AD LDAP 백엔드에 의해 인증된 독립형 Linux Samba 서버가 있습니까?

tag-icon tag-icon ubuntu samba ldap
AD LDAP 백엔드에 의해 인증된 독립형 Linux Samba 서버가 있습니까?

Windows AD DS LDAP를 통해 인증하기 위해 독립 실행형 Samba 서버(도메인에 가입되지 않음)를 얻으려고 합니다. 제 생각에는문서이런 식으로 작동시킬 수 없기 때문에 여기에는 적합하지 않습니다.

초기 실패 후 문서 구성을 일부 확장했지만 Samba는 여전히 시작되지 않습니다.

[2021/04/23 16:02:59.404293,  0] ../../source3/smbd/server.c:1775(main)
  smbd version 4.11.6-Ubuntu started.
  Copyright Andrew Tridgell and the Samba Team 1992-2019
[2021/04/23 16:02:59.410542,  1] ../../source3/profile/profile_dummy.c:30(set_profile_level)
  INFO: Profiling support unavailable in this build.
[2021/04/23 16:02:59.435968,  1] ../../source3/passdb/pdb_ldap_util.c:235(add_new_domain_info)
  add_new_domain_info: failed to add domain dn= sambaDomainName=RV-HR,DC=RV-Ing,DC=loc with: No such attribute
        00000057: LdapErr: DSID-0C090E48, comment: Error in attribute conversion operation, data 0, v2580
[2021/04/23 16:02:59.436031,  0] ../../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info)
  smbldap_search_domain_info: Adding domain info for RV-HR failed with NT_STATUS_UNSUCCESSFUL
[2021/04/23 16:02:59.436059,  0] ../../source3/passdb/pdb_ldap.c:6752(pdb_ldapsam_init_common)
  pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
[2021/04/23 16:02:59.436075,  0] ../../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
  pdb backend ldapsam:ldap://192.168.10.42 did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)

현재는 smb.conf다음과 같습니다.

[global]
   #workgroup = RV-ING.loc

   server string = RV-HR
   netbios name = RV-HR
   realm = RV-ING.loc

   security = user
   passdb backend = ldapsam:ldap://192.168.10.42
   ldap suffix = DC=RV-Ing,DC=loc
   ldap admin dn = CN=adquery,OU=service,DC=RV-ING,DC=loc
   ldap user suffix = OU=Mitarbeiter,OU=RV
   ldap group suffix = OU=Gruppen,OU=RV
   ldap machine suffix = OU=Computer,OU=RV
   ldap passwd sync = no
   ldap delete dn = no
   ldap ssl      = no
   ldap debug level = 4

   log file = /var/log/samba/log.%m
   log level = 1 auth_audit:2
   log level = 1 auth_audit:3@/var/log/samba/samba_auth_audit.log
   max log size = 1000

   logging = file
   panic action = /usr/share/samba/panic-action %d

   server role = standalone server
   unix password sync = no

#======================= Share Definitions =======================

[Testshare]
    path = /media/GF
    directory mask = 0775
    public = yes
    writable = yes
    comment = HR Share
    printable = no
    guest ok = yes
    browseable = yes
    vfs object = full_audit
    force user = nobody
    force group = nogroup
    # server signing = mandatory

또한 LDAP 인증 대신 PAM을 사용하는 것도 고려했지만 아마도 그것에 대해 충분히 알지 못할 것입니다. SAMBA를 LDAP 인증과 함께 작동시키는 방법에 대한 아이디어가 있습니까?

관련 정보