;
$_userSmbHome = q(\\\\ddsrv01\\homes);
$_userProfile = q(\\\\ddsrv01\\profiles\\);
$_userHomeDrive = q(U:);
$_userScript = q(logon.bat);
$with_smbpasswd = 0;
$smbpasswd = "/usr/bin/smbpasswd";
$mk_ntpasswd = "/usr/local/sbin/mkntpwd";
$slaveURI = "ldap://$slaveLDAP:$slavePort";
$masterURI = "ldap://$masterLDAP:$masterPort";

#$ldap_path = "/usr/bin";
$ldap_path = "/usr/local/libexec/";

if ( $ldapSSL eq "0" ) {
$ldap_opts = "-x";
} elsif ( $ldapSSL eq "1" ) {
$ldap_opts = "-x -Z";
} else {
die "ldapSSL option must be either 0 or 1.\n";
}

#$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'";
#$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI";
$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
1;
# - The End

ldapsearch -x

# bildem.local
dn: dc=bildem,dc=local
objectClass: organization
objectClass: dcobject
dc: bildem
o: bildem

# admin, bildem.local
dn: cn=admin,dc=bildem,dc=local
objectClass: top
objectClass: organizationalRole
cn: admin

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

Wo liegt der Wurm begraben?
Warum startet slapd mit einem INDEX "rid" nicht?
Schwieriges Thema, viel Text, sorry


Danke fuer Tipps! & Gruss aus Berlin
 
Back
Top