[Samba] smbpasswd - Samba and LDAP

Patrick Shinpaugh shpatric at vt.edu
Thu Apr 29 21:29:30 GMT 2004

I've implemented an LDAPv2 server with samba support but find that
smbpasswd does not work as expected. I am using berkeley db-4.1.25_p1,
openldap-2.1.26, and samba-3.0.2a. Anybody have any clue why I get the
following error when attempting to add samba support for a user
(specifically a DB_KEYEXIST error).

I get the following output (excerpt) from smbpasswd:

ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: shpatric
smbldap_add: dn => [uid=shpatric,ou=People,dc=sv,dc=vt,dc=edu]
ldapsam_modify_entry: Failed to add user dn=
uid=shpatric,ou=People,dc=sv,dc=vt,dc=edu with: Already exists

ldapsam_add_sam_account: failed to modify/add user with uid = shpatric
(dn = uid=shpatric,ou=People,dc=sv,dc=vt,dc=edu)
Failed to add entry for user shpatric.
Failed to modify password entry for user shpatric

I get a DB_KEYEXIST error (excerpt) from slapd.log:

=> access_allowed: write access to
"uid=shpatric,ou=People,dc=sv,dc=vt,dc=edu" "entry" requested
=> acl_get: [1] check attr entry
<= acl_get: [1] acl uid=shpatric,ou=People,dc=sv,dc=vt,dc=edu attr:
=> acl_mask: access to entry
"uid=shpatric,ou=People,dc=sv,dc=vt,dc=edu", attr "entry" requested
=> acl_mask: to all values by
"cn=smbadmin,ou=people,dc=sv,dc=vt,dc=edu", (=n)
<= check a_dn_pat: *
<= acl_mask: [1] applying write(=wrscx) (stop)
<= acl_mask: [1] mask: write(=wrscx)
=> access_allowed: write access granted by write(=wrscx)
=> bdb_dn2id_add( "uid=shpatric,ou=people,dc=sv,dc=vt,dc=edu",
0x00000016 )
=> bdb_dn2id_add: put failed: DB_KEYEXIST: Key/data pair already exists
<= bdb_dn2id_add: -30997
bdb_add: dn2id_add failed: DB_KEYEXIST: Key/data pair already exists
send_ldap_result: conn=46 op=8 p=3
send_ldap_result: err=68 matched="" text=""

#ldapsearch output
dn: uid=shpatric,ou=People,dc=sv,dc=vt,dc=edu
objectClass: inetOrgPerson
objectClass: posixAccount
sn: Shinpaugh
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
mail: shpatric at vt.edu
uid: shpatric
gecos: Patrick Shinpaugh
cn: Patrick Shinpaugh
homeDirectory: /home/shpatric

        netbios name            =       ok
        workgroup               =       VELAB
        security                =       user
        encrypt passwords       =       yes

        ldap admin dn           =      
        ldap ssl                =       off
        ldap suffix             =       dc=domain,dc=edu
        ldap user suffix        =       ou=People
        ldap group suffix       =       ou=Groups
        ldap machine suffix     =       ou=Hosts
        ldap filter             =      
        passdb backend          =       ldapsam:ldap://ok.domain.edu

        ldap passwd sync        =       no

        path                    =       /export/home
        read only               =       no

Any help or suggestions are greatly appreciated.

Patrick Shinpaugh
Virginia Tech
UVAG System Administrator/Programmer

More information about the samba mailing list