Openldap et samba Problème avec net getlocalsid

Support Debian
#1

Bonjour,

Je suis entrain de monter un serveur Openldap avec Samba, sauf que la je bute sur une erreur avec cette commande :
net getlocalsid

Failed to issue the StartTLS instruction: Protocol error Failed to issue the StartTLS instruction: Protocol error Failed to issue the StartTLS instruction: Protocol error smbldap_search_domain_info: Adding domain info for TESTLDAP failed with NT_STATUS_UNSUCCESSFUL SID for domain DEBIAN is: S-1-5-21-1530841883-3474739847-3042172570

Je vous met directement mes dossier de conf :

[code]cat /etc/smbldap-tools/smbldap.conf
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify=“require”

on indique le suffixe du domaine LDAP

suffix="dc=debian,dc=lan"
usersdn="ou=Users,${suffix}"
computersdn="ou=Machines,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn=“ou=Idmap,${suffix}”
#sambaUnixIdPooldn=“cn=testldap,${suffix}” <== s’assurer que cette ligne est commentée
scope=“sub"
hash_encrypt=“SSHA"
crypt_salt_format=”%s”

userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode=“700”
#Nom d’affichage - utiliser smbldap-useradd -c
userGecos="User"
defaultUserGid=“513"
defaultComputerGid=“515"
skeletonDir=”/etc/skel”
###Expiration des mot de passe
defaultMaxPasswordAge=“3650”

with_smbpasswd=“0"
smbpasswd=”/usr/bin/smbpasswd"

with_slappasswd=“0"
slappasswd=”/usr/sbin/slappasswd"
[/code]

cat /etc/smbldap-tools/smbldap_bind.conf SlaveDN="cn=admin,dc=debian,dc=lan" slavePw=root masterDN="cn=admin,dc=debian,dc=lan" masterPw=root

[code]root@debian:/# cat /etc/samba/smb.conf

Sample configuration file for the Samba suite for Debian GNU/Linux.

This is the main Samba configuration file. You should read the

smb.conf(5) manual page in order to understand the options listed

here. Samba has a huge number of configurable options most of which

are not shown in this example

Some options that are often worth tuning have been included as

commented-out examples in this file.

- When such options are commented with “;”, the proposed setting

differs from the default Samba behaviour

- When commented with “#”, the proposed setting is the default

behaviour of Samba but the option is considered important

enough to be mentioned here

NOTE: Whenever you modify this file you should run the command

“testparm” to check that you have not made any basic syntactic

errors.

A well-established practice is to name the original file

“smb.conf.master” and create the “real” config file with

testparm -s smb.conf.master >smb.conf

This minimizes the size of the really used smb.conf file

which, according to the Samba Team, impacts performance

However, use this with caution if your smb.conf file contains nested

“include” statements. See Debian bug #483187 for a case

where using a master file is not a good idea.

#======================= Global Settings =======================

[Global]

workgroup indique le domaine samba auquel les machines windows devront se connecter:

workgroup = testldap

le nom de votre machine que la commande “hostname” retourne:

netbios name = debian
server string = Samba-LDAP PDC Server
domain master = Yes
local master = Yes
domain logons = Yes
os level = 40
#passwd program = /usr/sbin/smbldap-passwd ?u %u
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/

Indiquer l’administrateur LDAP qui aura les droit sur Samba

ldap admin dn = cn=admin,dc=debian,dc=lan

Indiquer les paramètres LDAP et script utilisés pour éditer l’annuaire LDAP via les commandes de “smbldap-tools”:

ldap suffix = dc=debian,dc=lan
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p “%g”
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m “%u” "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x “%u” "%g"
set primary group script = /usr/sbin/smbldap-usermod -g “%g” "%u"
logon path = \%L\profile%U
logon drive = P:
logon home = \%L%U
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
case sensitive = No
default case = lower
preserve case = yes
short preserve case = Yes
#character set = iso8859-1
#domain admin group = @admin
dns proxy = No
wins support = Yes

Indiquer les réseaux autorisés

hosts allow =196.168.1.10
winbind use default domain = Yes
nt acl support = Yes
msdfs root = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/

########## LES PARTAGES ############
########NETLOGON ==> va permettre d’utiliser des scripts (.bat) qui seront exécutés à la connexion de session Windows:
[netlogon]
path = /home/netlogon
writable = No
browseable = No
write list = Administrateur

########PROFILE ==> permet de stocker les profils itinérants de Windows
[profile]
path = /home/export/profile
browseable = No
writeable = Yes
profile acls = yes
create mask = 0700
directory mask = 0700

########HOMES ==>partage les répertoires personnel Linux et Windows
[homes]
comment = Repertoire Personnel
browseable = No
writeable = Yes

########PARTAGE ==> permet le partage entre les utilisateurs du domaine
[partage]
comment = Repertoire commun
browseable = Yes
writeable = Yes
public = No
path = /home/partage
[/code]

Voilà j’espère que vous pourrez m’aider !

Bonne journée

#2

Doublon, je verrouille celui là