[Samba] Re: LDAP PDC, net rpc vampire
Ronan Waide
waider at waider.ie
Mon Jan 20 15:07:01 GMT 2003
On January 20, waider+samba at waider.ie said:
> At this point I am suspecting that it's expecting an LDAP account to
> exist already because I'm using sam backend = ldap. I'll try ldap_nua
> to see if it improves things, but if anyone can interrupt me and tell
> me what I'm missing I'd appreciate it.
Right, I think I've figured this out:
this is in utils/net_rpc_samsync.c
if (*add_script) {
int add_ret;
all_string_sub(add_script, "%u", account,
sizeof(account));
add_ret = smbrun(add_script,NULL);
DEBUG(1,("fetch_account: Running the command `%s' "
"gave %d\n", add_script, add_ret));
}
So this is expecting an add user/machine script.
The next line:
pw = getpwnam_alloc(account);
checks to see if the account was created. And finally:
if (pw) {
/* stuff... */
} else {
DEBUG(3, ("Could not create account %s\n", account));
pdb_free_sam(&sam_account);
return NT_STATUS_NO_SUCH_USER;
}
prints an error message if the account /wasn't/ created.
So at this point, the only place a LDAP account will be created is if
getpwnam_alloc() does it. And, well, it doesn't. So for net rpc
vampire to work, you need a working ldap-oriented add user script.
Which goes back to my original question; the previously used script
has been put in the Attic. I'm guessing longterm the intention is to
use LDAP directly, rather than an intermediary script. But IMHO it'd
be better to leave the existing LDAP script in place until the new
LDAP stuff works?
Cheers,
Waider.
--
waider at waider.ie / Yes, it /is/ very personal of me.
"Your broker is a half-naked blue-and-orange crypto-anarchist?"
- Neal Stephenson / The Great Simoleon Caper
More information about the samba
mailing list