Bonjour,
Je suis entrain de monter un serveur Openldap avec Samba, sauf que la je bute sur une erreur avec cette commande :
net getlocalsid
Failed to issue the StartTLS instruction: Protocol error
Failed to issue the StartTLS instruction: Protocol error
Failed to issue the StartTLS instruction: Protocol error
smbldap_search_domain_info: Adding domain info for TESTLDAP failed with NT_STATUS_UNSUCCESSFUL
SID for domain DEBIAN is: S-1-5-21-1530841883-3474739847-3042172570
Je vous met directement mes dossier de conf :
[code]cat /etc/smbldap-tools/smbldap.conf
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify=“require”
on indique le suffixe du domaine LDAP
suffix="dc=debian,dc=lan"
usersdn="ou=Users,${suffix}"
computersdn="ou=Machines,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn=“ou=Idmap,${suffix}”
#sambaUnixIdPooldn=“cn=testldap,${suffix}” <== s’assurer que cette ligne est commentée
scope=“sub"
hash_encrypt=“SSHA"
crypt_salt_format=”%s”
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode=“700”
#Nom d’affichage - utiliser smbldap-useradd -c
userGecos="User"
defaultUserGid=“513"
defaultComputerGid=“515"
skeletonDir=”/etc/skel”
###Expiration des mot de passe
defaultMaxPasswordAge=“3650”
with_smbpasswd=“0"
smbpasswd=”/usr/bin/smbpasswd"
with_slappasswd=“0"
slappasswd=”/usr/sbin/slappasswd"
[/code]
cat /etc/smbldap-tools/smbldap_bind.conf
SlaveDN="cn=admin,dc=debian,dc=lan"
slavePw=root
masterDN="cn=admin,dc=debian,dc=lan"
masterPw=root
[code]root@debian:/# cat /etc/samba/smb.conf
Sample configuration file for the Samba suite for Debian GNU/Linux.
This is the main Samba configuration file. You should read the
smb.conf(5) manual page in order to understand the options listed
here. Samba has a huge number of configurable options most of which
are not shown in this example
Some options that are often worth tuning have been included as
commented-out examples in this file.
- When such options are commented with “;”, the proposed setting
differs from the default Samba behaviour
- When commented with “#”, the proposed setting is the default
behaviour of Samba but the option is considered important
enough to be mentioned here
NOTE: Whenever you modify this file you should run the command
“testparm” to check that you have not made any basic syntactic
errors.
A well-established practice is to name the original file
“smb.conf.master” and create the “real” config file with
testparm -s smb.conf.master >smb.conf
This minimizes the size of the really used smb.conf file
which, according to the Samba Team, impacts performance
However, use this with caution if your smb.conf file contains nested
“include” statements. See Debian bug #483187 for a case
where using a master file is not a good idea.
#======================= Global Settings =======================
[Global]
workgroup indique le domaine samba auquel les machines windows devront se connecter:
workgroup = testldap
le nom de votre machine que la commande “hostname” retourne:
netbios name = debian
server string = Samba-LDAP PDC Server
domain master = Yes
local master = Yes
domain logons = Yes
os level = 40
#passwd program = /usr/sbin/smbldap-passwd ?u %u
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
Indiquer l’administrateur LDAP qui aura les droit sur Samba
ldap admin dn = cn=admin,dc=debian,dc=lan
Indiquer les paramètres LDAP et script utilisés pour éditer l’annuaire LDAP via les commandes de “smbldap-tools”:
ldap suffix = dc=debian,dc=lan
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p “%g”
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m “%u” "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x “%u” "%g"
set primary group script = /usr/sbin/smbldap-usermod -g “%g” "%u"
logon path = \%L\profile%U
logon drive = P:
logon home = \%L%U
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
case sensitive = No
default case = lower
preserve case = yes
short preserve case = Yes
#character set = iso8859-1
#domain admin group = @admin
dns proxy = No
wins support = Yes
Indiquer les réseaux autorisés
hosts allow =196.168.1.10
winbind use default domain = Yes
nt acl support = Yes
msdfs root = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
########## LES PARTAGES ############
########NETLOGON ==> va permettre d’utiliser des scripts (.bat) qui seront exécutés à la connexion de session Windows:
[netlogon]
path = /home/netlogon
writable = No
browseable = No
write list = Administrateur
########PROFILE ==> permet de stocker les profils itinérants de Windows
[profile]
path = /home/export/profile
browseable = No
writeable = Yes
profile acls = yes
create mask = 0700
directory mask = 0700
########HOMES ==>partage les répertoires personnel Linux et Windows
[homes]
comment = Repertoire Personnel
browseable = No
writeable = Yes
########PARTAGE ==> permet le partage entre les utilisateurs du domaine
[partage]
comment = Repertoire commun
browseable = Yes
writeable = Yes
public = No
path = /home/partage
[/code]
Voilà j’espère que vous pourrez m’aider !
Bonne journée