http://www.mkgt.ru/files/material-static/552/tema2/chap05/p1_01.htm http://linuxforum.ru/viewtopic.php?id=7689 Создал репозиторий из BASE там 7 дисков и createrepo 2 Создал репозиторий из pdc в нем файлы репозиториев epel and rpmforge 3 Создал репозитории epel and rpmforge 4 активировал прокси для репозиториев 5. Теперь буду устанавливать но сначала перенес все файлы от репо rpmforge in /etc/yum.repos.d_BK/ также все загруженные файлы сохранил в pdc 6. yum install openldap-servers openldap-clients nss_ldap samba httpd openssl mod_ssl mysql mysql-server php php-xml php-ldap php-mysql php-pdo php-cli php-common smbldap-tools Installed: mysql-server.i386 0:5.0.95-1.el5_7.1 openldap-clients.i386 0:2.3.43-25.el5_8.1 openldap-servers.i386 0:2.3.43-25.el5_8.1 php-mysql.i386 0:5.1.6-39.el5_8 php-pdo.i386 0:5.1.6-39.el5_8 php-xml.i386 0:5.1.6-39.el5_8 smbldap-tools.noarch 0:0.9.6-3.el5 Dependency Installed: perl-Crypt-SmbHash.noarch 0:0.12-6.el5 perl-DBD-MySQL.i386 0:3.0007-2.el5 perl-Digest-MD4.i386 0:1.5-4.el5 perl-Jcode.noarch 0:2.06-6.el5 perl-LDAP.noarch 1:0.33-4.el5_8 perl-Unicode-Map.i386 0:0.112-12.el5 perl-Unicode-Map8.i386 0:0.12-15.el5 perl-Unicode-MapUTF8.noarch 0:1.11-7.el5 perl-Unicode-String.i386 0:2.09-7.el5 perl-XML-NamespaceSupport.noarch 0:1.11-1.el5.rfx perl-XML-SAX.noarch 0:0.14-11 Updated: httpd.i386 0:2.2.3-65.el5.centos mod_ssl.i386 1:2.2.3-65.el5.centos mysql.i386 0:5.0.95-1.el5_7.1 nss_ldap.i386 0:253-49.el5 openssl.i686 0:0.9.8e-22.el5_8.4 php.i386 0:5.1.6-39.el5_8 php-cli.i386 0:5.1.6-39.el5_8 php-common.i386 0:5.1.6-39.el5_8 php-ldap.i386 0:5.1.6-39.el5_8 samba.i386 0:3.0.33-3.39.el5_8 Dependency Updated: httpd-manual.i386 0:2.2.3-65.el5.centos libsmbclient.i386 0:3.0.33-3.39.el5_8 openldap.i386 0:2.3.43-25.el5_8.1 samba-client.i386 0:3.0.33-3.39.el5_8 samba-common.i386 0:3.0.33-3.39.el5_8 Complete! [root@localhost yum.repos.d]# 7. Все загруженные файлы во время установки я сохранил в репо pdc а затем выполнил createrepo --update /home/pub_repo/pdc 8 [root@localhost yum.repos.d]# slappasswd New password: Re-enter new password: {SSHA}A2J5MqRIKGv0VK3peC0GsnlxXe3Pdvtl [root@localhost yum.repos.d]# 9cp /usr/share/doc/samba-3.0.33/LDAP/samba.schema /etc/openldap/schema/ 10 [root@localhost yum.repos.d]# mv -f /etc/openldap/slapd.conf /etc/openldap/slapd.conf_BK [root@localhost yum.repos.d]# vi /etc/openldap/slapd.conf http://budetinteresno.info/ushel/urivok_otch.htm http://blog.tisov.net/centos-5-6-%E2%80%93-%D0%BA%D0%BE%D0%BD%D1%82%D1%80%D0%BE%D0%BB%D0%BB%D0%B5%D1%80-%D0%B4%D0%BE%D0%BC%D0%B5%D0%BD%D0%B0-samba-ldap/ редактирую slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb suffix "dc=sunport,dc=ms" rootdn "cn=tirex,dc=sunport.dc=ms" rootpw {SSHA}A2J5MqRIKGv0VK3peC0GsnlxXe3Pdvtl it KDX200sr password-hash {SSHA} directory /var/lib/ldap index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index objectClass pres,eq index default sub 11 [root@localhost yum.repos.d]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@localhost yum.repos.d]# chown ldap:ldap /var/lib/ldap/DB_CONFIG [root@localhost yum.repos.d]# chmod 600 /var/lib/ldap/DB_CONFIG 12 /etc/syslog.conf local4.