Integration de Win7 dans un domaine Samba/LDAP

Support Debian
#1

Bonjour,

Cela fait un bon moment que j’essaie d’intégrer un client Windows 7 dans un domaine Samba/LDAP. Pour construire ma configuration j’ai suivi plusieurs tutoriel:
http://arnofear.free.fr/linux/template.php?tuto=2&page=2 et http://damstux.free.fr/wiki/index.php?title=PDC_Samba_et_LDAP entre autre.

J’ai réussi à me connecter à mes partages Samba depuis le serveur Linux et depuis Windows 7. Ce qui ne fonctionne pas c’est la partie:

[quote]* Click droit sur Poste de Travail, Propriétés.

  • Onglet Nom de l’ordinateur
  • Click sur le bouton Modifier…
  • Membre de: Chosissez Domaine : Saisissez le nom de la directive workgroup que vous avez renseigné dans smb.conf
  • OK
  • On vous demande un login: root et votre mot de passe : celui de root
  • Si tout va bien le message " Bienvenue dans le domaine …" s’affiche.
  • Redémarrez la machine
  • Choisissez le domaine que vous avez créé et connectez vous avec root ou toto[/quote]

J’ai une erreur me disant “le domaine n’existe pas ou n’a pas pu être contacté”, et si je met un domaine qui n’existe vraiment pas, là j’ai une erreur me disant qu’il n’a pas trouvé de contrôleur de domaine, j’en conclu qu’il le trouve mais qu’il arrive pas a le contacter.

Voici le testparm de mon fichier de configuration smb.conf

[code][global]
workgroup = TIPO
realm = TIPO.LOCAL
server string = %h server
interfaces = eth*, lo
bind interfaces only = Yes
passwd program = /usr/bin/passwd %u
passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = \deb6srv\netlogon\logon.bat
logon path = \deb6srv\profiles%U
logon drive = H:
logon home = \deb6srv%U
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=root,dc=tipo,dc=local
ldap group suffix = ou=Groupes
ldap idmap suffix = ou=Utilisateurs
ldap machine suffix = ou=Ordinateurs
ldap passwd sync = yes
ldap suffix = dc=tipo,dc=local
ldap user suffix = ou=Utilisateurs
panic action = /usr/share/samba/panic-action %d
idmap backend = ldap:ldap://localhost
hosts allow = 127.0.0.1, 172.30.20.0/24
hosts deny = 0.0.0.0/0

[homes]
comment = Home Directories
read only = No
browseable = No

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
write list = @adm

[profiles]
comment = Users profiles
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No

[public]
comment = Repertoire Commun Users
path = /home/samba/partage
write list = @users
read only = No
guest ok = Yes

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[/code]

Si vous avez besoin d’une informations quelconque, il suffi de demandé
merci pour votre attention :slightly_smiling:

$ uname -a Linux deb6srv 2.6.32-5-686 #1 SMP Tue Mar 8 21:36:00 UTC 2011 i686 GNU/Linux

#2

Et mon fichier slapd.conf:
Voici aussi le fichier slapd.conf

[code]# This is the main slapd configuration file. See slapd.conf(5) for more

info on the configuration options.

#######################################################################

Global Directives:

Features to permit

allow bind_v2

Schema and objectClass definitions

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema

Pour qu’OpenLDAP utilise les bonnes informations concernant

la version de Samba.

include /etc/ldap/schema/samba-3.5.6.schema

#ACL

La racine DIT doit être accessible pour tout les clients.

access to dn.exact="" by * read

ACL permettant à l’admin de l’annuaire d’ajouter des hôtes dans cette branche.

access to dn.children="ou=Ordinateurs,dc=tipo,dc=local"
attrs=entry,children,ipHost,device
by dn=“cn=root,dc=tipo,dc=local” write
by users read
by anonymous read

#Fin ACL

Where the pid file is put. The init.d script

will not stop the server if you change this.

pidfile /var/run/slapd/slapd.pid

List of arguments that were passed to the server

argsfile /var/run/slapd/slapd.args

Read slapd.conf(5) for possible values

256 (0x100 stats) connections, LDAP operations, results (recommended)

loglevel 256

Where the dynamically loaded modules are stored

modulepath /usr/lib/ldap
moduleload back_bdb

The maximum number of entries that is returned for a search operation

sizelimit 500

The tool-threads parameter sets the actual amount of cpu’s that is used

for indexing.

