[Samba] samba_3_0+ldapsam_nua: creating machine trust accounts fails

Dariush Forouher dariush at forouher.de
Sun Apr 6 16:18:18 GMT 2003


with current SAMBA_3_0 I'm unable to create new Machine Trust Accounts
with ldapsam_nua. A rough test indicates that ldapsam works.

If I put 'rid' in samba.schema from MUST into MAY, samba creates an ldap
entry, but with empty 'rid' and 'primaryGroupID' attributes.


# smbpasswd -D5 -a -m test2$
Netbios name list:-
Trying to load: ldapsam_nua:ldap://localhost
Attempting to find an passdb backend to match ldapsam_nua:ldap://localhost (ldapsam_nua)
Found pdb backend ldapsam_nua (at pos 5)
pdb backend ldapsam_nua:ldap://localhost has a valid init
ldapsam_search_one_user: searching for:[(&(uid=test2$)(objectclass=sambaAccount))]
ldapsam_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
We don't find this user [test2$] count=0
ldapsam_search_one_user: searching for:[(&(uid=test2$)(objectclass=sambaAccount))]
ldapsam_open: allready connected to the LDAP server
ldapsam_search_one_user: searching for:[uid=test2$]
ldapsam_open: allready connected to the LDAP server
Adding new user
Setting entry for user: test2$
ldapsam_get_next_available_nua_rid: searching for:[(&(uid=*)(objectclass=sambaAccount))]
ldapsam_open: allready connected to the LDAP server
search_top_nua_rid: 857 entries in the base!
Entry found for user: xyz  # repeated for every user&machine in ldap
ldapsam_search_one_user: searching for:[rid=18972]
ldapsam_open: allready connected to the LDAP server
NUA RID 18972 (0x4a1c), declared valid
ldapsam_open: allready connected to the LDAP server
failed to add user dn= uid=test2$,ou=Machines,dc=brgs,dc=org with: Object class violation
	object class 'sambaAccount' requires attribute 'rid'
failed to modify/add user with uid = test2$ (dn = uid=test2$,ou=Machines,dc=brgs,dc=org)
Failed to add entry for user test2$.
Failed to modify password entry for user test2$

	workgroup = BRGS
	netbios name = palomar
	server string = PDC (samba %v)
	encrypt passwords = true
	security = user
	log level = 2
	syslog = 0
	max log size = 200000
	unix charset = CP850
	logon path = \\palomar\profiles\%U
	logon script = sonstige.bat
	logon drive = h:
	logon home = \\palomar\%U
	domain logons = Yes
	os level = 32
	preferred master = yes
	domain master = yes
	local master = yes
	wins support = yes

	passdb backend = ldapsam_nua:ldap://localhost
	ldap ssl = no
	ldap admin dn = cn=root,dc=brgs,dc=org
	ldap suffix = dc=brgs,dc=org
	ldap user suffix = ou=People
	ldap machine suffix = ou=Machines
	non unix account range = 8000-8999

	browseable = no
	writeable = yes

	path = /netlogon
	read only = no
	locking = No

More information about the samba mailing list