openldap無法啟動?高手快來幫幫我吧!!!!!!!!!
配置文件好象沒什麼問題:
# service ldap restart
停止 slapd: [ 確定 ]
檢查 slapd 的配置文件:config file testing succeeded
啟動 slapd: [ 確定 ]
#
OPENLDAP的389埠無法打開:
# netstat -nat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:622 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::ffff:192.168.254.100:22 ::ffff:192.168.1.199:1327 ESTABLISHED
tcp 0 0 ::ffff:192.168.254.100:22 ::ffff:192.168.1.18:1614 ESTABLISHED
#
SAMBA的服務也沒起來(從上面的netstat 結果中沒有出現445和139埠這一點上也可以看出來)
# service smb restart
關閉 SMB 服務: [失敗]
關閉 NMB 服務: [ 確定 ]
啟動 SMB 服務: [失敗]
啟動 NMB 服務: [ 確定 ]
#
這是我的/etc/openldap/sldap.conf的配置內容:
# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/rdbms_depend/pgsql/slapd.conf,v 1.2.2.2 2004/01/20 23:44:21 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#modulepath /usr/sbin/openldap
#moduleload back_sql
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
#loglevel 255
#sessionlog 123 1000
#######################################################################
# sql database definitions
#######################################################################
#backend sql
#database sql
database bdb
directory /var/lib/ldap
suffix "dc=ipcgroup,dc=local"
rootdn "uid=Administrator,ou=Users,dc=ipcgroup,dc=local"
rootpw 1PcGr0nP
#dbname PgSQL
#dbuser openldap
#dbpasswd 0p3n1dAp
#insentry_query "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
#upper_func "upper"
#strcast_func "text"
#concat_pattern "?||?"
#has_ldapinfo_dn_ru no
#lastmod on
index objectClass,uid,sambaSID,uidNumber,gidNumber,cn,memberuid eq
access to attr=sambaLMPassword,sambaNTPassword,sambaPasswordHistory
by dn.regex="uid=Administrator,ou=Users,dc=ipcgroup,dc=local" write
by self write
by users read
by anonymous auth
access to attr=userPassword
by dn.regex="uid=Administrator,ou=Users,dc=ipcgroup,dc=local" write
by self write
by users read
by anonymous auth
access to *
by self write
by * read
《解決方案》
/etc/samba/smb.conf
#======================= Global Settings =====================================
workgroup = IPCGROUP
netbios name = IPCGROUP_SRV
server string = Samba Server
#hosts allow = 192.168.1. 192.168.2. 127.
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes
# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
; printing = cups
# This option tells cups that the data has already been rasterized
cups options = raw
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# all log information in one file
# log file = /var/log/samba/smbd.log
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user
# Use password server option only with security = server
; password server = <NT-Server-Name>
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
#interfaces = 192.168.254.100/24 127.0.0.1
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
remote announce = 192.168.1.255 192.168.2.255 192.168.253.255
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
os level = 33
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
admin users = Administrator
printer admin = Administrator
guest account = Guest
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel -r '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%m'
#add share command = /usr/lib/samba/bin/addshare.pl
#delete share command = /usr/lib/samba/bin/delshare.pl
#change share command = /usr/lib/samba/bin/chgshare.pl
force unknown acl user = yes
logon path = \\%L\Profiles\%U
name resolve order = wins lmhosts host bcast
wins proxy = yes
dns proxy = no
preserve case = yes
short preserve case = yes
# Default case is normally upper case for all DOS files
default case = lower
# Be very careful with case sensitivity - it can break things!
case sensitive = no
passdb backend = ldapsam:ldap://127.0.0.1 smbpasswd
ldap ssl = no
ldap admin dn = uid=Administrator,ou=Users,dc=ipcgroup,dc=local
ldap suffix = dc=ipcgroup,dc=local
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap passwd sync = Yes
#ldap filter="(&(uid=%u)(objectClass=sambaAccount))"
unix charset = UTF-8
dos charset = UTF-8
display charset = UTF-8
#============================ Share Definitions ==============================
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
comment = Home Directories
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
comment = The Domain Logon Service
path = /var/samba/netlogon
guest ok = no
writable = no
share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
path = /home/%U/profiles
#path = /home/profiles
writeable = yes
browseable = yes
create mode = 0600
directory mode = 0700
force user = %U
valid users = %U admin
guest ok = no
# ----- IPC Shared Directory
comment = Public file space (temporary)
path = /home/public
writeable = yes
force user = %U
valid users = %U
guest ok = yes
path=/home/share
browseable = no
valid users = @mgm_president
read only = no
create mask = 664
directory mask = 775
force group = mgm_president
nt acl support = yes
guest ok = no
path=/home/share/mgm
browseable = no
valid users = @mgm_adm @mgm_president
read only = no
create mask = 664
directory mask = 775
force group = mgm_adm
nt acl support = yes
guest ok = no
path=/home/share/gen
browseable = no
valid users = @dept_gen
read only = no
create mask = 664
directory mask = 775
force group = dept_gen
nt acl support = yes
guest ok = no
path=/home/share/med
browseable = no
valid users = @dept_med
read only = no
create mask = 664
directory mask = 775
force group = dept_med
nt acl support = yes
guest ok = no
path=/home/share/food
browseable = no
valid users = @dept_food
read only = no
create mask = 664
directory mask = 775
force group = dept_food
