smbldap-useradd and usrmgr.exe

Frédéric Soumaré frederic.soumare at gmail.com
Mon Jun 8 11:34:13 GMT 2009 

I have got a Red Hat EL5 running Samba smbd version 3.0.33-3.7.el5
I have set it up as a Samba LDAP PDC for my domain MYDOMAIN
I setup a WinXP box and had it join the domain

I login in WinXP to the domain as the domain administrator

I want to use srvtools on the WinXP box (usrmgr.exe, srvmgr.exe) to add
users and machines to the domain.

On the smdb server I can add manage users and machines without a problem
using smbldap-tools.

However, when I try to add a new user to the domain using usrmgr.exe I get
the following error message :

    "A device attached to the system is not functioning"

On the server side, the smbd.log shows :

    passdb/pdb_ldap.c:ldapsam_create_user(4824)
    ldapsam_create_user: Unable to allocate a new user id: bailing out!

Oddly enough I can delete existing users, modify their password etc. from
usrmgr.exe, so only adding users generate an error.

I look forward to reading your answers,

Frederic

Here is the [global] part of my smb.conf

[global]
    server string = Samba Server Version %v
    netbios name = chongqing
    domain master = Yes
    preferred master = Yes
    wins support = Yes
    domain logons = Yes
    encrypt passwords = yes
    workgroup = MYDOMAIN
    os level = 35
    security=user
    create mask = 0664
    directory mask = 02775
    cups options = raw

    passdb backend = ldapsam:ldap://localhost
    ldap ssl = no
    ldap idmap suffix = ou=People
    ldap passwd sync = Yes
    ldap admin dn = cn=ldap_admin,dc=mydomain,dc=com
    ldap user suffix = ou=People
    ldap machine suffix = ou=machines
    ldap group suffix = ou=Group
    ldap suffix = dc=mydomain,dc=com
    ldapsam:trusted=yes
    ldapsam:editposix=yes

    idmap uid = 10000-20000
    idmap gid = 10000-20000
    logon home = \\%L\%U
    logon drive = U:
    logon path = \\%L\profiles\%U
    logon script = scripts\logon.bat

    add user script = /usr/sbin/smbldap-useradd -m -a '%u'
    delete user script = /usr/sbin/smbldap-userdel %u
    add machine script = /usr/sbin/smbldap-useradd -W '%u'
    add group script = /usr/sbin/smbldap-groupadd -p '%g'
    delete group script = /usr/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

    client ntlmv2 auth = yes
    enable privileges = yes

    inherit acls = yes
    inherit permissions = yes
    map acl inherit = yes
    nt acl support = Yes

More information about the samba-technical mailing list