RE pdb_ldap.c, ldapsam_add_sam_account, existing poxisaccount

spu at corman.be spu at corman.be
Thu May 26 15:12:20 GMT 2005


Ok,

I re-read the script and the sambasamaccount is only added with  -i option.

My position is :
      - I asked the problem in 2004, I a put a BUG.  For some reasons, no
reaction from samba team for this problem.
      - My solution is modify the smbldap-script for add sambasamaccount
and add a machine on two step, it's work (until today)

add theses lines after the
if (defined($Options{'i'})) {
> ...
> }



 if (defined($Options{'w'})) {
    # For machine account
    # Objectclass sambaSAMAccount must be added now !

    my $date=time;
    my $modify = $ldap_master->modify (
"uid=$userName,$config{computersdn}",
                                        changes => [
                                                    replace => [objectClass
=> ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
                                                    add => [sambaLogonTime
=> '0'],
                                                    add => [sambaLogoffTime
=> '2147483647'],
                                                    add =>
[sambaKickoffTime => '2147483647'],
                                                    add =>
[sambaPwdCanChange => '0'],
                                                    add =>
[sambaPwdMustChange => '2147483647'],
                                                    add => [sambaPwdLastSet
=> "$date"],
                                                    add => [sambaAcctFlags
=> '[W          ]'],
                                                    add => [sambaSID =>
"$user_sid"],
                                                    add =>
[sambaPrimaryGroupSID => "$config{SID}-515"]
                                                   ]
                                      );

    $modify->code && die "failed to add entry: ", $modify->error ;
    }

ask me if problem, I cannot add machine today, but if you can test for me I
appreciate.

thanks


      Stéphane Purnelle

-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467

samba-technical-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit
sur 26/05/2005 16:57:49 :

> spu at corman.be wrote:
> > I forgot some details.
> > the script add the sambasamaccount.
> > could you send me the smbldap-useradd script for see what version you
use ?
> >
> > some smbldap script not add the sambasamaccount, because normally samba
> > must add it (and is this part which don't work).
> > the last version seems to add the sambasamaccount attributes and old
> > version too.
> Ah! smbldap-useradd in 0.8.7 certainly does not seem to add the
> sambasamaccount attributes. I just downloaded the latest 0.9.0 and that
> doesn't seem to either. Not with -w, which as i understand it is the way
> it should be used. -w just makes the posixaccount and expects samba to
> do the rest...
>
> # MACHINE ACCOUNT
> if (defined($Options{'w'}) or defined($Options{'i'})) {
>
>   #print "About to create machine $userName:\n";
>
>   if (!add_posix_machine
> ($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
>     die "$0: error while adding posix account\n";
>   }
>
>   if (defined($Options{'i'})) {
> ...
> }
>
>   $ldap_master->unbind;
>   exit 0;
> }
>
> Should the add machine script set up the samba attributes? It seems a
> bit mad. Surely samba should be finding that the user exists but doesn't
> have the samba attributes and then it should modify the user? That's
> what the code in my original post appears to be trying to do...
>
> John


More information about the samba-technical mailing list