делал как в "Руководство по настройке Samba в режиме PDC с использованием LDAP" (на gentoo wiki) если добавлять пользователя скртиптом то он есть через GQ я его вижу, но авторизоваться неполучается (даже на Линуксовой машине). В логах ошибок нет, при старте все стартует без ошибок. Если сделать прямо на это машине su user то он пишет Unknown id: user
ldapsearch -x полказывет содержимое ЛДАПа, с другой машины ldapsearch -x -h host тожу все показывает.
Что у меня не так? Помогите разобраться!Настройки следующие
====>slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to dn.subtree="dc=domain,dc=com" attrs=userPassword,sambaLMPassword,sambaNTPassword
by dn.subtree="cn=Manager,dc=domain,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=domain,dc=com" write
by dn="cn=Domain Users,ou=Groups,dc=domain,dc=com" write
by dn="cn=Domain Guests,ou=Groups,dc=domain,dc=com" write
by dn="cn=Domain Computers,ou=Groups,dc=domain,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=domain,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=domain,dc=com" write
by dn="cn=Print Operators,ou=Groups,dc=domain,dc=com" write
by dn="cn=Backup Operators,ou=Groups,dc=domain,dc=com" write
by dn="cn=Replicators,ou=Groups,dc=domain,dc=com" write
by self write
by anonymous auth
by * none
access to dn.subtree="ou=Users,dc=domain,dc=com"
by dn.subtree="cn=Manager,dc=domain,dc=com" write
by self write
by * read
access to dn.subtree="ou=Groups,dc=domain,dc=com"
by dn="cn=Manager,dc=domain,dc=com" write
by * read
access to dn.subtree="dc=domain,dc=com"
by dn.subtree="cn=Manager,dc=domain,dc=com" write
by self write
by * read
access to *
by dn.subtree="cn=Manager,dc=domain,dc=com" write
by anonymous auth
access to dn.base=""
by self write
by * auth
access to attrs=userPassword
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
by anonymous auth
loglevel 256
database bdb
suffix "dc=domain,dc=com"
rootdn "cn=Manager,dc=domain,dc=com"
rootpw {MD5}secret
directory /var/lib/openldap-data
index objectClass eq
index cn eq,subinitial
index sn eq,subinitial
index uid eq,subinitial
index displayName eq,subinitial
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
samba.conf
[global]
workgroup = DOMAIN
netbios name = DOMAIN
nt acl support = yes
acl compatibility = win2k
map acl inherit = yes
server string = Samba Server %v
interfaces = eth0
bind interfaces only = yes
hosts allow = 192.168.7. 127. 10.
log file = /var/log/samba/log.%m
debug level = 9
max log size = 500
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
security = user
os level = 250
passdb backend = ldapsam:"ldap://127.0.0.1/"
enable privileges = yes
passwd program = /usr/sbin/smbldap-passwd "%u"
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
passdb expand explicit = no
unix password sync = no
ldap passwd sync = no
ldap suffix = dc=domain,dc=com
ldap admin dn = cn=Manager,dc=domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Users
ldap idmap suffix = ou=Idmap
idmap backend = ldapsam:ldap://127.0.0.1/
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap delete dn = Yes
ldap ssl = no
add user script = /usr/sbin/smbldap-useradd -n -a "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-userdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
domain master = yes
preferred master = yes
# domain master = no
# preferred master = no
domain logons = Yes
logon script =
#logon path = \\%L\Profiles\%a\%U
logon path =
logon drive = U:
logon home = \\%L\users\%U
#============================ Share Definitions ==============================
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
browseable = yes
guest ok = yes
writable = no
share modes = no
[Profiles]
admin users = admin
create mode = 600
directory mode = 700
path = /var/lib/samba/profiles
browseable = yes
guest ok = yes
writable = yes
{homes]
comment = Home Directories
browseable = no
read only = no
[public]
path = /export/home/public
guest ok = yes
read only = no
[users]
path = /export/home
writable = yes
printable = no
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(??) on 11-Сен-06, 11:07 
