Samba en PDC sur machine IPCOP : compte machine non trouve... - réseaux et sécurité - Linux et OS Alternatifs
Marsh Posté le 18-09-2007 à 10:56:29
Bon si ca intéresse quelqu'un, j'ai fait le test suivant :
J'ai installé samba sur un ubuntu server 6.06, et tout marche nickel.
J'ai installé ipcop 1.4.16 sur une autre machine sans mettre aucuns des addons que j'ai sur les autres ipcops, répété la manip et ca ne marche pas mieux.
La différence, qui a mon sens pourrait etre la cause de mes soucis:
- sur le samba sur ubuntu server les noms de machines sont en MAJUSCULES.
- sur le samba sur ipcop les noms de machines ne peuvent etre qu'en miniscule sinon j'ai une erreur lors de la création des comptes machines.
et avec la commande "useradd" sur ipcop je n'ai pas vu de paramètre permettant de forcer un nom de user en majuscules... Du coup je ne peux pas tester ma théorie.
Marsh Posté le 18-09-2007 à 11:02:09
Manu_b a écrit : |
adduser --force-badname NomenMAJUSCULE |
Marsh Posté le 18-09-2007 à 14:46:34
oui adduser mais pas useradd.
Ipcop n'a que useradd en standard.
Marsh Posté le 18-09-2007 à 14:52:58
Je ne touche pas a ipcop mais pas d'installation de package via rpm ou aptitude de possible?
Sinon dl adduser.tar.gz & ./configure && make && make install
Marsh Posté le 18-09-2007 à 15:32:23
y a pas de gestionnaire de package non plus...
et pas plus de make...
Marsh Posté le 24-08-2007 à 10:59:17
Bonjour,
je bataille depuis quelques temps avec un serveur samba en PDC sur une machine ipcop (1.4.15).
J'ai suivi le tutorial ici //www.linuxpourlesnuls.org/v4/dokuwiki/doku.php?id=tutoriaux:reseau:samba_pdc
et
http://forum.hardware.fr/hfr/OSAlt [...] 9164_1.htm
J'ai donc créé des users, les comptes machine.
J'arrive a joindre le domaine avec une machine "A" avec un compte admin du domaine et j'ai le message habituel de "bienvenue sur le domaine ...".
Je met donc dans le groupe admin de la machine en question un des comptes que j'ai créé sur samba ("manu" en l'occurence), et je reboot.
Au reboot j'ai un message me disant que (entre-autres choses possibles) le compte de la machine n'a pas été trouvé sur le domaine...
j'ai essayé avec le passdb backend "smbpasswd" et "tdbsam" même problème....
bien sur en utilisant tdbsam j'utilise "./pdbedit -i smbpasswd -e tdbsam"
j'ai créé les comptes machines avec un $ à la fin avec le "adduser" et sans le $ avec "smbdpasswd" (visiblement c'est un piège classique....), donc le pbm ne viens pas de la.
par contre, j'ai remarqué que quand je met une machine sur le domaine son entrée dans le fichier smbpasswd est modifiée :
de
portable$:1003:A00193086AA7903117306D272A9441BB:63950512C5604CAE4DCEB11D1D8CC506:[W ]
en
portable$:1003:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:63950512C5604CAE4DCEB11D1D8CC506:[W ]
normal ?
