delgroup-script not used in 3.0.7

Ingo Steuwer steuwer at univention.de
Tue Sep 21 06:55:13 GMT 2004 

Am Mo, den 20.09.2004 schrieb Igor Belyi um 18:03:
> Ingo Steuwer wrote:
> > Hello
> > 
> > after an updating samba 3.0.4 to 3.0.7 it seems like samba ignores the
> > "delete group script" - parameter in smb.conf. Using the NT-usermanager
> > against 3.0.4 deletes groups, 3.0.7 produces an "access denied". Looking
> > in log.smbd shows that 3.0.7 doesn't start the defined delgroup script
> > while 3.0.4 does. 
> > 
> > I don't know about the behaviour of 3.0.5 or 3.0.6 in this case. 
> > 
> > Is this a (known ?) bug or did the configuration change ?
> 
> This means that problem happen during removal of Group Mapping (before 
> "delete group script" is called). What backend you use? Are there other 
> errors in the samba log?
> 
> Igor


You're right, what really fails seems to be the LDAP-backend.  I
attached level 10 debug of log.smbd during adding and trying to delete a
group called "smabgrup" using "net rpc ... group" with samba 3.0.7.

Our Script (univention-addgroup) creates a Posix-Group, samba-related
attributes (SID, groupType ..) are written by samba.

Trying to delete the group gives an objectClass violation. What does
samba try to do there ? Our samba.schema shows no diff to the one in the
3.0.7-tgz.

Is this related to the "ldap delete dn = yes"-ldap-backend-bug ? I've
got some trouble deleting users using our "delete user script" I think
are related to this bug, but they occur after our script removes the
user entry while samba tries to delete the DN by itself. In this case
samba doesn't call the delete group script like it did in samba 3.0.4
(see last logfile).

Thanks for any hints

Ingo Steuwer



################# Adding group:

UNIVENTION Adding group sambagroup
[2004/09/21 07:36:50, 3] groupdb/mapping.c:smb_create_group(1113)
  smb_create_group: Running the command `/usr/sbin/univention-addgroup
"sambagroup"' gave 0
[2004/09/21 07:36:50, 5] lib/smbldap.c:smbldap_search(963)
  smbldap_search: base => [dc=groupware,dc=univention,dc=de], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))], scope =>
 [2]
[2004/09/21 07:36:50, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2008)
  ldapsam_getgroup: Did not find group
[2004/09/21 07:36:50, 5] lib/smbldap.c:smbldap_search(963)
  smbldap_search: base => [dc=groupware,dc=univention,dc=de], filter =>
[(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumbe
r=4294967295))], scope => [2]
[2004/09/21 07:36:50, 5] lib/smbldap.c:smbldap_search(963)
  smbldap_search: base => [dc=groupware,dc=univention,dc=de], filter =>
[(&(objectClass=sambaIdmapEntry)(gidNumber=4294967295))], scope => [
2]
[2004/09/21 07:36:50, 5] lib/smbldap.c:smbldap_search(963)
  smbldap_search: base => [dc=groupware,dc=univention,dc=de], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))], scope =>
 [2]
[2004/09/21 07:36:50, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2008)
  ldapsam_getgroup: Did not find group

#### ldap-searches are repeated 12 times

[2004/09/21 07:36:50, 5] lib/smbldap.c:smbldap_search(963)
  smbldap_search: base => [dc=groupware,dc=univention,dc=de], filter =>
[(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumbe
r=5566))], scope => [2]
[2004/09/21 07:36:50, 10]
lib/smbldap.c:smbldap_get_single_attribute(309)
  smbldap_get_single_attribute: [sambaSID] = [<does not exist>]
[2004/09/21 07:36:50, 10]
lib/smbldap.c:smbldap_get_single_attribute(309)
  smbldap_get_single_attribute: [sambaGroupType] = [<does not exist>]
[2004/09/21 07:36:50, 10]
lib/smbldap.c:smbldap_get_single_attribute(309)
  smbldap_get_single_attribute: [displayName] = [<does not exist>]
[2004/09/21 07:36:50, 10]
lib/smbldap.c:smbldap_get_single_attribute(309)
  smbldap_get_single_attribute: [description] = [<does not exist>]
[2004/09/21 07:36:50, 5] lib/smbldap.c:smbldap_modify(1009)
  smbldap_modify: dn =>
[cn=sambagroup,cn=groups,dc=groupware,dc=univention,dc=de]
[2004/09/21 07:36:50, 2]
passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(2226)
  ldapsam_add_group_mapping_entry: successfully modified group 5566 in
LDAP