tool-threads 1

#######################################################################

Specific Backend Directives for @BACKEND@:

Backend specific directives apply to this backend until another

‘backend’ directive occurs

backend bdb

#######################################################################

Specific Backend Directives for ‘other’:

Backend specific directives apply to this backend until another

‘backend’ directive occurs

#backend

#######################################################################

Specific Directives for database #1, of type @BACKEND@:

Database specific directives apply to this databasse until another

‘database’ directive occurs

database bdb

The base of your directory in database #1

suffix “dc=tipo,dc=local”

rootdn directive for specifying a superuser on the database. This is needed

for syncrepl.

rootdn “cn=root,dc=tipo,dc=local”

Hasher avec la commande slappasswd

rootpw {SSHA}iIHF5jon9O1S/JKbxmI8xScq/9wL/wgB

Where the database file are physically stored for database #1

directory “/var/lib/ldap”

The dbconfig settings are used to generate a DB_CONFIG file the first

time slapd starts. They do NOT override existing an existing DB_CONFIG

file. You should therefore change these settings in DB_CONFIG directly

or remove DB_CONFIG and restart slapd for changes to take effect.

For the Debian package we use 2MB as default but be sure to update this

value if you have plenty of RAM

dbconfig set_cachesize 0 2097152 0

Sven Hartge reported that he had to set this value incredibly high

to get slapd running at all. See http://bugs.debian.org/303057 for more

information.

Number of objects that can be locked at the same time.

dbconfig set_lk_max_objects 1500

Number of locks (both requested and granted)

dbconfig set_lk_max_locks 1500

Number of lockers

dbconfig set_lk_max_lockers 1500

Indexing options for database #1

index objectClass eq

Save the time that the entry gets modified, for database #1

lastmod on

Checkpoint the BerkeleyDB database periodically in case of system

failure and to speed slapd shutdown.

checkpoint 512 30

Indique le format de hashage.

password-hash {SSHA}
#password-crypt-salt-format “$1$%.8s”

The userPassword by default can be changed

by the entry owning it if they are authenticated.

Others should not be able to see it, except the

admin entry below

These access lines apply to database #1 only

access to attrs=userPassword,shadowLastChange
by "dn=“cn=root,dc=tipo,dc=local” write
by anonymous auth
by self write
by * none

Ensure read access to the base for things like

supportedSASLMechanisms. Without this you may

have problems with SASL not knowing what

mechanisms are available and the like.

Note that this is covered by the ‘access to *’

ACL below too but if you change that as people

are wont to do you’ll still need this if you

want SASL (and possible other things) to work

happily.

access to dn.base="" by * read

The admin dn has full write access, everyone else

can read everything.

access to *
by dn=“cn=root,dc=tipo,dc=local” write
by * read

For Netscape Roaming support, each user gets a roaming

profile for which they have write access to

#access to dn=".*,ou=Roaming,o=morsnet"

by dn="@ADMIN@" write

by dnattr=owner write

#######################################################################

Specific Directives for database #2, of type ‘other’ (can be @BACKEND@ too):

Database specific directives apply to this databasse until another

‘database’ directive occurs

#database

The base of your directory for database #2

#suffix “dc=debian,dc=org”
[/code]

#3

J’ai modifié des clés de registres dans Windows 7 et maintenant l’ordinateur et dans la bdd de LDAP mais sous Windows lors de l’ajout dans le domaine j’ai le message

Ce que j’ai modifié:
http://comments.gmane.org/gmane.org.user-group.linux.france.nantes/17432

[quote][HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
“DNSNameResolutionRequired”=dword:00000000
"DomainCompatibilityMode"=dword:00000001 [/quote]

Edit:

#smbldap-usershow winseven1$ erreur LDAP: Can't contact slave ldap server (IO::Socket::INET: Bad hostname '') =>trying to contact the master server dn: uid=winseven1$,ou=Ordinateurs,dc=tipo,dc=local objectClass: top,account,posixAccount cn: winseven1$ uid: winseven1$ uidNumber: 1004 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer

#4

Bonjour,

Je souhaiterais savoir si votre projet est toujours en cours ou terminer car cela m’intéresse beaucoup.

Petite question: si votre projet est terminer, avez vous eu le temps de faire une documentation ?

Merci d’avance et bravo pour ce projet complet.