Salut a tous,

Voila, je dois configurer un annuaire de personne afin d’instauré une politique de mot de passe au sein de mon entreprise.

J’ai configurer samba ainsi que LDAP, d’ailleurs voici mon code smb.conf

[code][global]

workgroup = TEST
server string = %h server
wins support = yes

WINS Server - Tells the NMBD components of Samba to be a WINS Client

Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

; wins server = w.x.y.z

dns proxy = no
hosts allow = 192.163.3.0/24 127.0.0.1
winbind use default domain = Yes
nt acl support = yes
msdfs root = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER./._/.DS_STORE
time server = yes

name resolve order = lmhosts host wins bcast

The specific set of interfaces / networks to bind to

This can be either the interface name or an IP address/netmask;

interface names are normally preferred

; interfaces = 127.0.0.0/8 eth0

Only bind to the named interfaces and/or networks; you must use the

‘interfaces’ option above to use this.

It is recommended that you enable this feature if your Samba machine is

not protected by a firewall or is a firewall itself. However, this

option cannot handle dynamic or non-broadcast interfaces correctly.

; bind interfaces only = yes

log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0

panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
pam password change = yes

domain master = Yes
local master = Yes
domain logons = yes
os level = 40

add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -i "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m “%u” "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x “%u” "%g"
set primary group script = /usr/sbin/smbldap-usermod -g “%g” “%u”

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
case sensitive = No
default case = lower
preserve case = yes
short preserve case = Yes

encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1/
ldap ssl = off
ldap admin dn = cn=samba,dc=ma,dc=base
ldap suffix = dc=ma,dc=base
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines
ldap delete dn = Yes
ldap password sync = yes

comment = Home Directories
browseable = no
writable = yes
path = /home/users/%U/docs

valid users = %U,@admingroup
create mode = 0700
directory mode = 0700

[netlogon]
; comment = Network Logon Service
path = /home/export/profile
writable = No
browseable = No
write list = Administrateur
; guest ok = yes
; read only = yes

[profiles]
; comment = Users profiles
path = /home/export/profiles
; guest ok = no
browseable = no
writable = Yes
profile acls = yes
create mask = 0700
directory mask = 0700

[societe]
browseable = no
writeable = yes
admin users = @admingroup,@bossgroup
path = /home/societe
force directory mode = 770
force create mode = 770
comment = Societe
valid users = @bossgroup,sha
create mode = 770
directory mode = 770

[dump]
browseable = no
writeable = yes
admin users = @admingroup,@bossgroup
path = /home/dump
#force directory mode = 770
#force create mode = 770
comment = dump
valid users = @admingroup
create mode = 770
directory mode = 770

[smartbackup]
browseable = no
writeable = yes
admin users = @admingroup,@bossgroup
path = /home/smartbackup
#force directory mode = 770
#force create mode = 770
comment = SmartBackup
valid users = @odmingroup
create mode = 770
directory mode = 770

[www]
comment = apache22
path = /etc/apache2/data/
writeable = yes
valid users = @devgroup,@admingroup
admin users = @admingroup
create mode = 777
directory mode = 777
browseable = no

[partage]
writeable = yes
valid users = @bossgroup,@admingroup,@gamegroup,@devgroup,@graphismegroup,@staffgroup,@comgroup,@seriousgroup,@leelhgroup
admin users = @admingroup
path = /home/partage

create mode = 770

directory mode = 770

    force directory mode = 770
    force create mode = 770
    create mask = 0770
    directory mask = 0770
    comment = partage
    profile acls = yes
    inherit permissions = yes
    inherit acls = yes

inherit owner = yes

    map acl inherit = yes
    nt acl support = No
    vfs objects = recycle
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:repository = /home/partage/.RecycleBin/%u
    recycle:exclude = *.tmp,*.log
    recycle:exclude_dir = /home/partage/pole_dev/backups/

[Lazard]
writeable = yes
delete readonly = yes
path = /home/Lazard
force directory mode = 777
force create mode = 777

force user = nobody

    comment = Lazard
    create mode = 777

public = yes

    directory mode = 777

[public]
writeable = yes
delete readonly = yes
path = /home/public
force directory mode = 777
force create mode = 777

force user = nobody

    comment = public
    create mode = 777
    public = yes
    directory mode = 777

[users]
browseable = no
writeable = yes
path = /home/users
comment = users home directory
profile acls = yes

unix extensions = yes

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[/code]

Je vois bien mes personnes sur ma base LDAP que je visionne grace à LdapAdmin, mais lorsque je tente de me connecter sur mon domaine avec une machine virtuelle, le chemin réseau du domaine, n’est pas trouvé

Je suis nouveau sur Linux

Merci de vos réponses,

Flake

Salut.
Windows Xp ou 7?

