[Samba] smbpasswd complains about LDAP: "Object class violation"

Chris St. Pierre stpierre at NebrWesleyan.edu
Fri Aug 27 15:50:32 GMT 2004 

Here's more info for anyone who's interested:

Quite the opposite of what I expected, smbldap-useradd.pl is not using
sambaAccount as the structural objectClass; it's not using it *at
all*.  Here's a sample:

-----------------------------
# ldapsearch -LLL -b "ou=machines,o=nebrwesleyan.edu,o=isp" "uid=guinea*"
dn: uid=guinea-pig$,ou=Machines,o=NebrWesleyan.edu,o=isp
objectClass: top
objectClass: posixAccount
cn: guinea-pig$
uid: guinea-pig$
uidNumber: 1001
gidNumber: 1
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
-----------------------------

Adding the sambaAccount objectClass manually helped, actually; now I
get this:

-----------------------------
# ./smbpasswd -a -m guinea-pig$
ldap_connect_system: Binding to ldap server as "cn=directory manager"
ldap_connect_system: Binding to ldap server as "cn=directory manager"
failed to modify user with uid = guinea-pig$ with: Object class
violation

Password changed for user guinea-pig$.
Failed to modify entry for user guinea-pig$.
Failed to modify password entry for user guinea-pig$
-----------------------------

Again, though, setting the debug level to 10 doesn't help much.  And
again, there's still an object class violation.  Anyone have any ideas
what this one might be?  Thanks.

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
402.465.7549


On Thu, 26 Aug 2004, Chris St. Pierre wrote:

>I'm trying to get Samba on a Mac OS X box running as a PDC with an
>LDAP backend.  I've read through all of the major walkthroughs I can
>find, and we've actually already got it running very nicely as a file
>server; people are currently authenticating against a different PDC
>and then mapping drives from the Samba box in question.
>
>However, I'd like it to be the PDC eventually, but I'm running up
>against a problem.  It is my understanding that the machine trust
>accounts need to be added with smbpasswd (or an LDAP workaround such
>as the smbldap-useradd.pl that comes with samba), but smbpasswd
>fails with the following error:
>
>--------------------------------
># ./smbpasswd -a -m guinea-pig$
>ldap_connect_system: Binding to ldap server as "cn=directory manager"
>LDAP search "(&(uid=guinea-pig_)(objectclass=sambaAccount))" returned
>0 entries.
>ldap_connect_system: Binding to ldap server as "cn=directory manager"
>failed to modify user with uid = guinea-pig$ with: Object class
>violation
>
>Failed to add entry for user guinea-pig$.
>Failed to modify password entry for user guinea-pig$
>--------------------------------
>
>The best thing I could find on the web was this:
>http://lists.samba.org/archive/samba/2003-February/062371.html, which
>only suggests upping my debug level.  Doing so provides no better
>info, though:
>
>--------------------------------
>./smbpasswd -D 10 -a -m guinea-pig$
>[snip]
>Initializing connection to newman.nebrwesleyan.edu on port 389
>ldap_open_connection: connection opened
>ldap_connect_system: Binding to ldap server as "cn=directory manager"
>ldap_connect_system: succesful connection to the LDAP server
>ldap_search_one_user: searching
>for:[(&(uid=guinea-pig$)(objectclass=sambaAccount))]
>ldap_search_one_user: searching for:[uid=guinea-pig$]
>User exists without samba properties: adding them
>Setting entry for user: guinea-pig$
>failed to modify user with uid = guinea-pig$ with: Object class
>violation
>
>Failed to add entry for user guinea-pig$.
>Failed to modify password entry for user guinea-pig$
>--------------------------------
>
>If that thread I linked to is correct, then smbpasswd is trying to add
>the machine user guinea-pig$ with the structural objectClass
>"sambaAccount" -- which is bogus.  If that's the case, is there a fix
>that doesn't involve hacking smbpasswd?  Or, if that's not the case,
>what is and how do I fix it?  Thanks for your help!
>
>Chris St. Pierre
>Unix Systems Administrator
>Nebraska Wesleyan University
>402.465.7549
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list