[Samba] renaming a computer fail on a samba domain using ldap backend

ioguix ioguix at free.fr
Wed Apr 2 14:53:20 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Replying to myself :

Add the following conf line to smb.conf:
rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'

ioguix a écrit :
> Hello,
> 
> I am trying to rename a computer on my samba domain but it fails telling me I hadn't rights to do it.
> Obviously, I use the same admin account (root) than the one which add this computer on the domain some seconds before.
> 
> I am using samba 3.0.24 on Debian etch with a openldap SAM backend and smbldap-tools scripts using these conf params :
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
>    add user script = /usr/sbin/smbldap-useradd -c "Samba user account" -m -s /bin/false '%u'
>    add machine script = /usr/sbin/smbldap-useradd -c "Samba computer account" -g 515 -w -s /bin/false '%u'
>    add group script = /usr/sbin/smbldap-groupadd '%g'
>    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
>    delete user script = /usr/sbin/smbldap-userdel '%u'
>    delete group script = /usr/sbin/smbldap-groupdel '%g'
>    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
>    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> So far, I can add a computer on a domain, but I can't rename it.
> 
> I tried to rename the computer using smbldap-usermod before updating it in WinXP, but obviously, it fails telling me the user is
> unknown.
> 
> The only way I found is to add a computer with the new name to the domain using smbldap-useradd, leaving the domain from WinXP,
> renaming it under WinXP, re-join the domain, then drop the old computer account.
> 
> Here the content of log.root when I try to rename the computer (using "log file = /var/log/samba/log.%U" and log level = 3)
> http://pastebin.org/26701
> The ACCESS denied is at line 771 : "set_user_info_21: failed to rename account: NT_STATUS_ACCESS_DENIED"
> 
> I could give a more verbose log file, but this one is pretty huge...
> 
> So, where did I fail ?
> 
> Do we can rename a computer on a samba domain ?
> 
> Feel free to ask me anything more you need to help me :)
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH853fxWGfaAgowiIRAv69AJwKCpGF6nOgeTAqJPO+PTTFc89vSACfRXhi
boB8PEzyPb1m8LHv15laWTc=
=CgVf
-----END PGP SIGNATURE-----


More information about the samba mailing list