########### Deleting the same group

[2004/09/21 07:40:04, 5] lib/smbldap.c:smbldap_search(963)
  smbldap_search: base => [dc=groupware,dc=univention,dc=de], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2337605501-2966
419078-505554721-12133))], scope => [2]
[2004/09/21 07:40:04, 2] passdb/pdb_ldap.c:init_group_from_ldap(1902)
  init_group_from_ldap: Entry found for group: 5566
[2004/09/21 07:40:04, 10]
lib/smbldap.c:smbldap_get_single_attribute(309)
  smbldap_get_single_attribute: [description] = [<does not exist>]
[2004/09/21 07:40:04, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0
[2004/09/21 07:40:04, 10]
groupdb/mapping.c:get_domain_group_from_sid(810)
  get_domain_group_from_sid: SID found in the TDB
[2004/09/21 07:40:04, 10]
groupdb/mapping.c:get_domain_group_from_sid(817)
  get_domain_group_from_sid: SID is a domain group
[2004/09/21 07:40:04, 10]
groupdb/mapping.c:get_domain_group_from_sid(823)
  get_domain_group_from_sid: SID is mapped to gid:5566
[2004/09/21 07:40:04, 10]
groupdb/mapping.c:get_domain_group_from_sid(831)
  get_domain_group_from_sid: gid exists in UNIX security
[2004/09/21 07:40:04, 5] lib/smbldap.c:smbldap_search(963)
  smbldap_search: base => [dc=groupware,dc=univention,dc=de], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2337605501-2966
419078-505554721-12133))], scope => [2]
[2004/09/21 07:40:04, 5] lib/smbldap.c:smbldap_modify(1009)
  smbldap_modify: dn =>
[cn=sambagroup,cn=groups,dc=groupware,dc=univention,dc=de]
[2004/09/21 07:40:04, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(328)
  ldapsam_delete_entry: Could not delete attributes for
cn=sambagroup,cn=groups,dc=groupware,dc=univention,dc=de, error: Object
class violat
ion (attribute 'sambaSID' not allowed)
[2004/09/21 07:40:04, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 samr_io_r_delete_dom_group
[2004/09/21 07:40:04, 6] rpc_parse/parse_prs.c:prs_debug(82)
      000000 smb_io_pol_hnd pol
[2004/09/21 07:40:04, 5] rpc_parse/parse_prs.c:prs_uint32(635)
          0000 data1: 00000000
[2004/09/21 07:40:04, 5] rpc_parse/parse_prs.c:prs_uint32(635)
          0004 data2: 00000000
[2004/09/21 07:40:04, 5] rpc_parse/parse_prs.c:prs_uint16(606)
          0008 data3: 0000
[2004/09/21 07:40:04, 5] rpc_parse/parse_prs.c:prs_uint16(606)
          000a data4: 0000
[2004/09/21 07:40:04, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
          000c data5: 00 00 00 00 00 00 00 00
[2004/09/21 07:40:04, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
      0014 status: NT_STATUS_ACCESS_DENIED


########### LDAP-Entry

dn: cn=sambagroup,cn=groups,dc=groupware,dc=univention,dc=de
objectClass: top
objectClass: posixGroup
objectClass: univentionGroup
objectClass: sambaGroupMapping
gidNumber: 5566
cn: sambagroup
sambaSID: S-1-5-21-2337605501-2966419078-505554721-12133
sambaGroupType: 2
displayName: sambagroup


########### deleting group with samba 3.0.4

[2004/09/20 12:06:13, 5] lib/smbldap.c:smbldap_modify(989)
  smbldap_modify: dn =>
[cn=zzzganzuntengoup,cn=groups,dc=groupware,dc=univention,dc=de]
UNIVENTION Removing group zzzganzuntengoup
[2004/09/20 12:06:14, 3] groupdb/mapping.c:smb_delete_group(1160)
  smb_delete_group: Running the command `/usr/sbin/univention-delgroup
"zzzganzuntengoup"' gave 0
[2004/09/20 12:06:14, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
  Found policy hnd[0] [000] 00 00 00 00 1E 00 00 00  00 00 00 00 94 AB
4E 41  ........ ......NA
  [010] 69 25 00 00                                       i%..
[2004/09/20 12:06:14, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
  Closed policy
[2004/09/20 12:06:14, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 samr_io_r_delete_dom_group
[2004/09/20 12:06:14, 6] rpc_parse/parse_prs.c:prs_debug(82)
      000000 smb_io_pol_hnd pol
[2004/09/20 12:06:14, 5] rpc_parse/parse_prs.c:prs_uint32(635)
          0000 data1: 00000000
[2004/09/20 12:06:14, 5] rpc_parse/parse_prs.c:prs_uint32(635)
          0004 data2: 00000000
[2004/09/20 12:06:14, 5] rpc_parse/parse_prs.c:prs_uint16(606)
          0008 data3: 0000
[2004/09/20 12:06:14, 5] rpc_parse/parse_prs.c:prs_uint16(606)
          000a data4: 0000
[2004/09/20 12:06:14, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
          000c data5: 00 00 00 00 00 00 00 00
[2004/09/20 12:06:14, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
      0014 status: NT_STATUS_OK



-- 
ACHTUNG: Wir sind umgezogen! Neue Adresse und Telefonnummer ab dem 1.8.04!
NEUE ADRESSE: Mary-Somerville-Straße 1;  D-28359 Bremen;  Deutschland

Ingo Steuwer       steuwer at univention.de         fon: +49 421 22 232- 0
Entwicklung        Linux for Your Business       
Univention GmbH    http://www.univention.de/     fax: +49 421 22 232-99

More information about the samba-technical mailing list