[Samba] SAMBA 3.0.0 PDC + LDAP - Adding Computer Account

critter at rmci.net critter at rmci.net
Sun Nov 16 20:58:29 GMT 2003


Hello all,

I'm having an issue with adding machine accounts to a Samba 3.0.0 PDC with
an LDAP passwd db backend.  This is on a RedHat 9 with an rpm I compiled
from the 3.0.0 release. I have configured samba to where it is using LDAP
and able to add user accounts and group mappings to LDAP, but when I try
to add a computer account using smbpasswd -a -m data it is not able to add
the account.  I ran it with the debug option and here is what I get:

(pts/2)[root at impact samba]# smbpasswd -a -m data -D 10
Netbios name list:-
my_netbios_names[0]="IMPACT"
Trying to load: ldapsam:ldap://127.0.0.1
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1
(ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MATRIX))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=MATRIX))]
smbldap_open_connection: ldap://127.0.0.1
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://127.0.0.1 as "cn=Samba
Admin,ou=People,dc=firerun,dc=net"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://127.0.0.1 has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching
for:[(&(uid=data$)(objectclass=sambaSamAccount))]
ldapsam_getsampwnam: Unable to locate user [data$] count=0
Finding user data$
Trying _Get_Pwnam(), username as lowercase is data$
Trying _Get_Pwnam(), username as uppercase is DATA$
Checking combinations of 0 uppercase letters in data$
Get_Pwnam_internals didn't find user [data$]!
Failed initialise SAM_ACCOUNT for user data$.
Failed to modify password entry for user data$


My relavent smb.conf options are

#====================== Password Database

# Define the backend to use
passdb backend = ldapsam:ldap://127.0.0.1

# Define the DN that will be used to bind to the ldap directory
# must have write access to lmPassword and ntPassword attributes
# use smbpasswd -w secret to store password
ldap admin dn = "cn=Samba Admin,ou=People,dc=firerun,dc=net"

# Should ssl be used to connect to ldap server
# (off, start tls, on) default = on
ldap ssl = off

# smbpasswd -x delete the entire dn-entry
ldap delete dn = no

# The machine and user suffix added to the base suffix
# wrote WITHOUT quotes.  NULL suffixes by default
ldap user suffix = ou=People,dc=fireru,dc=net
ldap group suffix = ou=Group,dc=firerun,dc=net
ldap idmap suffix = ou=Idmap,dc=firerun,dc=net
ldap machine suffix = ou=Computers,dc=firerun,dc=net

# Specify the base DN to use when searching the directory
ldap suffix = "dc=firerun,dc=net"

# Specify the search filter. Generally the default is okay
# ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"

# Should ldap passwords be synced with nt passwords
# (yes, no, only) default = no
ldap passwd sync = no

# Allow adding a computer account to ldap
add machine script = /etc/samba/ldapaddcomp %m$

#======================

As for the user data$ it already exists in the directory as:

# data$, Computers, firerun, net
dn: uid=data$,ou=Computers,dc=firerun,dc=net
uid: data$
cn: Computer Account
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
uidNumber: 1007
gidNumber: 1003
homeDirectory: /dev/null
gecos: Computer Account
loginShell: /sbin/nologin
description: Computer Account
shadowLastChange: 12372
shadowMin: 0
shadowMax: 99999
shadowWarning: 7

when I do a getent passwd the computer account data$ shows up in the
listing so by all accounts the account exists. As for LDAP ACL the Samba
admin has write access to the Computer ou in the Directory so it should be
able to update the information.  I did find out that in the ldap log it
has:

Nov 16 13:32:42 impact slapd[10664]: conn=9 op=1 SRCH
base="ou=People,dc=firerun,dc=net" scope=1
filter="(&(objectClass=posixAccount)(uid=DATA$))"

So it appears that it might be searching the wrong ou for the account
information.  Does anyone have any ideas what is happening or why I am
unable to add machine accounts?

Thank you in advance.
Patrick Gunerud





More information about the samba mailing list