[Samba] Adding new users with smbpasswd and ldapsam
Anton Hattendorf
anton at hattendoerfer.de
Wed Aug 18 11:32:46 GMT 2004
Hello
I'm trying to add new Samba users to my LDAP using smbpasswd but this
happens:
---------------------------------------------------------------------
s02:/etc/samba# smbpasswd -D 256 -a tester44a
Netbios name list:-
my_netbios_names[0]="S02"
Trying to load: ldapsam:ldap://localhost
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://localhost
(ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BGL))]
smbldap_search: base => [o=bgl,c=de], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=BGL))], scope => [2]
smbldap_open_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as
"cn=admin,o=bgl,c=de"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://localhost has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
New SMB password:
Retype new SMB password:
smbldap_search: base => [o=bgl,c=de], filter =>
[(&(uid=tester44a)(objectclass=sambaSamAccount))], scope => [2]
smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [tester44a] count=0
Finding user tester44a
Trying _Get_Pwnam(), username as lowercase is tester44a
Trying _Get_Pwnam(), username as uppercase is TESTER44A
Checking combinations of 0 uppercase letters in tester44a
Get_Pwnam_internals didn't find user [tester44a]!
Failed to initialise SAM_ACCOUNT for user tester44a.
Failed to modify password entry for user tester44a
---------------------------------------------------------------------
Why does Samba seach for an Object with objectclass=sambaSamAccount?
I want to create this user and not moify an existing user, so smbpasswd
should search for just (uid=tester44a).
A posixUser for the new user already exists:
---------------------------------------------------------------------
s02:/etc/samba# ldapsearch -x uid=tester44a
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: uid=tester44a
# requesting: ALL
#
# tester44a, jg44, schueler, user, bgl, de
dn: uid=tester44a,ou=jg44,ou=schueler,ou=user,o=bgl,c=de
cn: tester44a
sn: tester44a
uid: tester44a
uidNumber: 10045
gidNumber: 100
homeDirectory: /home/schueler/44/tester44a
description: tester44a
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
---------------------------------------------------------------------
Has someone an Idea?
Thanks in advance
Anton
P.S.:
Here is the LDAP-Part of my smb.conf:
---------------------------------------------------------------------
# LDAP configuration
# define the DN to use when binding to the directory servers
# The password for this DN is not stored in smb.conf. Rather it
# must be set by using 'smbpasswd -w secretpw' to store the
# passphrase in the secrets.tdb file. If the "ldap admin dn" values
# change, this password will need to be reset.
ldap admin dn = "cn=admin,o=bgl,c=de"
# Define the SSL option when connecting to the directory
# ('off', 'start tls', or 'on' (default))
ldap ssl = off
# syntax: passdb backend = ldapsam:ldap://server-name[:port]
passdb backend = ldapsam:ldap://localhost
# smbpasswd -x delete the entire dn-entry
ldap delete dn = no
# the machine and user suffix added to the base suffix
# wrote WITHOUT quotes. NULL suffixes by default
ldap user suffix = ou=user
ldap group suffix = ou=groups
; ldap machine suffix = ou=machines
# Trust UNIX account information in LDAP
# (see the smb.conf man page for details)
# specify the base DN to use when searching the
# directory
ldap suffix = o=bgl,c=de
# generally the default ldap search filter is ok
ldap filter = (uid=%u)
---------------------------------------------------------------------
The configuration should work because samba was able to insert the
sambaDomainName to the LDAP.
More information about the samba
mailing list