Quelqu’un a déja eu le meme probleme: impossible-d-ajouter-xp-au-domaine-samba-couple-avec-ldap-t38604.html
Voici sa solution: progenvrac.com/spip.php?article19
Bonne chance.

Je suis sur XP, j’ai suivi casiment le meme tuto que tu m’a filé.

Mon problème n’est pas exactement pareil que celui que tu m’a linké, en effet moi le chemin n’a meme pas été trouvé

Est-ce que tu peux donner le contenu de ton log samba lors de la tentative de jonction au domaine?

Le log.nmbd :

[code][2012/05/11 15:34:17.958953, 0] nmbd/nmbd.c:71(terminate)
Got SIGTERM: going down…
[2012/05/11 15:34:20, 0] nmbd/nmbd.c:857(main)
nmbd version 3.5.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2012/05/11 15:34:21.004116, 0] nmbd/nmbd_logonnames.c:160(add_logon_names)
add_domain_logon_names:
Attempting to become logon server for workgroup DOMAIN3DDUOTEST on subnet 192.168.3.111
[2012/05/11 15:34:21.004284, 0] nmbd/nmbd_logonnames.c:160(add_logon_names)
add_domain_logon_names:
Attempting to become logon server for workgroup DOMAIN3DDUOTEST on subnet UNICAST_SUBNET
[2012/05/11 15:34:21.004357, 0] nmbd/nmbd_become_dmb.c:337(become_domain_master_browser_wins)
become_domain_master_browser_wins:
Attempting to become domain master browser on workgroup DOMAIN3DDUOTEST, subnet UNICAST_SUBNET.
[2012/05/11 15:34:21.004385, 0] nmbd/nmbd_become_dmb.c:351(become_domain_master_browser_wins)
become_domain_master_browser_wins: querying WINS server from IP 192.168.3.111 for domain master browser name DOMAIN3DDUOTEST<1b> on workgroup DOMAIN3DDUOTEST
[2012/05/11 15:34:26.149746, 0] nmbd/nmbd_logonnames.c:121(become_logon_server_success)
become_logon_server_success: Samba is now a logon server for workgroup DOMAIN3DDUOTEST on subnet 192.168.3.111
[2012/05/11 15:34:27.151566, 0] nmbd/nmbd_logonnames.c:121(become_logon_server_success)
become_logon_server_success: Samba is now a logon server for workgroup DOMAIN3DDUOTEST on subnet UNICAST_SUBNET
[2012/05/11 15:34:27.151639, 0] nmbd/nmbd_become_dmb.c:110(become_domain_master_stage2)

Samba server ALDERAAN is now a domain master browser for workgroup DOMAIN3DDUOTEST on subnet UNICAST_SUBNET

[2012/05/11 15:34:27.151682, 0] nmbd/nmbd_become_dmb.c:292(become_domain_master_browser_bcast)
become_domain_master_browser_bcast:
Attempting to become domain master browser on workgroup DOMAIN3DDUOTEST on subnet 192.168.3.111
[2012/05/11 15:34:27.151705, 0] nmbd/nmbd_become_dmb.c:305(become_domain_master_browser_bcast)
become_domain_master_browser_bcast: querying subnet 192.168.3.111 for domain master browser on workgroup DOMAIN3DDUOTEST
[2012/05/11 15:34:35.351671, 0] nmbd/nmbd_become_dmb.c:110(become_domain_master_stage2)

Samba server ALDERAAN is now a domain master browser for workgroup DOMAIN3DDUOTEST on subnet 192.168.3.111

[2012/05/11 15:34:43.361437, 0] nmbd/nmbd_become_lmb.c:395(become_local_master_stage2)

Samba name server ALDERAAN is now a local master browser for workgroup DOMAIN3DDUOTEST on subnet 192.168.3.111

[/code]

Le log de ma machine physique :

[2012/05/11 15:34:52.353061,  0] lib/access.c:410(check_access)
  Denied connection from  (::ffff:192.168.3.66)
[2012/05/11 15:34:52.353194,  1] smbd/process.c:2295(smbd_process)
  Connection denied from ::ffff:192.168.3.66
[2012/05/11 15:34:52.358713,  0] lib/access.c:410(check_access)
  Denied connection from  (::ffff:192.168.3.66)
[2012/05/11 15:34:52.358820,  1] smbd/process.c:2295(smbd_process)
  Connection denied from ::ffff:192.168.3.66
[2012/05/11 15:34:52.363170,  0] lib/access.c:410(check_access)
  Denied connection from  (::ffff:192.168.3.66)
[2012/05/11 15:34:52.363267,  1] smbd/process.c:2295(smbd_process)
  Connection denied from ::ffff:192.168.3.66

