smbldap-useradd and usrmgr.exe
Frédéric Soumaré
frederic.soumare at gmail.com
Mon Jun 8 11:34:13 GMT 2009
I have got a Red Hat EL5 running Samba smbd version 3.0.33-3.7.el5
I have set it up as a Samba LDAP PDC for my domain MYDOMAIN
I setup a WinXP box and had it join the domain
I login in WinXP to the domain as the domain administrator
I want to use srvtools on the WinXP box (usrmgr.exe, srvmgr.exe) to add
users and machines to the domain.
On the smdb server I can add manage users and machines without a problem
using smbldap-tools.
However, when I try to add a new user to the domain using usrmgr.exe I get
the following error message :
"A device attached to the system is not functioning"
On the server side, the smbd.log shows :
passdb/pdb_ldap.c:ldapsam_create_user(4824)
ldapsam_create_user: Unable to allocate a new user id: bailing out!
Oddly enough I can delete existing users, modify their password etc. from
usrmgr.exe, so only adding users generate an error.
I look forward to reading your answers,
Frederic
Here is the [global] part of my smb.conf
[global]
server string = Samba Server Version %v
netbios name = chongqing
domain master = Yes
preferred master = Yes
wins support = Yes
domain logons = Yes
encrypt passwords = yes
workgroup = MYDOMAIN
os level = 35
security=user
create mask = 0664
directory mask = 02775
cups options = raw
passdb backend = ldapsam:ldap://localhost
ldap ssl = no
ldap idmap suffix = ou=People
ldap passwd sync = Yes
ldap admin dn = cn=ldap_admin,dc=mydomain,dc=com
ldap user suffix = ou=People
ldap machine suffix = ou=machines
ldap group suffix = ou=Group
ldap suffix = dc=mydomain,dc=com
ldapsam:trusted=yes
ldapsam:editposix=yes
idmap uid = 10000-20000
idmap gid = 10000-20000
logon home = \\%L\%U
logon drive = U:
logon path = \\%L\profiles\%U
logon script = scripts\logon.bat
add user script = /usr/sbin/smbldap-useradd -m -a '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add machine script = /usr/sbin/smbldap-useradd -W '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
client ntlmv2 auth = yes
enable privileges = yes
inherit acls = yes
inherit permissions = yes
map acl inherit = yes
nt acl support = Yes
More information about the samba-technical
mailing list