[samba-jp:19340] Re: samba+LDAP によるNTドメイン移行について

k_umeda @ r-ts.co.jp k_umeda @ r-ts.co.jp
2007年 3月 15日 (木) 09:57:01 JST 

梅田です。
たかはし様ご返答ありがとうございます。
バージョン情報は・・・
先日リリースされた、MiracleLinuxV4 SP2で
 # rpm -qa |grep samba
 samba-swat-3.0.20b-2AX
 samba-common-3.0.20b-2AX
 samba-client-3.0.20b-2AX
 samba-3.0.20b-2AX
 # rpm -qa |grep smbldap
 smbldap-tools-0.8.7-4AX
と言う感じです。
作業工程としては、下記のように行い確実にnet rpc vampireコマンドの前に
ゴミが残っていない事を確認し、投入を行いました。
sldapd.conf等全般を見直しているのですが、その辺がおかしいと、ユーザーアカ
ウントの
取得部分にも影響でそうですし、関連するのはたかはし様のおっしゃる通り、
smb.confのスクリプト部分とにらんでいるのですが・・・
------------------------
サービス停止
 # /etc/rc.d/init.d/smb stop
 # /etc/rc.d/init.d/ldap stop
LDAP初期化
 # rm -f /var/lib/ldap/*
LDAP開始
 # /etc/rc.d/init.d/ldap start
いまの状態を見てみる
 # getent passwd
 root:x:0:0:root:/root:/bin/bash
 bin:x:1:1:bin:/bin:/sbin/nologin
 daemon:x:2:2:daemon:/sbin:/sbin/nologin
 〜略〜
 squid:x:23:23::/var/spool/squid:/sbin/nologin
 mailman:x:41:41:GNU Mailing List 
Manager:/usr/lib/mailman:/sbin/nologin
 user001:x:512:512::/home/user001:/bin/bash
 ←OS基本+ssh用に作成したアカウント1つしかない 
初期データ投入
 #smbldap-populate -a Administrator -b Guest
 Using workgroup name from sambaUnixIdPooldn (smbldap.conf): 
sambaDomainName=nt40dom
 Using builtin directory structure
 adding new entry: dc=nt40dom,dc=local
 adding new entry: ou=Users,dc=nt40dom,dc=local
 adding new entry: ou=Groups,dc=nt40dom,dc=local
 adding new entry: ou=Computers,dc=nt40dom,dc=local
 adding new entry: ou=HostsGroups,dc=nt40dom,dc=local
 adding new entry: ou=Idmap,dc=nt40dom,dc=local
 adding new entry: sambaDomainName=nt40dom,dc=nt40dom,dc=local
 adding new entry: uid=Administrator,ou=Users,dc=nt40dom,dc=local
 adding new entry: uid=Guest,ou=Users,dc=nt40dom,dc=local
 adding new entry: cn=Domain Admins,ou=Groups,dc=nt40dom,dc=local
 adding new entry: cn=Domain Users,ou=Groups,dc=nt40dom,dc=local
 adding new entry: cn=Domain Guests,ou=Groups,dc=nt40dom,dc=local
 adding new entry: cn=Domain 
Computers,ou=Groups,dc=nt40dom,dc=local
 adding new entry: cn=Administrators,ou=Groups,dc=nt40dom,dc=local
 adding new entry: cn=Print Operators,ou=Groups,dc=nt40dom,dc=local
 adding new entry: cn=Backup 
Operators,ou=Groups,dc=nt40dom,dc=local
 adding new entry: cn=Replicators,ou=Groups,dc=nt40dom,dc=local
初期データ投入後のアカウント
 # getent passwd
 root:x:0:0:root:/root:/bin/bash
 bin:x:1:1:bin:/bin:/sbin/nologin
 daemon:x:2:2:daemon:/sbin:/sbin/nologin
  〜略〜
 squid:x:23:23::/var/spool/squid:/sbin/nologin
 mailman:x:41:41:GNU Mailing List 
Manager:/usr/lib/mailman:/sbin/nologin
 user001:x:512:512::/home/user001:/bin/bash
 Administrator:x:998:512:Netbios Domain 
Administrator:/home/Administrator:/bin/false
 Guest:x:999:514:Guest:/dev/null:/bin/false
 # getent group
 root:x:0:root
 bin:x:1:root,bin,daemon
 daemon:x:2:root,bin,daemon
 〜略〜
 squid:x:23:
 mailman:x:41:
 user001:x:512:
 Domain Admins:x:512:Administrator
 Domain Users:x:513:
 Domain Guests:x:514:
 Domain Computers:x:515:
 Administrators:x:544:
 Print Operators:x:550:
 Backup Operators:x:551:
 Replicators:x:552:
 BUILTIN\administrators:x:1000:
 BUILTIN\print operators:x:1001:
 BUILTIN\backup operators:x:1002:
 BUILTIN\replicators:x:1003:
 ←OSアカウントと初期データまでのユーザー情報が入ったようだ
 # smbldap-passwd Administrator
 Changing password for Administrator
 New password :
 Retype new password :
ドメイン参加
 # net rpc join -S nt_pdc -w nt40dom -U Administrator%password
 Joined domain nt40dom.
