Unable to add posixAccount objectclass to AD user

Sassy Natan sassyn at gmail.com
Wed Dec 9 13:53:17 MST 2009 

Did u manage to fix it?
It seems when I first check the posix account it was working (on
alpha10 and 9). But I was mistaken.
I can't add a posix account and I can tell why? Any Solution?

The only work around I could do was to create the following attribute
and work via ADUC with the unix extension on it

Just create the following:
1. 'CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=local' as
objectClass: top; container;
2. CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=local,DC=local;
as  objectClass: top; container;
3. CN=domain,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=boxit,DC=local'
as objectClass: top; msSFU30DomainInfo;  and add to the object this:

	1> msSFU30OrderNumber: 10000;
	1> msSFU30MasterServerName: DC;
	1> msSFU30MaxGidNumber: 10000;
	1> msSFU30MaxUidNumber: 10000;
	
I add this using ADSI and manage to create a Posix Users but from cli
or ldap utility I also get access volition.

Andrew, Are the patches brendan  do the trick?


10x
Sassy

.




On Wed, Dec 9, 2009 at 4:11 AM, brendan powers <brendan0powers at gmail.com> wrote:
> Oops! the previous message was supposed to go directly to Andrew
> Bartlett. I would not recommend applying these patches, as it breaks
> provisioning. He asked me to send him the patches so he can help me
> figure out why.
>
> These patches are intended to fix the improper handling of auxiliary
> classes in objectclass.c. The two major changes include reimplementing
> objectclass_sort to just sort the classes  by there subClass_order. As
> well as using get_last_structural_class to find the class to do the
> checks on, instead of the last class in the list. Other changes
> include moving get_last_structural_class from descriptor.c to util.c,
> and modifying it to ignore auxiliary classes. The check in
> password_hash.c was because I tried to create a user that had a
> posixAccount, but no user class. This caused a segfault because
> io->u.sAMAccountName would be null.
>
> Sorry for the confusion!
>
> On Tue, Dec 8, 2009 at 4:54 PM, Matthias Dieter Wallnöfer <mdw at samba.org> wrote:
>> Hi Brendan,
>>
>> the first thing I suggest is to set the author name and email address on
>> your local GIT installation (should be doable through ".gitconfig" in your
>> home directory). Otherwise "git-am" formatted patches are nearly useless for
>> us.
>>
>> Then I notice different patches in your attachments which don't fully
>> coincide with the email subject ("objectclass" stuff). Therefore it would be
>> really helpful for us that you mention your thoughts and reasons about each
>> patch in a email (e.g. the "password_hash" module change - why is the check
>> for "sAMAccountName" really needed?).
>>
>> When you are done with this we can start serious discussions about what to
>> apply.
>>
>> Greets,
>> Matthias
>>
>> brendan powers wrote:
>>>
>>> Here are the patches we discussed.
>>>
>>
>>
>

More information about the samba-technical mailing list