Le log.smbd :

[2012/05/11 15:34:21,  0] smbd/server.c:1123(main)
  smbd version 3.5.6 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2010
[2012/05/11 15:34:21.020972,  0] printing/print_cups.c:108(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connexion refusée
[2012/05/11 15:34:21.025572,  0] printing/print_cups.c:108(cups_connect)
  Unable to connect to CUPS server localhost:631 - Connexion refusée
[2012/05/11 15:34:21.061512,  0] smbd/server.c:500(smbd_open_one_socket)
  smbd_open_once_socket: open_socket_in: Adresse déjà utilisée
[2012/05/11 15:34:21.062112,  0] smbd/server.c:500(smbd_open_one_socket)
  smbd_open_once_socket: open_socket_in: Adresse déjà utilisée

Est-ce que tes deux machines sont bien interconnectées?
Tu peux tester anec un ping.

[quote=“arand263”]Est-ce que tes deux machines sont bien interconnectées?
Tu peux tester anec un ping.[/quote]
si oui effectue un testparm

Je te conseille de revoir et modifier tes fichiers de configuration comme décrits ici: progenvrac.com/spip.php?article19
J’ai remarqué sur ton smb.conf que tu as déja ajouté beaucop de chose.
Le probleme vient peut-être de là. Je ne sais pas mais il vaut mieu être sûr que le probleme n’est pas d’origine configuration.
Merci

Oui les machines sont bien interconnectés

Voici le resultat du testparm smb.conf :

root@Alderaan:/etc/samba# testparm smb.conf
Load smb config files from smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[home]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[societe]"
Processing section "[dump]"
Processing section "[smartbackup]"
Processing section "[www]"
Processing section "[partage]"
Processing section "[Lazard]"
Processing section "[public]"
Processing section "[users]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

Tu me conseille de repartir de zero ou bien de modifier mes .conf en fonction de ceux disponible sur le site ?

J’ai repris mon smb.conf en le modifiant, ceci marche. Merci pour tes conseils !

Je poste en [Résolu]

Flake

Va voir là, ta réponse y est :
https://www.debian-fr.org/a-lire-avant-de-poster-t4657.html

Par contre mon démarrage de séssion est très lent, ceci fait plus de 10 minutes et cela charge encore . Est-ce normal lors de la première connexion ?

Flake

Je me permet de up mon sujet. En effet, j’arrive a me connecter au domaine, or lors de la connexion celle ci est très longue, voir interminable. Quelqu’un a-t-il déja eu ce probleme ???

Merci de vos réponses,

Flake

En allant dans les logs de samba, j’ai trouvé ceci :

[2012/05/14 10:09:41.717899, 0] param/loadparm.c:8686(process_usershare_file) process_usershare_file: stat of /var/lib/samba/usershares/profiles failed. Permission non accordée [2012/05/14 10:09:41.719126, 0] param/loadparm.c:8686(process_usershare_file) process_usershare_file: stat of /var/lib/samba/usershares/profiles failed. Aucun fichier ou dossier de ce type

Si cela peut aider a la résolution de mon problème

Merci de votre aide,

Flake

Quand la connexion est longue, une fois sur le bureau, il te dit pas que tu as un probleme avec le profiles itinérant et qu’il te charge un profile localement ?

Sinon je sais pas ca vient de la mais tu as bien créé et mis les droit à ton dossier profiles ?

[quote=“cureuil”]Quand la connexion est longue, une fois sur le bureau, il te dit pas que tu as un probleme avec le profiles itinérant et qu’il te charge un profile localement ?

Sinon je sais pas ca vient de la mais tu as bien créé et mis les droit à ton dossier profiles ?

Pour revenir à t première question, le problème est que je n’arrive jamais sur le bureau la connexion reste bloqué au chargement c’est bien ca le problème ^^

J’ai crée manuellement le dossier /home/export/profiles, mais ceci ne résout toujours pas le problème

Putin je suis une kiche ^^, dans mon smb.conf, il était marqué [profile] au lieu de [profiles] et apparemment ceci change tout ^^

Non c’etait bien marqué profiles dans ]Profiles] par contre tu as aussi profile dans Netlogon je sais pas si c’est voulu. (En tout cas dans le smb que t’as copier en haut du topic)

[netlogon] ; comment = Network Logon Service path = /home/export/profile writable = No browseable = No write list = Administrateur ; guest ok = yes ; read only = yes
J’ai monté mon premier pdc samba/ldap la semaine derniere alors je comprend pas encore tout dans les smb.conf xD

Tu arrive a te connecter maintenant ?