Итак имеется связка samba + ldap, казалось бы все настроено, машинки windows xp sp3, успешно входят в домен, пользователи заходят в систему, но вылез такой прикол ... создаю группу доменную, создаю доменного пользователя, соответственно включаю пользователя в группу, создаю под xp папку и в безопасности даю права для данной группы, ОДНАКО пользователь так и не получает прав на эту папку!
Люди добрые помогите куда копать ...os GENTOO
samba ver 3.0.34
smb.conf
[global]
workgroup = OFFICE
realm = OFFICE.LOCAL
server string = Samba Server %v
interfaces = eth1
bind interfaces only = Yes
passdb backend = ldapsam:"ldap://127.0.0.1/"
passwd program = /usr/sbin/smbldap-passwd "%u"
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
log level = 3
log file = /var/log/samba/log.%m
max log size = 500
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
add user script = /usr/sbin/smbldap-useradd -n -a "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-userdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
logon path =
logon home =
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
ldap admin dn = cn=Manager,dc=office,dc=local
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=office,dc=local
ldap user suffix = ou=Users
idmap backend = ldapsam:ldap://127.0.0.1/
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = Administrator, root, admin
hosts allow = 192.168.13., 127.
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
browseable = No
share modes = No
[Profiles]
path = /var/lib/samba/profiles
read only = No
guest ok = Yes
browseable = No
openldap ver 2.3.43-r1
slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to dn.base=""
by self write
by * auth
access to attrs=userPassword
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
by anonymous auth
#loglevel 1
database bdb
suffix "dc=office,dc=local"
rootdn "cn=Manager,dc=office,dc=local"
# Пароль rootpw лучше всего указывать в зашифрованном виде.
# Для генерации шифрованного пароля используйте утилиту slappasswd
# Например: slappasswd -h {MD5}
rootpw *******
directory /var/lib/openldap-data
index objectClass eq
index cn eq,subinitial
index sn eq,subinitial
index uid eq,subinitial
index displayName eq,subinitial
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