* /var/log/ldap.log service syslog restart 13 /etc/sysconfig/ldap SLAPD_OPTIONS="-4" 14 при таком запуске ldap выругался на базы не принадлежащие лдапу, пришлось chown -R /var/lib/ldap после этого запись /var/log/ldap.log Sep 25 13:47:37 localhost slapd[29565]: @(#) $OpenLDAP: slapd 2.3.43 (Jul 12 2012 04:02:16) $ mockbuild@builder10.centos.org:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd Sep 25 13:47:37 localhost slapd[29566]: slapd starting [root@localhost yum.repos.d]# 15 итак далее chkconfig --level 35 ldap on 16 редактирую /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap hosts: files dns wins 17 /etc/ldap.conf редактриую по админу инструкции 18 редактирую smbldap_bind.conf 19 smbldap.conf [root@pdc ~]# net getlocalsid SID for domain PDC is: S-1-5-21-1871841520-3204539377-781500168 [root@pdc ~]# после редактирования smbldap.conf необходимо 20 smbldap-populate -a tirex -g 10000 -l 11111 -r 10000 -u 10000 [root@pdc ~]# smbldap-populate -a tirex -g 10000 -l 11111 -r 10000 -u 10000 Populating LDAP directory for domain sunport (S-1-5-21-1871841520-3204539377-781500168) (using builtin directory structure) adding new entry: dc=sunport,dc=ms adding new entry: ou=People,dc=sunport,dc=ms adding new entry: ou=Group,dc=sunport,dc=ms adding new entry: ou=Computers,dc=sunport,dc=ms adding new entry: ou=Idmap,dc=sunport,dc=ms adding new entry: uid=tirex,ou=People,dc=sunport,dc=ms adding new entry: uid=nobody,ou=People,dc=sunport,dc=ms adding new entry: cn=Domain Admins,ou=Group,dc=sunport,dc=ms adding new entry: cn=Domain Users,ou=Group,dc=sunport,dc=ms adding new entry: cn=Domain Guests,ou=Group,dc=sunport,dc=ms adding new entry: cn=Domain Computers,ou=Group,dc=sunport,dc=ms adding new entry: cn=Administrators,ou=Group,dc=sunport,dc=ms adding new entry: cn=Account Operators,ou=Group,dc=sunport,dc=ms adding new entry: cn=Print Operators,ou=Group,dc=sunport,dc=ms adding new entry: cn=Backup Operators,ou=Group,dc=sunport,dc=ms adding new entry: cn=Replicators,ou=Group,dc=sunport,dc=ms adding new entry: sambaDomainName=sunport,dc=sunport,dc=ms Please provide a password for the domain tirex: Changing UNIX and samba passwords for tirex New password: Retype new password: [root@pdc ~]# 21 [root@pdc ~]# id tirex id: tirex: Такого пользователя нет [root@pdc ~]# getent passwd tirex [root@pdc ~]# тут беда !!!! 22 smbldap-useradd -W -g 515 PDC 23 [root@pdc ~]# vi /etc/samba/smb.conf 24 [root@pdc smbldap-tools]# smbpasswd -w KDX200sr Setting stored password for "cn=root,dc=sunport,dc=ms" in secrets.tdb [root@pdc smbldap-tools]# 25 стартанул самбу, но она жаловалась что не могла ретриевин из секрет.тбд, в результате поновой smbpasswd -w KDX200sr и стартанула уже без этой ошибки. 26 now [root@pdc samba]# nmblookup 'sunport#1b' 'sunport#1c' added interface ip=192.168.0.7 bcast=192.168.0.255 nmask=255.255.255.0 Socket opened. querying sunport on 192.168.0.255 Got a positive name query response from 192.168.0.7 ( 192.168.0.7 ) 192.168.0.7 sunport<1b> querying sunport on 192.168.0.255 Got a positive name query response from 192.168.0.7 ( 192.168.0.7 ) 192.168.0.7 sunport<1c> [root@pdc samba]# 27 [root@pdc samba]# service winbind start Запускаются службы Winbind: [ OK ] 28 net rpc join -U tirex MEMBER [root@pdc smbldap-tools]# net rpc join -U tirex MEMBER Password: Could not connect to server PDC Could not connect to server PDC Connection failed: NT_STATUS_UNSUCCESSFUL Sep 26 13:53:21 pdc smbd[18363]: [2012/09/26 13:53:21, 0] auth/auth_sam.c:check_sam_security(353) Sep 26 13:53:21 pdc smbd[18363]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' Sep 26 13:53:22 pdc smbd[18364]: [2012/09/26 13:53:22, 0] rpc_server/srv_netlog_nt.c:get_md4pw(293) Sep 26 13:53:22 pdc smbd[18364]: get_md4pw: Workstation PDC$: account does not have a password Sep 26 13:53:22 pdc smbd[18364]: [2012/09/26 13:53:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) Sep 26 13:53:22 pdc smbd[18364]: _net_auth2: failed to get machine password for account PDC$: NT_STATUS_LOGON_FAILURE Sep 26 13:53:22 