voila le fichier de config :
# Samba config file created using SWAT
# from 192.168.0.3 (192.168.0.3)
# Date: 2007/08/27 22:18:15
[global]
dos charset =
unix charset = ISO8859-1
display charset = UTF-8
workgroup = DOMAINE
netbios name = IPCOPMANU
netbios aliases =
netbios scope =
server string = ipcopmanu
interfaces = 192.168.0.1, 127.0.0.1
bind interfaces only = Yes
security = USER
auth methods = sam
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
map to guest = Bad User
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /usr/local/samba/private/smbpasswd
private dir = /usr/local/samba/private
passdb backend = smbpasswd
algorithmic rid base = 1000
root directory =
guest account = invite
enable privileges = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = Yes
passwd chat timeout = 2
check password script =
username map = /etc/samba/smbusers
password level = 0
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
preload modules =
use kerberos keytab = No
log level = 0
syslog = 1
syslog only = No
log file = /var/log/samba/log.%U
max log size = 5000
debug timestamp = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
enable core files = Yes
smb ports = 445 139
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
acl compatibility = auto
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
enable asu support = No
svcctl list =
deadtime = 0
getwd cache = Yes
keepalive = 30
kernel change notify = Yes
fam change notify = Yes
lpq cache time = 30
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 10000
open files database hash size = 10007
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = Yes
printcap cache time = 750
printcap name = /etc/printcap
cups server =
iprint server =
disable spoolss = No
addport command =
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
max stat cache size = 0
stat cache = Yes
machine password timeout = 604800
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %U
rename user script =
delete user script =
add group script =
delete group script =
add user to group script =
delete user from group script =
set primary group script =
add machine script =
shutdown script =
abort shutdown script =
username map script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = Yes
os level = 255
lm announce = Auto
lm interval = 60
preferred master = Yes
local master = Yes
domain master = Yes
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server =
wins support = Yes
wins hook =
kernel oplocks = No
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
ldap admin dn =
ldap delete dn = No
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap passwd sync = no
ldap replication sleep = 1000
ldap suffix =
ldap ssl = no
ldap timeout = 15
ldap page size = 1024
ldap user suffix =
add share command =
change share command =
delete share command =
eventlog list =
config file =
preload =
lock directory = /usr/local/samba/var/locks
pid directory = /var/run/
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
get quota command =
set quota command =
remote announce = 192.168.0.1
remote browse sync = 192.168.0.1
socket address = 0.0.0.0
homedir map = auto.home
afs username map =
afs token lifetime = 604800
log nt token command =
time offset = 0
NIS homedir = No
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /usr/local/samba/var/locks/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
panic action =
host msdfs = Yes
passdb expand explicit = No
idmap backend =
idmap uid =
idmap gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enum users = No
winbind enum groups = No
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = Yes
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
comment =
path =
username =
invalid users =
valid users = @samba, nobody, root, manu
admin users = root, manu
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
acl check permissions = Yes
acl group control = No
acl map full control = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
inherit owner = No
guest only = No
guest ok = No
only user = No
hosts allow = 192.168.0.
hosts deny =
allocation roundup size = 1048576
aio read size = 0
aio write size = 0
aio write behind =
ea support = No
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
block size = 1024
change notify timeout = 60
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
printing = lprng
cups options =
print command = /usr/local/samba/bin/lpr -r -P'%p' %s
lpq command = /usr/local/samba/bin/lpq -P'%p'
lprm command = /usr/local/samba/bin/lprm -P'%p' %j
lppause command = /usr/local/samba/sbin/lpc hold '%p' %j
lpresume command = /usr/local/samba/sbin/lpc release '%p' %j
queuepause command = /usr/local/samba/sbin/lpc stop '%p'
queueresume command = /usr/local/samba/sbin/lpc start '%p'
printer name =
use client driver = No
default devmode = Yes
force printername = No
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map archive = Yes
map hidden = No
map system = No
map readonly = yes
mangled names = No
mangled map =
store dos attributes = No
dmapi support = No
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = No
level2 oplocks = No
oplock contention limit = 2
posix locking = Yes
strict locking = Auto
share modes = Yes
dfree cache time = 0
dfree command =
copy =
include =
preexec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = No
fake directory create times = No
vfs objects =
msdfs root = Yes
msdfs proxy =
[netlogon]
path = /home/netlogon
write list = admin
browseable = No
locking = No
[print$]
path = /var/log/samba/printer
admin users = samba
write list = samba
force user = samba
[printers]
comment = All Printers
path = /var/log/spool/lpd/%P
create mask = 0700
printable = Yes
use client driver = Yes
browseable = No
[files]
comment = files
path = /var/log/samba/files
valid users = samba
read only = No
create mask = 0777
directory mask = 0777
[lpt1]
path = /var/log/spool/lpd/lpt1
read only = No
create mask = 0700
printable = Yes
printer name = lpt1
use client driver = Yes
share modes = No
[usb]
path = /var/log/spool/lpd/usb
read only = No
create mask = 0700
printable = Yes
printer name = usb
use client driver = Yes
share modes = No
[profile]
path = /home/export/profile
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[partage]
comment = Repertoire commun
path = /home/partage
read only = No
browseable = No
si quelqu'un a une idée je suis preneur....
Merci.
Message édité par Manu_b le 27-08-2007 à 22:21:34