[samba] samba服务器使用ldap管理用户的棘手的问题!!!!

weixin_38052463 2006-09-12 04:07:53

安装的包有:SuSE10.1,samba 3.0.22-11, openldap2-2.3.19-1,nss_ldap-246-14

  现在服务器可以正常使用,就是当我重启ldap时,总是出现以下错误:

Sep 12 15:49:05 file1 slapd[11094]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Sep 12 15:49:05 file1 slapd[11094]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Sep 12 15:49:05 file1 slapd[11094]: nss_ldap: could not search LDAP server - Server is unavailable
Sep 12 15:49:05 file1 slapd[11094]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Sep 12 15:49:05 file1 slapd[11094]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Sep 12 15:49:05 file1 slapd[11094]: nss_ldap: could not search LDAP server - Server is unavailable
   我已经郁闷了有半月之久,真的不知道怎么回事,前些日子有为老兄让我把samba中的passdb backend 改为:ldapsam:ldap://192.168.27.10(服务器的IP),可是还是一样的错误,我现在把 /etc/ldap.conf 和 /etc/nsswitch.conf 贴出来,请大家指点迷津, 在下万分感激!

/etc/ldap.conf
#
# This is the configuration file for the LDAP nameservice
# switch library, the LDAP PAM module and the shadow package.
#

# Your LDAP server. Must be resolvable without using LDAP.
host    127.0.0.1

# The distinguished name of the search base.
base    dc=hasux,dc=com

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version    3

# Don't try forever if the LDAP server is not reacheable
bind_policy     soft

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=Manager,dc=example,dc=com

# The credentials to bind with.
# Optional: default is no credential.
#bindpw secret

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
#rootbinddn cn=Manager,dc=example,dc=com

# The port.
# Optional: default is 389.
#port 389

# The search scope.
#scope sub
#scope one
#scope base

# Search timelimit
#timelimit 30

# Bind timelimit
#bind_timelimit 30

# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600

# Filter to AND with uid=%s
#pam_filter objectclass=account

# The user ID attribute (defaults to uid)
#pam_login_attribute uid

# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes

# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr yes

# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com

# Group member attribute
#pam_member_attribute uniquemember

# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0

# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody

# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear

# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password   crypt

# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password nds

# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad

# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop

# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change your password.

# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX          base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd       ou=People,
# to append the default base DN but this
# may incur a small performance impact.
#nss_base_passwd        ou=People,dc=padl,dc=com?one
#nss_base_shadow        ou=People,dc=padl,dc=com?one
#nss_base_group         ou=Group,dc=padl,dc=com?one
#nss_base_hosts         ou=Hosts,dc=padl,dc=com?one
#nss_base_services      ou=Services,dc=padl,dc=com?one
#nss_base_networks      ou=Networks,dc=padl,dc=com?one
#nss_base_protocols     ou=Protocols,dc=padl,dc=com?one
#nss_base_rpc           ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers        ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks      ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams    ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases       ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup      ou=Netgroup,dc=padl,dc=com?one
nss_base_passwd ou=Users,dc=hasux,dc=com?sub
nss_base_passwd ou=Computers,dc=hasux,dc=com?sub
nss_base_shadow ou=Users,dc=hasux,dc=com?sub
nss_base_group ou=Groups,dc=hasux,dc=com?one
debug 256
logdir /var/log/ldap
pam_password ssha

# attribute/objectclass mapping
# Syntax:
#nss_map_attribute      rfc2307attribute        mapped_attribute
#nss_map_objectclass    rfc2307objectclass      mapped_objectclass

# configure --enable-nds is no longer supported.
# For NDS now do:
#nss_map_attribute uniqueMember member

# configure --enable-mssfu-schema is no longer supported.
# For MSSFU now do:
#nss_map_objectclass posixAccount User
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad

# configure --enable-authpassword is no longer supported
# For authPassword support, now do:
#nss_map_attribute userPassword authPassword
#pam_password nds

# For IBM SecureWay support, do:
#nss_map_objectclass posixAccount aixAccount
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear

# Netscape SDK LDAPS
#ssl on

# Netscape SDK SSL options
#sslpath /etc/ssl/certs/cert7.db

# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl     no
nss_map_attribute       uniqueMember member
pam_filter      objectclass=posixAccount
#nss_base_passwd        dc=hasux,dc=com
#nss_base_shadow        dc=hasux,dc=com
#nss_base_group dc=hasux,dc=com
#ssl on

# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
#tls_checkpeer yes

# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs

# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1

# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key

/etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

# passwd: files nis
# shadow: files nis
# group:  files nis

passwd:         files ldap
shadow:         files ldap
group:          files ldap

hosts:          files wins dns
networks:       files dns

services:       files ldap
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files ldap
publickey:      files

bootparams:     files
automount:      files nis
aliases:        files ldap
#passwd_compat: ldap
#group_compat:  ldap



  等待你们的帮助!!!
...全文
238 6 打赏 收藏 转发到动态 举报
写回复
用AI写文章
6 条回复
切换为时间正序
请发表友善的回复…
发表回复
ldap+samba
samba通过ldap来认证用户。方便管理
samba+ldap实现用户登陆共享认证1
实验目标:samba+ldap实现共享登陆单用户认证实现的功能:可基于组实现共享权限的认证,基于S1账号登陆,权限更安全更可控。测试结果:如图:顶我,就访问我的
Samba与NFS服务器的配置与管理.pptx
Samba与NFS服务器的配置与管理.pptx
samba服务器源码包
samba服务器源码包,包含相近的samba源代码、文档和配置手册。
samba服务器代码
samba服务器代码,是用于linux下作文件服务器
其他技术讨论专区

476

社区成员

790,963

社区内容

发帖
与我相关
我的任务
社区描述
其他技术讨论专区
其他 技术论坛(原bbs)
社区管理员
  • 其他技术讨论专区社区
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章