pdc smbd[18364]: [2012/09/26 13:53:22, 0] rpc_server/srv_netlog_nt.c:get_md4pw(293) Sep 26 13:53:22 pdc smbd[18364]: get_md4pw: Workstation PDC$: account does not have a password Sep 26 13:53:22 pdc smbd[18364]: [2012/09/26 13:53:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) Sep 26 13:53:22 pdc smbd[18364]: _net_auth2: failed to get machine password for account PDC$: NT_STATUS_LOGON_FAILURE Sep 26 13:53:23 pdc smbd[18366]: [2012/09/26 13:53:23, 0] auth/auth_sam.c:check_sam_security(353) Sep 26 13:53:23 pdc smbd[18366]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' Sep 26 13:53:53 pdc kernel: Removing netfilter NETLINK layer. Sep 26 13:54:10 pdc smbd[18491]: [2012/09/26 13:54:10, 0] auth/auth_sam.c:check_sam_security(353) Sep 26 13:54:10 pdc smbd[18491]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' =================================================== [root@pdc samba]# net getdomainsid SID for domain PDC is: S-1-5-21-1871841520-3204539377-781500168 SID for domain SUNPORT is: S-1-5-21-1871841520-3204539377-781500168 [root@pdc samba]# wbinfo -p Ping to winbindd succeeded on fd 4 [root@pdc samba]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) Could not check secret [root@pdc samba]# wbinfo -i tirex tirex:*:0:513:tirex:/home/SUNPORT/tirex:/bin/false [root@pdc samba]# wbinfo -g | grep "domain" domain admins domain users domain guests domain computers [root@pdc samba]# wbinfo -a tirex%KDX200sr plaintext password authentication failed error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Could not authenticate user tirex%KDX200sr with plaintext password challenge/response password authentication failed error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Could not authenticate user tirex with challenge/response [root@pdc samba]# ============================================================== пробую использовать эту ссылку ищу проблему, http://linuxforum.ru/viewtopic.php?id=7689 тут он рекомендует установить phpldapadmin ставлю из епела далее правлю vi /etc/httpd/conf.d/phpldapadmin.conf Deny from all #закомментировать Allow from 127.0.0.1 #исправить на Allow from all Правим файл /etc/phpldapadmin/config.php $ldapservers->SetValue($i,'server','host','127.0.0.1'); $ldapservers->SetValue($i,'server','port','389'); $ldapservers->SetValue($i,'server','base',array('dc=mgkb1')); $ldapservers->SetValue($i,'server','auth_type','config'); $ldapservers->SetValue($i,'login','dn','cn=admin,dc=mgkb1'); $ldapservers->SetValue($i,'login','pass','ТУТ ВАШ ПАРОЛЬ ДЛЯ ADMIN'); собственно вся проблем была в том что этот юзер почему то не работал, smbldap-populate -a tirex -g 10000 -l 11111 -r 10000 -u 10000 [root@pdc ~]# smbldap-usermod -g 512 Administrator [root@pdc ~]# id Adminstrator id: Adminstrator: Такого пользователя нет [root@pdc ~]# id Administrator uid=10001(Administrator) gid=512(Domain Admins) группы=512(Domain Admins) context=root:system_r:unconfined_t:SystemLow-SystemHigh [root@pdc ~]# net rpc group members "Domain Admins" -U tirex%KDX200sr Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_UNSUCCESSFUL [root@pdc ~]# net rpc group members "Domain Admins" -U Administrator%1234567 SUNPORT\tirex SUNPORT\Administrator [root@pdc ~]# net rpc rights grant "Domain Admins" SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -U Administrator%1234567 [root@pdc ~]# net rpc rights grant "Domain Admins" SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -U Administrator%1234567 Successfully granted rights. [root@pdc ~]# [root@pdc ~]# net rpc join -U Administrator MEMBER Password: Joined domain SUNPORT. [root@pdc ~]#