[Samba] wbinfo -u and -g work, wbinfo -s works only for some users

Danilo Godec danilo.godec at agenda.si
Mon Aug 2 05:13:51 MDT 2010 

Well, I still had problem running your script - didn't quite know how to
specify the server and other parameters...

But it was a starting point - it lead me to install latest
'smbldap-tools' and using those I added a 'test' user. Then I compared
LDAP entires of newly created user to old users and noticed, that old
users are missing a couple of 'objectClass' statements:

> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: sambaSamAccount
> objectClass: shadowAccount

vs.

> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSamAccount

I added missing objectClass-es to all users and as it seems everything
works well now.


 Thanks, Danilo

PS: I guess I'll have to update the LDAP Account Manager too...


On 27. 07. 2010 15:16, Jason Gerfen wrote:
> My apologies...
>
> Here is a working copy as an attachment. I will also fix the blog post
> I have up about it.
>
> Keep in mind it does require a couple of tools installed to function
> properly.
> i.e.
> wbinfo
> ldapsearch
> ldapmodify
>
> Also a note on how it works. It uses wbinfo to detect any account in
> active directory which does not have the unix extension properties for
> the uid,gid,default shell, homedir, as well as any DN attribute which
> uses first name last name, (DN=first last,CN=Users) which seems to
> cause problems with the UID 2 SID verification process, and modifies
> only those accounts.
>
> Using 'wizard' mode will allow you to test it on one account and once
> that works you can specify a OU within Active Directory and this will
> perform the operations on any account which fails the UID 2 SID
> verification.
>
> Let me know if you experience any problems with it.
>
> On 07/27/10 02:29, Danilo Godec wrote:
>> While my situation is a bit different (no AD server, Samba is PDC for
>> the domain, using OpenLDAP for users, groups, ...), I tried running your
>> Perl script in 'Wizard' mode, but it fails (using perl 5.8.3):
>>
>> # ./UID2SID.pl
>> syntax error at ./UID2SID.pl line 204, near "= ;"
>> syntax error at ./UID2SID.pl line 239, near "= ;"
>> syntax error at ./UID2SID.pl line 380, near "= ;"
>> syntax error at ./UID2SID.pl line 404, near "=  ) "
>> syntax error at ./UID2SID.pl line 410, near "}"
>> Execution of ./UID2SID.pl aborted due to compilation errors.
>>
>>    Regards, Danilo
>>
>>
>>
>>
>> On 26. 07. 2010 15:54, Jason Gerfen wrote:
>>   
>>> Here is a document and perl script I developed to resolve UID to SID
>>> mappings in Samba Active Directory authentication.
>>>
>>> http://zerointeger.tumblr.com/post/589762841/samba-and-active-directory
>>>
>>> Let me know if that helps any.
>>>
>>> On 07/26/10 07:01, Danilo Godec wrote:
>>>     
>>>> Got a problem after upgrading Samba from 3.0 to 3.5 - have a bunch of
>>>> users and groups in LDAP and things work for the most part.
>>>>
>>>> However, when people try to change permissions from within Windows,
>>>> some
>>>> usernames or groupnames are shown properly, but other are not -
>>>> they see
>>>> the SID.
>>>>
>>>> Following up I noticed, that I can get a list of all users with
>>>> 'wbinfo
>>>> -u' and that I can get a SID for every user with 'wbinfo -n $USER'.
>>>>
>>>> However, for about 70% of all SIDs listed a 'reverse lookup' with
>>>> 'wbinf
>>>> -s $SID' doesn't work:
>>>>
>>>>
>>>>       
>>>>> S-1-5-21-239950015-4237961228-1280988766-3060 Could not lookup sid
>>>>> S-1-5-21-239950015-4237961228-1280988766-3060
>>>>>
>>>>>          
>>>> It works for some and it turns out that this relates to what usernames
>>>> are visible in Windows...
>>>>
>>>> I checked my LDAP and compared some of the users that work to some of
>>>> those that don't, but there are no apparent differences.
>>>>
>>>> Any ideas?
>>>>
>>>>     Regards, Danilo
>>>>
>>>>
>>>>
>>>>
>>>>        
>>>      
>>
>>    
>


-- 
Danilo Godec, sistemska podpora / system administration

Predlog! Obiscite prenovljeno spletno stran www.agenda.si 

ODPRTA KODA IN LINUX 
STORITVE : POSLOVNE RESITVE : UPRAVLJANJE IT : INFRASTRUKTURA IT : IZOBRAZEVANJE : PROGRAMSKA OPREMA 

Visit our updated web page at www.agenda.si 

OPEN SOURCE AND LINUX 
SERVICES : BUSINESS SOLUTIONS : IT MANAGEMENT : IT INFRASTRUCTURE : TRAINING : SOFTWARE

More information about the samba mailing list