Настроил сабж через YAST, в итоге:
Добавить могу группу(ldapsmb -a -s -g %g), Юзера(ldapsmb -a -s -u %u) , кое как дал полные привилегии на одного из юзеров с LDAP(net rpc rights list accounts ).
При запуске
Код: Выделить всё
net rpc testjoinВалятся ошибки
Код: Выделить всё
get_schannel_session_key: could not fetch trust account password for domain 'SUSHIVESLA.MN'
net_rpc_join_ok: failed to get schannel session key from server PDC for domain SUSHIVESLA.MN. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Join to domain 'SUSHIVESLA.MN' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFOПри запуске
Код: Выделить всё
net rpc join -S pdc -U AdminКод: Выделить всё
Creation of workstation account failed
Unable to join domain SUSHIVESLA.MN.Скрипт добавления станции
Код: Выделить всё
ldapsmb -a -s -wks 'test-wks' --debug 3
ldapsmb:parse_smbconf(2067) parsing [testparm]
ldapsmb:main(2067) adding machine-account: [test-wks]
error: what do you want to add?
choose between: user, machine or group. exiting.
_samr_create_user: Running the command `/usr/sbin/ldapsmb -a -s -wks ' gave 1
Failed to add entry for user test-wks$.
ldapsmb:ldap_smbwks_add(2067) Creating samba account of machine [test-wks] failed.smb.conf
Код: Выделить всё
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2011-01-30
[global]
workgroup = SUSHIVESLA.MN
passdb backend = ldapsam:ldap://127.0.0.1
# printing = cups
# printcap name = cups
# printcap cache time = 750
# cups options = raw
map to guest = Bad User
logon path = \\%L\profiles\%U
logon home = \\%L\%U\
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/ldapsmb -a -s -wks %m
domain logons = Yes
domain master = Yes
idmap backend = ldap:ldap://127.0.0.1
ldap admin dn = cn=Administrator,dc=sushivesla,dc=mn
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap ssl = Off
ldap suffix = dc=sushivesla,dc=mn
ldap timeout = 50
ldap user suffix = ou=Users
local master = Yes
os level = 65
preferred master = Yes
security = user
wins support = Yes
add user script = /usr/sbin/ldapsmb -a -s -u %u
add group script = /usr/sbin/ldapsmb -a -s -g %g
add user to group script = /usr/sbin/ldapsmb -j -u %u -g %g
delete group script = /usr/sbin/ldapsmb -d -s -g %g
delete user from group script = /usr/sbin/ldapsmb -r -u %u -g %g
delete user script = /usr/sbin/ldapsmb -d -s -u %u
wins proxy = No
netbios name = pdc
server string = Samba PDC
time server = Yes
log file = /var/log/samba/samba.log.%m
log level = 10
usershare max shares = 100
encrypt passwords = Yes
load printers = No
lanman auth = Yes
name resolve order = bcast host lmhosts wins
ntlm auth = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
path = \\L\profiles\%U
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
# [printers]
# comment = All Printers
# path = /var/tmp
# printable = Yes
# create mask = 0600
# browseable = No
# [print$]
# comment = Printer Drivers
# path = /var/lib/samba/drivers
# write list = @ntadmin root
# force group = ntadmin
# create mask = 0664
# directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = rootПодскажите плиз что не так.