[samba-jp:18817] samba Workgroup → samba domain 移行について その2

Hideshi SAKUTA Hideshi.Sakuta @ otsuka-shokai.co.jp
2006年 8月 2日 (水) 09:37:05 JST


お世話になります。さくたです。

この度、以下のようにsambaドメインを構築しXPsp2クライアントのドメイン参加
まではできましたが、ドメインログオンを実行するとユーザー・パスワード認証
の後、ブルースクリーンで「STOP:c000021a unknown Hard Error」になり再起動
してしまいます。マシン固有の問題かと思い他のPCでも試しましたが結果は同じ
です。ローカルログオンは問題ありません。

「smbldap-useradd.pl -w ZZZZ」
「ドメインメンバ:常にセキュリティチャネル〜暗号化〜署名する」→「無効」

上記を実行後、クライアントのドメイン参加を実行。

どなたかご教授いただければ幸いです。


【サーバ構成】

RedHat ES3

samba-3.0.9-1.3E.2
samba-client-3.0.9-1.3E.2
samba-common-3.0.9-1.3E.2
samba-swat-3.0.9-1.3E.2
smbldap-tools
openldap-2.0.27-17
openldap-clients-2.0.27-17
openldap-devel-2.0.27-17
openldap-servers-2.0.27-17



【smb.conf】

 [global]
  	dos charset = CP932
  	unix charset = EUCJP-MS
  	display charset = EUCJP-MS
  	workgroup = CS
  	server string =  CS File Server
  	passdb backend = "ldapsam:ldap://10.254.1.5 ldap://10.254.1.6"
  	log file = /var/log/samba/%m.log
  	max log size = 50
  	socket options = TCP_NODELAY SO_RCVBUF=8576 SO_SNDBUF=8576
  	wins support = Yes
  	ldap admin dn = cn=Manager,dc=cs,dc=xxxxxx,dc=ac,dc=jp
  	ldap group suffix = ou=Groups
  	ldap machine suffix = ou=Computers
  	ldap passwd sync = Yes
  	ldap suffix = dc=cs,dc=xxxxxx,dc=ac,dc=jp
  	ldap ssl = no
  	ldap user suffix = ou=Users
  	admin users = Administrator
  	cups options = raw
追加→      security  = user
追加→      os level = 64
追加→      preferred master = Yes
追加→      domain master = Yes
追加→      local master = Yes
追加→      domain logons = Yes


 [homes]
  	comment = Home Directories
  	read only = No
  	browseable = No
  	available = No

 [printers]
  	comment = All Printers
  	path = /var/spool/samba
  	printable = Yes
  	browseable = No

 [pub]
  	path = /pub
  	read only = No

 [student2005]
  	path = /home/2005
  	read only = No

 [teacher]
  	path = /home/teacher
  	read only = No

 [pr1]
  	comment = 10.130.1.11(linux)
  	path = /var/spool/samba
  	read only = No
  	printer name = pr1
  	browseable = No
  	oplocks = No
  	share modes = No
  	available = No

 [pr2]
  	comment = 10.130.1.12(linux)
  	path = /var/spool/samba
  	read only = No
  	printer name = pr2
  	browseable = No
  	oplocks = No
  	share modes = No
  	available = No

 [pr3]
  	comment = 10.130.1.13(linux)
  	path = /var/spool/samba
  	read only = No
  	printer name = pr3
  	browseable = No
  	oplocks = No
  	share modes = No
  	available = No

 [pr4]
  	comment = 10.130.1.14(linux)
  	path = /var/spool/samba
  	read only = No
  	printer name = pr4
  	browseable = No
  	oplocks = No
  	share modes = No
  	available = No

 [pr]
  	comment = Linux Printing Sapport
  	path = /var/spool/samba
  	read only = No
  	printer name = pr
  	browseable = No
  	oplocks = No
  	share modes = No
  	available = No

 [print$]
  	comment = Printer Driver Download Area
  	path = /var/samba/printers
  	write list = Administrator
  	guest ok = Yes

 [prw1]
  	comment = 10.130.1.11(win)
  	path = /var/spool/samba
  	read only = No
  	printer name = prw1
  	browseable = No
  	oplocks = No
  	share modes = No
  	available = No

 [prw2]
  	comment = 10.130.1.12(win)
  	path = /var/spool/samba
  	read only = No
  	printer name = prw2
  	browseable = No
  	oplocks = No
  	share modes = No
  	available = No

 [prw3]
  	comment = 10.130.1.13(win)
  	path = /var/spool/samba
  	read only = No
  	printer name = prw3
  	browseable = No
  	oplocks = No
  	share modes = No
  	available = No

 [prw4]
  	comment = 10.130.1.14(win)
  	path = /var/spool/samba
  	read only = No
  	printer name = prw4
  	browseable = No
  	oplocks = No
  	share modes = No
  	available = No

 [supportdesk]
  	path = /home/supportdesk
  	read only = No

 [student2006]
  	path = /home/2006
  	read only = No

 【slapd.conf】

 include		/etc/openldap/schema/core.schema
 include		/etc/openldap/schema/cosine.schema
 include		/etc/openldap/schema/inetorgperson.schema
 include		/etc/openldap/schema/nis.schema
 include		/etc/openldap/schema/redhat/autofs.schema
 include		/etc/openldap/schema/redhat/kerberosobject.schema

 include		/etc/openldap/schema/samba.schema
 include		/etc/openldap/schema/xylanauthenticationperson.schema

 password-hash	{MD5}

 loglevel	256

 database	ldbm
 suffix		"dc=cs,dc=xxxxxx,dc=ac,dc=jp"
 rootdn		"cn=Manager,dc=cs,dc=xxxxxx,dc=ac,dc=jp"

 rootpw			{MD5}xxxxxxxxxxxxxxxxxxxxxxxx

 directory	/var/lib/ldap

 index	objectClass,uidNumber,gidNumber,memberUid	eq
 index	cn,mail,surname,givenname			eq,subinitial
 index	uid						pres,eq

 replogfile	/var/lib/ldap/master-slapd.replog
 replica host=ldap2.cs.xxxxxx.ac.jp:389
 	binddn="cn=Manager,dc=cs,dc=xxxxxx,dc=ac,dc=jp"
 	bindmethod=simple
 	credentials=xxxxxxxxxx




++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
株式会社大塚商会                      
関西テクニカルソリューションセンター ( 関西TSC ) 
作 田  英 司 ( さくた ひでし )            
Hideshi Sakuta
                      
Tel : 06-6456-2640
Mail: Hideshi.Sakuta @ otsuka-shokai.co.jp
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



samba-jp メーリングリストの案内