[Samba] Help: Samba 3.0alpha23 using ldapsam cause "The tag is invalid."

Tang tang at inesc-macau.org.mo
Fri Apr 11 05:08:32 GMT 2003


Fantastic! Thanks a lot!

The "tag is invalid" error message is gone after using
    passdb backend = guest ldapsam

Actually what is the guest passdb for?

However, the user groups still cannot be displayed on NT4 even tdbsam is 
used.
Please help if anything is missing or wrong!

/etc/passwd:
administrator:x:1004:100::/home/administrator:/bin/bash

/etc/group:
domadmins:x:201:administrator
domusers:x:202:
domguests:x:203:
smbsysops:x:204:
smbreps:x:205:
smbpusers:x:206:
smbprnops:x:207:
smbadmins:x:208:administrator
smbaccops:x:209:
smbbakops:x:210:
smbusers:x:211:
smbguests:x:212:

collie:/# pdbedit -a -u administrator
new password:
retype new password:
Unix username:        administrator
NT username:
Account Flags:        [U          ]
User ID/Group ID:     1004/100
User SID:             S-1-5-21-4213738521-2473470905-170453680-3008
Primary Group SID:    S-1-5-21-4213738521-2473470905-170453680-1201
Full Name:
Home Directory:
HomeDir Drive:
Logon Script:
Profile Path:
Domain:               UNIVERSE
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Sat, 14 Dec 1901 04:45:51 GMT
Kickoff time:         Sat, 14 Dec 1901 04:45:51 GMT
Password last set:    Fri, 11 Apr 2003 19:45:29 GMT
Password can change:  Fri, 11 Apr 2003 19:45:29 GMT
Password must change: Fri, 02 May 2003 19:45:29 GMT

collie:/# smbgroupedit -v
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> smbsysops
Replicators (S-1-5-32-552) -> smbreps
Guests (S-1-5-32-546) -> smbguests
Power Users (S-1-5-32-547) -> smbpusers
Domain Admins (S-1-5-21-4213738521-2473470905-170453680-512) -> domadmins
Domain Guests (S-1-5-21-4213738521-2473470905-170453680-514) -> domguests
Domain Users (S-1-5-21-4213738521-2473470905-170453680-513) -> domusers
Print Operators (S-1-5-32-550) -> smbprnops
Administrators (S-1-5-32-544) -> smbadmins
Account Operators (S-1-5-32-548) -> smbaccops
Backup Operators (S-1-5-32-551) -> smbbakops
Users (S-1-5-32-545) -> smbusers

collie:/# pdbedit -l
administrator:1004:
uucp:10:uucp
sync:4:sync
irc:39:ircd
list:38:SmartList
identd:100:
operator:37:Operator
sys:3:sys
telnetd:102:
abc:1001:System User
backup:34:backup
gnats:41:Gnats Bug-Reporting System (admin)
lp:7:lp
man:6:man
sshd:101:
daemon:1:daemon
sysadmin:1000:Admin
mail:8:mail
bin:2:bin
postgres:31:postgres
smmsp:103:Mail Submission Program,,,
news:9:news
root:0:root
www-data:33:www-data
proxy:13:proxy
swan_junior$:1003:
nobody:65534:nobody
games:5:games


Another problem I don't understand. If the account uses 208 as its 
primay group, it produces the following error:

/etc/passwd:
administrator:x:1004:208::/home/administrator:/bin/bash

collie:/# pdbedit -a -u administrator
new password:
retype new password:
tdb_update_sam: Failing to store a SAM_ACCOUNT for [administrator] 
without a primary group RID
Unable to add user! (does it alredy exist?)

Thanks in advance!
tang.



John H Terpstra wrote:

>On Thu, 10 Apr 2003, Tang wrote:
>
>  
>
>>Hi, please help in the scenario of using Samba 3.0alhpa23 + OpenLDAP as PDC.
>>After joining an NT workstation to the samba domain, using the Windows User
>>Manager for Domain to browse the domain causes "The tag is invalid." error
>>message.
>>
>>Part of smb.conf is as the following:
>>
>>[global]
>>         passdb backend = ldapsam
>>         time server = Yes
>>         logon path =
>>         logon home =
>>         domain logons = Yes
>>         os level = 64
>>         preferred master = Yes
>>         domain master = Yes
>>         dns proxy = No
>>         wins support = Yes
>>
>>If the "passdb backed" is changed to tdbsam, it is ok! But do not see any
>>user groups list on the User Manager, even the groups are mapped using
>>smbgroupedit. Why?
>>    
>>
>
>It is now working in the current CVS brancch for 3.0.0. Please understand
>tha this area is still being worked on. Suggest you download the latest
>CVS code.
>
>Also, to get groups to appear in NT4/2K you need to use smbgroupedit to
>connect every SAM group to a unique Unix group.
>
>For now, recommend you use:
>	passdb backend = ldapsam guest
>
>It also works with:
>	passdb backend = tdbsam_nua guest
>
>  
>
>>Samba is running on Debian/Linux Woody with kernel 2.2.20.
>>
>>Anyone experience similar problems? Helps and comments are appreciated!
>>    
>>
>
>Yes, I had the same problem.
>
>- John T.
>  
>



More information about the samba mailing list