BDCでsamba起動
 # /etc/rc.d/init.d/smb start
 SMB サービスを起動中: [ OK ]
 NMB サービスを起動中: [ OK ]
アカウント移行
 #net rpc vampire -S nt_pdc -U Administrator%password
 Fetching DOMAIN database
 Creating unix group: 'soumu'
 Creating account: Administrator
 [2007年03月15日 09:23:38, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'Administrator' already in the base, 
with samba attributes
 Creating account: Guest
 [2007年03月15日 09:23:38, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'Guest' already in the base, with 
samba attributes
 Creating account: nt_pdc$
 Added user nt_pdc$.
 [2007年03月15日 09:23:42, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'nt_pdc$' already in the base, with 
samba attributes
 Creating account: sato
 Creating account: suzuki
 Creating account: takahashi
 Creating account: hashimoto
 Creating account: PC02$
 Added user PC02$.
 [2007年03月15日 09:23:55, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'PC02$' already in the base, with 
samba attributes
 Creating account: PC03$
 Added user PC03$.
 [2007年03月15日 09:23:59, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'PC03$' already in the base, with 
samba attributes
 Creating account: PC04$
 Added user PC04$.
 [2007年03月15日 09:24:02, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'PC04$' already in the base, with 
samba attributes
 Creating account: PC05$
 Added user PC05$.
 [2007年03月15日 09:24:06, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'PC05$' already in the base, with 
samba attributes
 Creating account: PC06$
 Added user PC06$.
 [2007年03月15日 09:24:10, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'PC06$' already in the base, with 
samba attributes
 Creating account: PC01-XP$
 Added user PC01-XP$.
 [2007年03月15日 09:24:15, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'PC01-XP$' already in the base, with 
samba attributes
 Creating account: nag-jsrv-03$
 Added user nag-jsrv-03$.
 [2007年03月15日 09:24:19, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1782)
 ldapsam_add_sam_account: User 'nag-jsrv-03$' already in the base, 
with samba attributes
 Group members of user001:
 Group members of Domain Users: 
sato(primary),suzuki(primary),takahashi(primary),hashimoto(primary),
 Cannot delete user (sato) from his primary group (Domain Users)
 Cannot delete user (suzuki) from his primary group (Domain Users)
 Cannot delete user (takahashi) from his primary group (Domain 
Users)
 Cannot delete user (hashimoto) from his primary group (Domain 
Users)
 Group members of Domain Guests: Guest(primary),
 Group members of soumu: sato,suzuki,hashimoto,
 adding user sato to group soumu
 adding user suzuki to group soumu
 adding user hashimoto to group soumu
 Fetching BUILTIN database
 skipping SAM_DOMAIN_INFO delta for 'Builtin' (is not my domain)
 Creating unix group: 'Account Operators'
 Creating unix group: 'Guests'
 Creating unix group: 'Server Operators'
 Creating unix group: 'Users'
アカウント確認
 # getent passwd
 root:x:0:0:root:/root:/bin/bash
 bin:x:1:1:bin:/bin:/sbin/nologin
