Failed to add user with samba-tool with 'ascii' decode error

Benjamin Bohard bbohard at
Mon Apr 3 14:27:01 UTC 2017


I am reviewing a bash script wrapping some samba-tool command for
automation purpose [1].

I ran into a decode error and traced it back to a recent modification :

-            pw = unicode('"' + password + '"', 'utf-8').encode('utf-16-le')
+            pw = unicode('"' + password.encode('utf-8') + '"',

The error I ran into is triggered by passing an utf-8 encoded password
to "samba-tool user create" with non-ascii characters.

As far as I understand this, password.encode('utf-8') acts on a str
object and python first attempts to decode it to unicode from ascii
(default codec) before encoding it to utf-8.

As I use samba in a well-known context, I fixed this problem momentarily
by decoding "password" to unicode from utf-8 (codec used in my context)
before it is passed to samdb newuser function :

diff --git a/python/samba/netcmd/ b/python/samba/netcmd/
index fbb98a1..86c51fd 100644
--- a/python/samba/netcmd/
+++ b/python/samba/netcmd/
@@ -306,6 +306,7 @@ Example5 shows how to create an RFC2307/NIS domain
enabled user account. If
             if not password == passwordverify:
                 password = None
                 self.outf.write("Sorry, passwords do not match.\n")
+        password = password.decode('utf-8')
         if rfc2307_from_nss:
                 pwent = pwd.getpwnam(username)

I know how difficult it is to foresee what encoding is used on input. So
I am not sure there is a global solution for this problem.

Best regards

[1] this script is part of EOLE metadistribution

Benjamin Bohard

Cadoles (
Experts EOLE, Envole et logiciels libres

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list