unable to add new user via samba-tool newuser with OpenLDAP back end

Joe Comeaux joe.comeaux at gmail.com
Thu Dec 9 10:08:41 MST 2010


I have Samba4 and OpenLDAP set up from latest CVS branch, going
basically by the
http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP
instructions.
Everything seems to be compiling / installing correctly. OpenLDAP
runs, back end gets created, samba runs, I can even join a windows
computer ( XP & windows 7 ) to the smb domain.
When attempting to add a new user to the directory, I get the following :

root at voss:~# /usr/local/samba/bin/samba-tool newuser fhudson Frank12#$
schema_load_init: no schema head present: (skip schema loading)

module schema_load initialization failed : No such object
module operational initialization failed : No such object
module aclread initialization failed : No such object
module acl initialization failed : No such object
module descriptor initialization failed : No such object
module objectclass initialization failed : No such object
module asq initialization failed : No such object
module server_sort initialization failed : No such object
module paged_results initialization failed : No such object
module rootdse initialization failed : No such object
module samba_dsdb initialization failed : No such object
Unable to load modules for /usr/local/samba/private/sam.ldb: (null)
ERROR(ldb): Failed to create user "fhudson" - None
root at voss:~# ls -l /usr/local/samba/modules/ldb

Are the samba-tool, etc binaries not supposed to be used with an
openldap back end?

I do get an error when samba loads when it hits the samba_dnsupdate section :
Completed SPN update check OK
/usr/local/samba/sbin/samba_dnsupdate: Failed to bind - LDAP error 49
LDAP_INVALID_CREDENTIALS -  <SASL(-13): user not found: no secret in
database> <>
/usr/local/samba/sbin/samba_dnsupdate: Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi' with backend
'ldapi'
/usr/local/samba/sbin/samba_dnsupdate: module partition initialization
failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module show_deleted
initialization failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module extended_dn_out_openldap
initialization failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module schema_load
initialization failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module operational
initialization failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module aclread initialization
failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module acl initialization
failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module descriptor
initialization failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module objectclass
initialization failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module asq initialization
failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module server_sort
initialization failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module paged_results
initialization failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module rootdse initialization
failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: module samba_dsdb
initialization failed : Operations error
/usr/local/samba/sbin/samba_dnsupdate: Unable to load modules for
/usr/local/samba/private/sam.ldb: (null)
/usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/sbin/samba_dnsupdate", line 367, in <module>
/usr/local/samba/sbin/samba_dnsupdate:     sub_vars = get_subst_vars()
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/sbin/samba_dnsupdate", line 214, in get_subst_vars
/usr/local/samba/sbin/samba_dnsupdate:     lp=lp)
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/lib/python2.6/site-packages/samba/samdb.py", line
53, in __init__
/usr/local/samba/sbin/samba_dnsupdate:     options=options)
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/lib/python2.6/site-packages/samba/__init__.py", line
110, in __init__
/usr/local/samba/sbin/samba_dnsupdate:     self.connect(url, flags, options)
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/lib/python2.6/site-packages/samba/samdb.py", line
66, in connect
/usr/local/samba/sbin/samba_dnsupdate:     options=options)
/usr/local/samba/sbin/samba_dnsupdate: _ldb.LdbError: (80, None)
Child /usr/local/samba/sbin/samba_dnsupdate exited with status 1 -
Operation not permitted
../dsdb/dns/dns_update.c:250: Failed DNS update - NT_STATUS_ACCESS_DENIED

This causes a python segfault ( or maybe vice versa ) in kern.log
Dec  9 10:49:32 voss kernel: [ 1278.894962] python[2070]: segfault at
0 ip 0031c770 sp bfce0ff8 error 4 in libc-2.12.1.so[2a8000+157000]

I also have a question about where Kerberos fits in to the puzzle. I
was assuming that with the authentication being done with LDAP that
Kerberos didnt need to be set up. But, when creating a new user via
ADUC it seems to get half way through creation, but then errors out
with a handfull of Kerberos messages.
My end goal here is to be able to use Active Directory Users and
Computers as a front end against and OpenLDAP back end ( working
towards a single sign on solution in an environment that already uses
OpenLDAP for user authentication for half their systems ).

Thanks
-Joe Comeaux


More information about the samba-technical mailing list