 daemon:x:2:2:daemon:/sbin:/sbin/nologin
 〜略〜
 squid:x:23:23::/var/spool/squid:/sbin/nologin
 mailman:x:41:41:GNU Mailing List 
Manager:/usr/lib/mailman:/sbin/nologin
 user001:x:512:512::/home/user001:/bin/bash
 Administrator:x:998:512:Netbios Domain 
Administrator:/home/Administrator:/bin/false
 Guest:x:999:514:Guest:/dev/null:/bin/false
 nt_pdc$:x:1000:515:Computer:/dev/null:/bin/false
 sato:x:1001:513:System User:/home/sato:/bin/bash
 suzuki:x:1002:513:System User:/home/suzuki:/bin/bash
 takahashi:x:1003:513:System User:/home/takahashi:/bin/bash
 hashimoto:x:1004:513:System User:/home/hashimoto:/bin/bash
 PC02$:x:1005:515:Computer:/dev/null:/bin/false
 PC03$:x:1006:515:Computer:/dev/null:/bin/false
 PC04$:x:1007:515:Computer:/dev/null:/bin/false
 PC05$:x:1008:515:Computer:/dev/null:/bin/false
 PC06$:x:1009:515:Computer:/dev/null:/bin/false
 PC01-XP$:x:1010:515:Computer:/dev/null:/bin/false
 nag-jsrv-03$:x:1011:515:Computer:/dev/null:/bin/false
 # getent group
 root:x:0:root
 bin:x:1:root,bin,daemon
 daemon:x:2:root,bin,daemon
 〜略〜
 squid:x:23:
 mailman:x:41:
 user001:x:512:
 Domain Admins:x:512:Administrator
 Domain Users:x:513:sato,suzuki,takahashi,hashimoto
 Domain Guests:x:514:
 Domain Computers:x:515:
 Administrators:x:544:
 Print Operators:x:550:
 Backup Operators:x:551:
 Replicators:x:552:
 soumu:x:1000:sato,suzuki,hashimoto
 Account Operators:x:1001:
 Guests:x:1002:
 Server Operators:x:1003:
 Users:x:1004:
 BUILTIN\administrators:x:1000:
 BUILTIN\print operators:x:1001:
 BUILTIN\backup operators:x:1002:
 BUILTIN\replicator:x:1003:
 BUILTIN\account operators:x:1004:
 BUILTIN\guests:x:1005:
 BUILTIN\server operators:x:1006:
 BUILTIN\users:x:1007:
コンピュータアカウントを確認
 # smbldap-usershow pc02$
 dn: uid=PC02,ドルou=Computers,dc=nt40dom,dc=local
 objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
 cn: PC02$
 sn: PC02$
 uid: PC02$
 uidNumber: 1005
 gidNumber: 515
 homeDirectory: /dev/null
 loginShell: /bin/false
 description: Computer
 gecos: Computer
 sambaSID: S-1-5-21-43339713-1866483777-311576647-3010
 sambaPrimaryGroupSID: S-1-5-21-43339713-1866483777-311576647-515
 displayName: Computer
 sambaPwdCanChange: 1173918234
 sambaPwdMustChange: 1177629086
 sambaLMPassword: 8F469B4B190D3F53AAD3B435B51404EE
 sambaNTPassword: A582A9748B65B673A5E04363737E6852
 sambaPwdLastSet: 1173918234
 sambaAcctFlags: [W ]
smb.confで定義しているスクリプト部分は・・・
 add user script = /usr/lib/samba/bin/useradd.sh LDAP "%u" 
"smbusers"
 delete user script = /usr/lib/samba/bin/userdel.sh LDAP "%u"
 add group script = /usr/lib/samba/bin/groupadd.sh LDAP "%g"
 delete group script = /usr/lib/samba/bin/groupdel.sh LDAP "%g"
 add user to group script = /usr/lib/samba/bin/addusergroup.sh LDAP 
"%u" "%g"
 delete user from group script = /usr/lib/samba/bin/delusergroup.sh 
LDAP "%u" "%g"
 set primary group script = /usr/lib/samba/bin/setpgroup.sh LDAP 
"%u" %g"
 add machine script = /usr/lib/samba/bin/addmachine.sh LDAP "%u" 
"Computers"

samba-jp メーリングリストの案内

AltStyle によって変換されたページ (->オリジナル) /