samba 3.0.1 and ldap backend problem - I can not add new accounts
to domain.
boka
boka at sto-procent.art.pl
Tue Feb 3 21:43:39 GMT 2004
Hi !
I cant add any user (person, and machine) to my domain made with
samba-3.0.1, openldap-2.0.27, new samba.schema, smbldap-tools-0.8.3. I
have to migrate from ldap_compact to ldap backend.
Rhea is a ldap server, codo is a PDC from DOMAIN.
To show, what the problem is, look at the following instructions:
root at rhea:~# smbldap-useradd -w loko20
root at rhea:~# getent passwd|grep loko
loko$:x:1459:553:loko$:/dev/null:/bin/false
loko20$:x:1088:553:loko20$:/dev/null:/bin/false
[root at codo cyrus-sasl]# getent passwd|grep loko
loko$:x:1459:553:loko$:/dev/null:/bin/false
loko20$:x:1088:553:loko20$:/dev/null:/bin/false
[root at codo cyrus-sasl]# pdbedit -L -v loko20$
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching
for:[(&(&(uid=loko20$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
Username not found!
[root at codo cyrus-sasl]# smbldap-userdel loko20$
[root at codo cyrus-sasl]# getent passwd|grep loko
loko$:x:1459:553:loko$:/dev/null:/bin/false
[root at codo root]# pdbedit -L -v loko$
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching
for:[(&(&(uid=loko$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
init_sam_from_ldap: Entry found for user: loko$
Unix username: loko$
NT username: loko$
Account Flags: [W ]
User SID: S-1-5-21-133419789-486977345-1400590255-3918
Primary Group SID: S-1-5-21-133419789-486977345-1400590255-0
Full Name: loko$
Home Directory: \\io\profiles\loko_
HomeDir Drive: H:
Logon Script: LOGON.BAT
Profile Path: \\io\profiles\loko_
Domain: DOMAIN
Account desc: Computer
Workstations:
Munged dial:
Logon time: 0
Logoff time: pią, 13 gru 1901 21:45:51 GMT
Kickoff time: pią, 13 gru 1901 21:45:51 GMT
Password last set: wto, 03 lut 2004 16:27:18 GMT
Password can change: wto, 03 lut 2004 16:27:18 GMT
Password must change: pią, 13 gru 1901 21:45:51 GMT
[root at codo root]# smbldap-usershow loko$
dn: uid=loko$,ou=Computers,dc=ITSTUFF,dc=PL
cn: loko$
uid: loko$
uidNumber: 1459
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
objectClass: top,posixAccount,sambaSamAccount
sambaSID: S-1-5-21-133419789-486977345-1400590255-3918
sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-0
sambaPwdMustChange: 2147483647
sambaLMPassword: 3DBA2EE9307B1C33CDE04089789D1F72
sambaNTPassword: 3DBA2EE9307B1C33CDE04089789D1F72
sambaPwdCanChange: 1075822038
sambaAcctFlags: [W ]
sambaLogoffTime: 2147483647
sambaLogonTime: 0
sambaKickoffTime: 2147483647
sambaPwdLastSet: 1075822038
[root at codo cyrus-sasl]# pdbedit -a -m loko20
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching
for:[(&(&(uid=loko20$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(uid=loko20$)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(sambaSID=S-0-0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
init_ldap_from_sam: Setting entry for user: loko20$
ldapsam_modify_entry: Failed to add user dn=
uid=loko20$,ou=Computers,dc=ITSTUFF,dc=PL with: Object class violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ldapsam_add_sam_account: failed to modify/add user with uid = loko20$
(dn = uid=loko20$,ou=Computers,dc=ITSTUFF,dc=PL)
Unable to add machine! (does it already exist?)
samba ldap conf looks like:
passdb backend = ldapsam:ldap://localhost
ldap delete dn = no
ldap suffix = dc=ITSTUFF,dc=PL
ldap admin dn = "cn=Manager,dc=ITSTUFF,dc=PL"
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap port = 389
ldap server = 127.0.0.1
ldap ssl = No
ldap passwd sync = Yes
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
idmap backend = ldap:ldap://localhost:389
samba was compiled with the following options to configure script:
--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=%{prefix}/share/swat/using_samba \
--with-swatdir=%{prefix}/share/swat \
--with-libsmbclient \
--with-expsam=mysql \
--with-ldap \
--with-ldapsam
ps. sorry for crossposting ... but i can not find any solution to my problem
greetz
boka
More information about the samba-technical
mailing list