nt acl support = yes
guest ok = no
path=/home/share/afg
browseable = no
valid users = @dept_afg
read only = no
#create mask = 664
create mask = 600
#directory mask = 775
directory mask = 700
force group = dept_afg
nt acl support = yes
guest ok = no
path=/home/share/g9525
browseable = no
valid users = @dept_9525
read only = no
create mask = 664
directory mask = 775
force group = dept_9525
nt acl support = yes
guest ok = no
《解決方案》
slapd啟動的日誌:
/var/log/slapd.log
ntos/rpmbuild/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
Jul 7 15:10:17 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:10:17 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:10:17 fs slapd: bdb_db_init: Initializing BDB database
Jul 7 15:11:05 fs slapd: @(#) $OpenLDAP: slapd 2.2.13 (Oct 18 2005 10:08:34) $
[email protected]:/home/buildcentos/rpmbuild/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
Jul 7 15:11:05 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:11:05 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:11:05 fs slapd: bdb_db_init: Initializing BDB database
Jul 7 15:22:14 fs slapd: @(#) $OpenLDAP: slapd 2.2.13 (Oct 18 2005 10:08:34) $
[email protected]:/home/buildcentos/rpmbuild/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
Jul 7 15:22:14 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:22:14 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:22:14 fs slapd: bdb_db_init: Initializing BDB database
Jul 7 15:33:22 fs slapd: @(#) $OpenLDAP: slapd 2.2.13 (Oct 18 2005 10:08:34) $
[email protected]:/home/buildcentos/rpmbuild/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
Jul 7 15:33:22 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:33:22 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:33:22 fs slapd: bdb_db_init: Initializing BDB database
Jul 7 15:59:19 fs slapd: @(#) $OpenLDAP: slapd 2.2.13 (Oct 18 2005 10:08:34) $
[email protected]:/home/buildcentos/rpmbuild/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
Jul 7 15:59:19 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:59:19 fs slapd: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Jul 7 15:59:19 fs slapd: bdb_db_init: Initializing BDB database
samba 的啟動日誌
/var/log/samba/snmb.log
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 14 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 15 try!
lib/smbldap.c:smbldap_search_suffix(1155)
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 1 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 2 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 3 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 4 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 5 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 6 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 7 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 8 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 9 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 10 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 11 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 12 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 13 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 14 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 15 try!
lib/smbldap.c:another_ldap_try(990)
Connection to LDAP server failed for the 16 try!
lib/smbldap.c:smbldap_search_suffix(1155)
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
auth/auth_util.c:make_server_info_sam(822)
User Guest in passdb, but getpwnam() fails!
《解決方案》
你用的是REDHAT嗎?
我在redhat AS4下也遇到同樣的問題. 好象需要打個patch.後來我將資料庫改成ldbm就可以了.
《解決方案》
大俠能說的詳細些嗎打什麼補丁,幫幫我吧!!!
我個人感覺也是資料庫方面的問題,我的數據不能丟失吧!
《解決方案》
下面是調試信息:感覺就是資料庫沒有起來
# /usr/sbin/slapd -d 256
@(#) $OpenLDAP: slapd 2.2.13 (Oct 18 2005 10:08:34) $
[email protected]:/home/buildcentos/rpmbuild/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_db_init: Initializing BDB database
《解決方案》
原帖由 guohaili 於 2006-7-7 20:56 發表
下面是調試信息:感覺就是資料庫沒有起來
# /usr/sbin/slapd -d 256
@(#) $OpenLDAP: slapd 2.2.13 (Oct 18 2005 10:08:34) $
[email protected]:/home/buildcentos/rpmbuild/BU ...
從一開始你的openldap就啟動著,現在也一樣。我不知道你怎麼看出的資料庫沒有起來?但這個提示確實說明openldap已經正常啟動了,至於samba的報錯,那就要找samba配置的問題了。LDAP這邊沒問題。
《解決方案》
原帖由 py 於 2006-7-7 23:55 發表
從一開始你的openldap就啟動著,現在也一樣。我不知道你怎麼看出的資料庫沒有起來?但這個提示確實說明openldap已經正常啟動了,至於samba的報錯,那就要找samba配置的問題了。LDAP這邊沒問題。
謝謝斑竹的回復,我對openldap懂得不多,讓您見笑了,但是我就是不知道為什麼我的OPENLDAP的389埠起不來是什麼原因?如果ldap沒問題的話,是不是389就應該開著啊
難道也是SAMBA配置的原因嗎?
我的samba的配置在好事之前我也備過分的,應該沒問題啊!!
斑竹幫幫我吧
《解決方案》
我現在設置密碼還是可以的,但是就是389埠無法打開,samba也起不來
# smbpasswd -w ipcgroup
Setting stored password for "uid=Administrator,ou=Users,dc=ipcgroup,dc=local" in secrets.tdb
[ 本帖最後由 guohaili 於 2006-7-8 19:35 編輯 ]
《解決方案》
看看這裡
我也只是個新手而已. 不知道這個對你有沒有幫助. 不好意思,我也不知道怎麼下載安裝這東東. 如果你知道,麻煩告訴我一下.
RHBA-2005:525 - Bug Fix Advisory
Details
Packages
Affected Systems
Synopsis
openldap bug fix update
Issued: 10/5/05
Updated: 10/5/05
Topic
Updated openldap packages that resolve a deadlock in the bdb back-end used
in slapd (the standalone LDAP server) are now available for Red Hat
Enterprise Linux 4.
Description
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.
The openldap-servers package includes slapd, a standalone LDAP server which
can use any of a number of back ends for storing and accessing data it
serves to clients. OpenLDAP 2.2.13 contained a bug in the bdb back end
which could mistakenly cause deadlocks to occur when writing to the on-disk
database.
All users are advised to upgrade to these updated packages, which backport
a fix from OpenLDAP 2.2.15 to address this problem.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
