LDAP-SAM and Samba 2.2

David Highley dhighley at highley-recommended.com
Fri Nov 30 15:28:02 GMT 2001 

"Erik Persson wrote:"
> 
> Hi!
> 
> I am experimenting with the PDC features of Samba 2.2 with the LDAP SAM
> backend. This is going fairly well, except eny attempt to join the domain
> fails due to some confusion within smbd concerning what the RID for the
> workstation account should be.

There was a posting in the last couple of days that indicated that
cvs patches were needed to get Samba 2.2.2 to operate with LDAP.

> 
> To add user I use "add user script" parameter to call a homecooked Pike
> script that creates an entry for the account in the LDAP server.
> The script sets all relevant parameters, including lmPassword, ntPassword,
> rid and primaryGroupID. The latter two attributes are calculated from
> uidNumber and gidNumber as in the smbpasswd code:
> 
> #define RID_MULTIPLIER 2
> #define USER_RID_TYPE 0
> #define GROUP_RID_TYPE 1
> 
> string rid = sprintf("%d",
>    (((int)args["uidNumber"])*RID_MULTIPLIER + 1000) | USER_RID_TYPE );
> string primaryGroupID = sprintf("%d",
>    (((int)args["gidNumber"])*RID_MULTIPLIER + 1000) | GROUP_RID_TYPE );
> 
> 
> What seems to happen is that smbd seems to interpret the integer values in
> "rid" and "primaryGroupID" as hexadecimal values and then convert them to
> decimal.
> 
> As you can see from the excerpts from the log file below, the adduser
> scripts completes successfully whereafter an LDAP search for "roadrunner$"
> returns the correct rid and primaryGroupID values (15000 and 15001
> calculated from uidNumber/gidNumber 7000/7000).
> 
> Now the LDAP records are modified from init_ldap_from_sam() and
> pdb_update_sam_account() and the values printed in the debug log are
> 86016/86017.
> 
> Being happy with this (I don't really care if smbd feels that my
> calculated values were unsatisfactory as long as it works) the process
> goes in querying the LDAP server for a rid of "548886"
> 
> 
> [2001/11/30 23:45:24, 3] smbd/reply.c:smb_create_user(538)
>   smb_create_user: Running the command
> `/home/erik/src/pike/ldaptools/adduser.pike \
> 	-t W -L ldaps://127.0.0.1 -D "cn=root,dc=roxen,dc=com" \
> 	-b "dc=roxen, dc=com" -uo "ou=People" -go "ou=Group" -l 7000 -h
> 8000 \
> 	-c "NT Domain account for roadrunner" -s /bin/false -d /dev/null \
> 	-g ntws -p roadrunner roadrunner$' gave 0
> [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:ldap_open_connection(130)
>   ldap_open_connection: connection opened
> [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:ldap_connect_system(160)
>   ldap_connect_system: succesful connection to the LDAP server
> [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:ldap_search_one_user(172)
>   ldap_search_one_user: searching
> for:[(&(uid=roadrunner$)(objectclass=sambaAccount))]
> [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:get_single_attribute(256)
>   get_single_attribute: [uid] = [roadrunner$]
> [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(374)
>   Entry found for user: roadrunner$
> [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:get_single_attribute(256)
>   get_single_attribute: [rid] = [15000]
> [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:get_single_attribute(256)
>   get_single_attribute: [primaryGroupID] = [15001]
> 
> [2001/11/30 23:45:24, 2] passdb/pdb_ldap.c:init_ldap_from_sam(543)
>   Setting entry for user: roadrunner$
> [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:pdb_update_sam_account(931)
>   successfully modified uid = roadrunner$ in the LDAP database
> 
> [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:ldap_search_one_user(172)
>   ldap_search_one_user: searching
> for:[(&(uid=roadrunner$)(objectclass=sambaAccount))]
> [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:get_single_attribute(256)
>   get_single_attribute: [uid] = [roadrunner$]
> [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(374)
>   Entry found for user: roadrunner$
>   get_single_attribute: [rid] = [86016]
> [2001/11/30 23:45:25, 2] passdb/pdb_ldap.c:get_single_attribute(256)
>   get_single_attribute: [primaryGroupID] = [86017]
> 
>   ldap_search_one_user: searching for:[rid=548886]
> [2001/11/30 23:45:25, 0] passdb/pdb_ldap.c:pdb_getsampwrid(755)
>   We don't find this rid [548886] count=0
> 
> 
> Right... 0x15000 -> 86016, 0x86016 -> 548886. Pretty obvious I'd say. Is
> this a known problem for which there might be a patch available?
> 
> Thanks,
> /Erik
> 
> -- 
> Erik Persson, System Manager            <erik at roxen.com>
> Roxen Internet Software                 Voice:  +46 13 376817
> 
> 
> 


-- 


Regards,

David Highley		      Phone: (206) 669-0081
Highley Recommended, Inc.	FAX: (253) 838-8509
2927 SW 339th Street	      Email: dhighley at highley-recommended.com
Federal Way, WA 98023-7732	WEB: http://www.highley-recommended.com

More information about the samba-ntdom mailing list